From f68982180d625dda47fa7b442033773686e97be8 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Thu, 30 Nov 2023 15:41:27 +0000 Subject: [PATCH 1/2] Adds Export exception list API docs (#4316) * Adds Export exception list API docs * Tweaks formatting * Makes id params required * Update docs/detections/api/exceptions/api-export-exception-list.asciidoc Co-authored-by: Joe Peeples --------- Co-authored-by: Joe Peeples (cherry picked from commit e3eb32a0c667dc094147e4c07d6e002b0c353d30) # Conflicts: # docs/detections/api/exceptions-api-index.asciidoc --- .../api/exceptions-api-index.asciidoc | 7 +++ .../api-export-exception-list.asciidoc | 46 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 docs/detections/api/exceptions/api-export-exception-list.asciidoc diff --git a/docs/detections/api/exceptions-api-index.asciidoc b/docs/detections/api/exceptions-api-index.asciidoc index a80849aa6d..5b632aa2d4 100644 --- a/docs/detections/api/exceptions-api-index.asciidoc +++ b/docs/detections/api/exceptions-api-index.asciidoc @@ -12,6 +12,13 @@ include::exceptions/api-get-exception-containers.asciidoc[] include::exceptions/api-get-exception-items.asciidoc[] +<<<<<<< HEAD +======= +include::exceptions/api-import-exception-list.asciidoc[] + +include::exceptions/api-export-exception-list.asciidoc[] + +>>>>>>> e3eb32a0 (Adds Export exception list API docs (#4316)) include::exceptions/api-update-exception-container.asciidoc[] include::exceptions/api-summary-exception-container.asciidoc[] diff --git a/docs/detections/api/exceptions/api-export-exception-list.asciidoc b/docs/detections/api/exceptions/api-export-exception-list.asciidoc new file mode 100644 index 0000000000..4413566b83 --- /dev/null +++ b/docs/detections/api/exceptions/api-export-exception-list.asciidoc @@ -0,0 +1,46 @@ +[[exceptions-api-export-exception-list]] +=== Export exception list + +Exports an exception list and its associated items to an `.ndjson` file. + +==== Request URL + +`POST :/api/exception_lists/_export` + +===== URL query parameters + +[width="100%",options="header"] +|============================================== +|Name |Type |Description |Required + +|`id` |String |ID of the exception list. |Yes. +|`list_id` |String |List ID of the exception list. |Yes. +|`namespace_type` |String a|Determines whether the exported exception list is associated with a single {kib} space or available in all spaces, using one of the following: + +* `single`: Associated with the {kib} space in which it is created. +* `agnostic`: Available in all {kib} spaces. + +|No, defaults to `single`. +|============================================== + +===== Example request + +Exports the exception list with an `id` value of `b590e8f0-43fa-11eb-ad0b-97969c856022` and a `list_id` value of `4fcd2765-0ba8-4048-8a65-27afcab72b12`, associated with a single {kib} space. + +[source,console] +-------------------------------------------------- +POST api/exception_lists/_export?id=b590e8f0-43fa-11eb-ad0b-97969c856022&list_id=4fcd2765-0ba8-4048-8a65-27afcab72b12&namespace_type=single +-------------------------------------------------- + +==== Response code + +`200`:: + Indicates a successful call. + +==== Sample `.ndjson` file +[source,json] +------------------------------------------------- +{"_version":"WzgxLDFd","created_at":"2020-12-22T02:09:23.199Z","created_by":"elastic","description":"test","id":"b590e8f0-43fa-11eb-ad0b-97969c856022","immutable":false,"list_id":"4fcd2765-0ba8-4048-8a65-27afcab72b12","name":"Test Exception List","namespace_type":"single","os_types":[],"tags":[],"tie_breaker_id":"0437982d-4f48-4bcd-ab78-3a9b0696bae9","type":"detection","updated_at":"2020-12-22T02:09:23.257Z","updated_by":"elastic","version":1} +{"_version":"Wzg5LDFd","comments":[],"created_at":"2020-12-22T02:09:48.419Z","created_by":"elastic","description":"test - exception list item","entries":[{"field":"host.name","type":"match","operator":"included","value":"siem-kibana"}],"id":"c4992d30-43fa-11eb-ad0b-97969c856022","item_id":"0f9edfd7-a5b0-4974-b5de-f949b7b89465","list_id":"4fcd2765-0ba8-4048-8a65-27afcab72b12","name":"Test - exception list item","namespace_type":"single","os_types":[],"tags":[],"tie_breaker_id":"56564ed3-c85d-4399-b6ea-cd12617530bd","type":"simple","updated_at":"2020-12-22T02:09:48.486Z","updated_by":"elastic"} +{"exception_list_items_details":{"exported_count":1}} +------------------------------------------------- From 8db340fd9b440dc5cb6b7e63fd6c1062b541b792 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Thu, 30 Nov 2023 16:41:26 +0000 Subject: [PATCH 2/2] Resolves conflict --- docs/detections/api/exceptions-api-index.asciidoc | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/detections/api/exceptions-api-index.asciidoc b/docs/detections/api/exceptions-api-index.asciidoc index 5b632aa2d4..b0ced68252 100644 --- a/docs/detections/api/exceptions-api-index.asciidoc +++ b/docs/detections/api/exceptions-api-index.asciidoc @@ -12,13 +12,8 @@ include::exceptions/api-get-exception-containers.asciidoc[] include::exceptions/api-get-exception-items.asciidoc[] -<<<<<<< HEAD -======= -include::exceptions/api-import-exception-list.asciidoc[] - include::exceptions/api-export-exception-list.asciidoc[] ->>>>>>> e3eb32a0 (Adds Export exception list API docs (#4316)) include::exceptions/api-update-exception-container.asciidoc[] include::exceptions/api-summary-exception-container.asciidoc[]