elastic · natasha-moore-elastic · Nov 3, 2023 · Oct 18, 2023 · Oct 18, 2023 · Oct 25, 2023
@@ -38,7 +38,7 @@ entities:
 image::images/exceptions-logic.png[]
 
 IMPORTANT: Before you can create exceptions, you must create `.lists` and
-`.items` indices for the {kib} space (see <<lists-index-api-overview>>).
+`.items` data streams for the {kib} space (see <<lists-index-api-overview>>).
 
 [float]
 === Kibana role requirements
@@ -47,7 +47,7 @@ To create list containers and items, the user role for the {kib} space must
 have:
 
 * `read` and `write` index privileges for the
-`.lists` and `.items` indices (the system index used for storing exception lists).
+`.lists` and `.items` data streams (the system data stream used for storing exception lists).
 * {kib} space `All` privileges for the `Security` and `Saved Objects Management`
 features (see
 {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).

@@ -2,16 +2,16 @@
 === Lists index endpoint
 
 Before using exceptions and lists, use the `index` endpoint to create `.lists`
-and `.items` system indices in the relevant
+and `.items` system data streams in the relevant
 {kibana-ref}/xpack-spaces.html[{kib} space].
 
 For information about the permissions and privileges required to create
-`.lists` and `.items` indices, see <<enable-detections-ui>>.
+`.lists` and `.items` data streams, see <<enable-detections-ui>>.
 
 [discrete]
-=== Create index
+=== Create data stream
 
-Creates `.lists` and `.items` indices. The indices naming convention is
+Creates `.lists` and `.items` data streams. The data streams naming convention is
 `.lists-<space name>` and `.items-<space name>`.
 
 [discrete]
@@ -22,7 +22,7 @@ Creates `.lists` and `.items` indices. The indices naming convention is
 [discrete]
 ===== Example request
 
-Creates `.lists` and `.items` indices.
+Creates `.lists` and `.items` data streams.
 
 [source,console]
 --------------------------------------------------
@@ -37,9 +37,9 @@ POST api/lists/index
     Indicates a successful call.
 
 [discrete]
-=== Get index
+=== Get data stream
 
-Verifies `.lists` and `.items` indices exist.
+Verifies `.lists` and `.items` data streams exist.
 
 [discrete]
 ==== Request URL
@@ -49,7 +49,7 @@ Verifies `.lists` and `.items` indices exist.
 [discrete]
 ===== Example request
 
-Verifies the `lists` index for the {kib} `security` exists:
+Verifies the `lists` data stream for the {kib} `security` exists:
 
 [source,console]
 --------------------------------------------------
@@ -63,12 +63,12 @@ GET api/lists/index
 `200`::
     Indicates a successful call.
 `404`::
-    Indicates no index exists.
+    Indicates no data stream exists.
 
 [discrete]
 ===== Example responses
 
-Example response when the indices exist:
+Example response when the data streams exist:
 
 [source,json]
 --------------------------------------------------
@@ -78,20 +78,20 @@ Example response when the indices exist:
 }
 --------------------------------------------------
 
-Example response when the indices do not exist:
+Example response when the data streams do not exist:
 
 [source,json]
 --------------------------------------------------
 {
-  "message": "index .lists-default and index .items-default does not exist",
+  "message": "data stream .lists-default and data stream .items-default does not exist",
   "status_code": 404
 }
 --------------------------------------------------
 
 [discrete]
-=== Delete index
+=== Delete data streams
 
-Deletes the `.lists` and `.items` indices.
+Deletes the `.lists` and `.items` data streams.
 
 [discrete]
 ==== Request URL
@@ -101,7 +101,7 @@ Deletes the `.lists` and `.items` indices.
 [discrete]
 ===== Example request
 
-Deletes the `.lists` and `.items` indices:
+Deletes the `.lists` and `.items` data streams:
 
 [source, js]
 --------------------------------------------------

@@ -55,7 +55,7 @@ operator and associate it with an <<exceptions-api-create-container, exception c
 You can then add the exception container to a rule's `exceptions_list` object.
 
 IMPORTANT: Before you can create lists, you must create `.lists` and `.items`
-indices for the {kib} space (see <<lists-index-api-overview>>).
+data streams for the {kib} space (see <<lists-index-api-overview>>).
 
 [float]
 === Kibana role requirements
@@ -64,7 +64,7 @@ To create list containers and items, the user role for the {kib} space must
 have:
 
 * `read` and `write` index privileges for the
-`.lists` and `.items` indices (the system index used for storing exception lists).
+`.lists` and `.items` data streams (the system data stream used for storing exception lists).
 * {kib} space `All` privileges for the `Security` and `Saved Objects Management`
 features (see
 {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).

@@ -53,7 +53,7 @@ named `.alerts-security.alerts-default`. If you're upgrading to 8.0.0 or later,
 |Enable the Detections feature in your Kibana space
 |The `manage` privilege
 
-a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `<space-id>` is the {kib} space name:
+a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:
 
 * `.alerts-security.alerts-<space-id>`
 * `.siem-signals-<space-id>` ^1^
@@ -71,7 +71,7 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t
 *NOTE*: To turn on the Detections feature, visit the Detections page for each appropriate Kibana space.
 
 |The `manage` privilege
-a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices:
+a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams:
 
 * `.alerts-security.alerts-<space-id>`
 * `.siem-signals-<space-id>` ^1^
@@ -96,7 +96,7 @@ a| The `read` privilege for the following indices:
 
 |Manage rules
 | N/A
-a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `<space-id>` is the {kib} space name:
+a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:
 
 * `.alerts-security.alerts-<space-id`
 * `.siem-signals-<space-id>`^1^
@@ -118,7 +118,7 @@ a| {kib} space `All` privileges for the `Security` feature (refer to
 
 **NOTE**: Allows you to manage alerts, but not modify rules.
 |N/A
-a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices, where `<space-id>` is the {kib} space name:
+a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices and data streams, where `<space-id>` is the {kib} space name:
 
 * `.alerts-security.alerts-<space-id>`
 * `.internal.alerts-security.alerts-<space-id>-*`