Skip to content

Commit

Permalink
[Detection Engine] update lists API (#4067)
Browse files Browse the repository at this point in the history
* update lists API

* fix typo

* updates

* more changes

* updates

* remove /index mention

* CR

* Update lists-index-api-overview.asciidoc

---------

Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: natasha-moore-elastic <[email protected]>
  • Loading branch information
3 people authored Nov 3, 2023
1 parent 6797d0c commit 7db2b5b
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 23 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ entities:
image::images/exceptions-logic.png[]

IMPORTANT: Before you can create exceptions, you must create `.lists` and
`.items` indices for the {kib} space (see <<lists-index-api-overview>>).
`.items` data streams for the {kib} space (see <<lists-index-api-overview>>).

[float]
=== Kibana role requirements
Expand All @@ -47,7 +47,7 @@ To create list containers and items, the user role for the {kib} space must
have:

* `read` and `write` index privileges for the
`.lists` and `.items` indices (the system index used for storing exception lists).
`.lists` and `.items` data streams (the system data stream used for storing exception lists).
* {kib} space `All` privileges for the `Security` and `Saved Objects Management`
features (see
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).
Expand Down
30 changes: 15 additions & 15 deletions docs/detections/api/exceptions/lists-index-api-overview.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@
=== Lists index endpoint

Before using exceptions and lists, use the `index` endpoint to create `.lists`
and `.items` system indices in the relevant
and `.items` system data streams in the relevant
{kibana-ref}/xpack-spaces.html[{kib} space].

For information about the permissions and privileges required to create
`.lists` and `.items` indices, see <<enable-detections-ui>>.
`.lists` and `.items` data streams, see <<enable-detections-ui>>.

[discrete]
=== Create index
=== Create data stream

Creates `.lists` and `.items` indices. The indices naming convention is
Creates `.lists` and `.items` data streams. The data streams naming convention is
`.lists-<space name>` and `.items-<space name>`.

[discrete]
Expand All @@ -22,7 +22,7 @@ Creates `.lists` and `.items` indices. The indices naming convention is
[discrete]
===== Example request

Creates `.lists` and `.items` indices.
Creates `.lists` and `.items` data streams.

[source,console]
--------------------------------------------------
Expand All @@ -37,9 +37,9 @@ POST api/lists/index
Indicates a successful call.

[discrete]
=== Get index
=== Get data stream

Verifies `.lists` and `.items` indices exist.
Verifies `.lists` and `.items` data streams exist.

[discrete]
==== Request URL
Expand All @@ -49,7 +49,7 @@ Verifies `.lists` and `.items` indices exist.
[discrete]
===== Example request

Verifies the `lists` index for the {kib} `security` exists:
Verifies the `lists` data stream for the {kib} `security` exists:

[source,console]
--------------------------------------------------
Expand All @@ -63,12 +63,12 @@ GET api/lists/index
`200`::
Indicates a successful call.
`404`::
Indicates no index exists.
Indicates no data stream exists.

[discrete]
===== Example responses

Example response when the indices exist:
Example response when the data streams exist:

[source,json]
--------------------------------------------------
Expand All @@ -78,20 +78,20 @@ Example response when the indices exist:
}
--------------------------------------------------

Example response when the indices do not exist:
Example response when the data streams do not exist:

[source,json]
--------------------------------------------------
{
"message": "index .lists-default and index .items-default does not exist",
"message": "data stream .lists-default and data stream .items-default does not exist",
"status_code": 404
}
--------------------------------------------------

[discrete]
=== Delete index
=== Delete data streams

Deletes the `.lists` and `.items` indices.
Deletes the `.lists` and `.items` data streams.

[discrete]
==== Request URL
Expand All @@ -101,7 +101,7 @@ Deletes the `.lists` and `.items` indices.
[discrete]
===== Example request

Deletes the `.lists` and `.items` indices:
Deletes the `.lists` and `.items` data streams:

[source, js]
--------------------------------------------------
Expand Down
4 changes: 2 additions & 2 deletions docs/detections/api/lists/lists-api-overview.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ operator and associate it with an <<exceptions-api-create-container, exception c
You can then add the exception container to a rule's `exceptions_list` object.

IMPORTANT: Before you can create lists, you must create `.lists` and `.items`
indices for the {kib} space (see <<lists-index-api-overview>>).
data streams for the {kib} space (see <<lists-index-api-overview>>).

[float]
=== Kibana role requirements
Expand All @@ -64,7 +64,7 @@ To create list containers and items, the user role for the {kib} space must
have:

* `read` and `write` index privileges for the
`.lists` and `.items` indices (the system index used for storing exception lists).
`.lists` and `.items` data streams (the system data stream used for storing exception lists).
* {kib} space `All` privileges for the `Security` and `Saved Objects Management`
features (see
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).
Expand Down
8 changes: 4 additions & 4 deletions docs/getting-started/detections-req.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ named `.alerts-security.alerts-default`. If you're upgrading to 8.0.0 or later,
|Enable the Detections feature in your Kibana space
|The `manage` privilege

a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `<space-id>` is the {kib} space name:
a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:

* `.alerts-security.alerts-<space-id>`
* `.siem-signals-<space-id>` ^1^
Expand All @@ -71,7 +71,7 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t
*NOTE*: To turn on the Detections feature, visit the Detections page for each appropriate Kibana space.

|The `manage` privilege
a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices:
a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams:

* `.alerts-security.alerts-<space-id>`
* `.siem-signals-<space-id>` ^1^
Expand All @@ -96,7 +96,7 @@ a| The `read` privilege for the following indices:

|Manage rules
| N/A
a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `<space-id>` is the {kib} space name:
a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:

* `.alerts-security.alerts-<space-id`
* `.siem-signals-<space-id>`^1^
Expand All @@ -118,7 +118,7 @@ a| {kib} space `All` privileges for the `Security` feature (refer to

**NOTE**: Allows you to manage alerts, but not modify rules.
|N/A
a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `<space-id>` is the {kib} space name:
a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:

* `.alerts-security.alerts-<space-id>`
* `.internal.alerts-security.alerts-<space-id>-*`
Expand Down

0 comments on commit 7db2b5b

Please sign in to comment.