diff --git a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc index 29bb71deb6..478ea06da4 100644 --- a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc +++ b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc @@ -38,7 +38,7 @@ entities: image::images/exceptions-logic.png[] IMPORTANT: Before you can create exceptions, you must create `.lists` and -`.items` indices for the {kib} space (see <>). +`.items` data streams for the {kib} space (see <>). [float] === Kibana role requirements @@ -47,7 +47,7 @@ To create list containers and items, the user role for the {kib} space must have: * `read` and `write` index privileges for the -`.lists` and `.items` indices (the system index used for storing exception lists). +`.lists` and `.items` data streams (the system data stream used for storing exception lists). * {kib} space `All` privileges for the `Security` and `Saved Objects Management` features (see {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]). diff --git a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc index a5840132a8..1bade6bcd9 100644 --- a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc +++ b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc @@ -2,16 +2,16 @@ === Lists index endpoint Before using exceptions and lists, use the `index` endpoint to create `.lists` -and `.items` system indices in the relevant +and `.items` system data streams in the relevant {kibana-ref}/xpack-spaces.html[{kib} space]. For information about the permissions and privileges required to create -`.lists` and `.items` indices, see <>. +`.lists` and `.items` data streams, see <>. [discrete] -=== Create index +=== Create data stream -Creates `.lists` and `.items` indices. The indices naming convention is +Creates `.lists` and `.items` data streams. The data streams naming convention is `.lists-` and `.items-`. [discrete] @@ -22,7 +22,7 @@ Creates `.lists` and `.items` indices. The indices naming convention is [discrete] ===== Example request -Creates `.lists` and `.items` indices. +Creates `.lists` and `.items` data streams. [source,console] -------------------------------------------------- @@ -37,9 +37,9 @@ POST api/lists/index Indicates a successful call. [discrete] -=== Get index +=== Get data stream -Verifies `.lists` and `.items` indices exist. +Verifies `.lists` and `.items` data streams exist. [discrete] ==== Request URL @@ -49,7 +49,7 @@ Verifies `.lists` and `.items` indices exist. [discrete] ===== Example request -Verifies the `lists` index for the {kib} `security` exists: +Verifies the `lists` data stream for the {kib} `security` exists: [source,console] -------------------------------------------------- @@ -63,12 +63,12 @@ GET api/lists/index `200`:: Indicates a successful call. `404`:: - Indicates no index exists. + Indicates no data stream exists. [discrete] ===== Example responses -Example response when the indices exist: +Example response when the data streams exist: [source,json] -------------------------------------------------- @@ -78,20 +78,20 @@ Example response when the indices exist: } -------------------------------------------------- -Example response when the indices do not exist: +Example response when the data streams do not exist: [source,json] -------------------------------------------------- { - "message": "index .lists-default and index .items-default does not exist", + "message": "data stream .lists-default and data stream .items-default does not exist", "status_code": 404 } -------------------------------------------------- [discrete] -=== Delete index +=== Delete data streams -Deletes the `.lists` and `.items` indices. +Deletes the `.lists` and `.items` data streams. [discrete] ==== Request URL @@ -101,7 +101,7 @@ Deletes the `.lists` and `.items` indices. [discrete] ===== Example request -Deletes the `.lists` and `.items` indices: +Deletes the `.lists` and `.items` data streams: [source, js] -------------------------------------------------- diff --git a/docs/detections/api/lists/lists-api-overview.asciidoc b/docs/detections/api/lists/lists-api-overview.asciidoc index c971d8a637..a99e6d571c 100644 --- a/docs/detections/api/lists/lists-api-overview.asciidoc +++ b/docs/detections/api/lists/lists-api-overview.asciidoc @@ -55,7 +55,7 @@ operator and associate it with an <>). +data streams for the {kib} space (see <>). [float] === Kibana role requirements @@ -64,7 +64,7 @@ To create list containers and items, the user role for the {kib} space must have: * `read` and `write` index privileges for the -`.lists` and `.items` indices (the system index used for storing exception lists). +`.lists` and `.items` data streams (the system data stream used for storing exception lists). * {kib} space `All` privileges for the `Security` and `Saved Objects Management` features (see {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]). diff --git a/docs/getting-started/detections-req.asciidoc b/docs/getting-started/detections-req.asciidoc index 9f5358722c..cd23627330 100644 --- a/docs/getting-started/detections-req.asciidoc +++ b/docs/getting-started/detections-req.asciidoc @@ -53,7 +53,7 @@ named `.alerts-security.alerts-default`. If you're upgrading to 8.0.0 or later, |Enable the Detections feature in your Kibana space |The `manage` privilege -a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `` is the {kib} space name: +a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `` is the {kib} space name: * `.alerts-security.alerts-` * `.siem-signals-` ^1^ @@ -71,7 +71,7 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t *NOTE*: To turn on the Detections feature, visit the Detections page for each appropriate Kibana space. |The `manage` privilege -a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices: +a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams: * `.alerts-security.alerts-` * `.siem-signals-` ^1^ @@ -96,7 +96,7 @@ a| The `read` privilege for the following indices: |Manage rules | N/A -a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `` is the {kib} space name: +a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `` is the {kib} space name: * `.alerts-security.alerts-`^1^ @@ -118,7 +118,7 @@ a| {kib} space `All` privileges for the `Security` feature (refer to **NOTE**: Allows you to manage alerts, but not modify rules. |N/A -a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `` is the {kib} space name: +a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `` is the {kib} space name: * `.alerts-security.alerts-` * `.internal.alerts-security.alerts--*`