github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Auto-bundle Endpoint Management API OpenAPI specs (#188853)

Browse source 
**Addresses**: https://github.com/elastic/kibana/issues/184428

## Summary

This PR adds scripts for automatic bundling of Endpoint Management API OpenAPI specs as a part of PR pipeline. Corresponding result bundles are automatically committed to the Security Solution plugin `x-pack/plugins/security_solution` in the `docs/openapi/ess/` and `docs/openapi/serverless` folders (similar to https://github.com/elastic/kibana/pull/186384).
This commit is contained in:
Maxim Palenov 2024-07-26 14:59:17 +02:00 committed by GitHub
parent 9bc57412bb
commit 218146ee69
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 1855 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.buildkite/scripts/steps/openapi_bundling/security_solution_openapi_bundling.sh
View file

@ -23,6 +23,11 @@ check_for_changed_files "yarn openapi:bundle:entity-analytics" true
echo -e "\n[Security Solution OpenAPI Bundling] Lists API\n"
echo -e "\n[Security Solution OpenAPI Bundling] Endpoint Management API\n"
(cd x-pack/plugins/security_solution && yarn openapi:bundle:endpoint-management)
check_for_changed_files "yarn openapi:bundle:endpoint-management" true
(cd packages/kbn-securitysolution-lists-common && yarn openapi:bundle)
check_for_changed_files "yarn openapi:bundle" true

938
x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml Normal file
View file

@ -0,0 +1,938 @@
openapi: 3.0.3
info:
description: Interact with and manage endpoints running the Elastic Defend integration.
title: Security Solution Endpoint Management API (Elastic Cloud and self-hosted)
version: '2023-10-31'
servers:
- url: 'http://{kibana_host}:{port}'
variables:
kibana_host:
default: localhost
port:
default: '5601'
paths:
/api/endpoint/action:
get:
operationId: EndpointGetActionsList
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/EndpointActionListRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Actions List schema
'/api/endpoint/action_log/{agent_id}':
get:
operationId: EndpointGetActionAuditLog
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/AuditLogRequestQuery'
- in: path
name: query
required: true
schema:
$ref: '#/components/schemas/AuditLogRequestParams'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get action audit log schema
/api/endpoint/action_status:
get:
operationId: EndpointGetActionsStatus
parameters:
- in: query
name: query
required: true
schema:
type: object
properties:
agent_ids:
$ref: '#/components/schemas/AgentIds'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Actions status schema
'/api/endpoint/action/{action_id}':
get:
operationId: EndpointGetActionsDetails
parameters:
- in: path
name: query
required: true
schema:
$ref: '#/components/schemas/DetailsRequestParams'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Action details schema
'/api/endpoint/action/{action_id}/file/{file_id}/download`':
get:
operationId: EndpointFileDownload
parameters:
- in: path
name: query
required: true
schema:
$ref: '#/components/schemas/FileDownloadRequestParams'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: File Download schema
'/api/endpoint/action/{action_id}/file/{file_id}`':
get:
operationId: EndpointFileInfo
parameters:
- in: path
name: query
required: true
schema:
$ref: '#/components/schemas/FileInfoRequestParams'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: File Info schema
/api/endpoint/action/execute:
post:
operationId: EndpointExecuteAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ExecuteActionRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Execute Action
/api/endpoint/action/get_file:
post:
operationId: EndpointGetFileAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GetFileActionRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get File Action
/api/endpoint/action/isolate:
post:
operationId: EndpointIsolateHostAction
requestBody:
content:
application/json:
schema:
type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Isolate host Action
/api/endpoint/action/kill_process:
post:
operationId: EndpointKillProcessAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProcessActionSchemas'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Kill process Action
/api/endpoint/action/running_procs:
post:
operationId: EndpointGetRunningProcessesAction
requestBody:
content:
application/json:
schema:
type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Running Processes Action
/api/endpoint/action/scan:
post:
operationId: EndpointScanAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ScanActionRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Scan Action
/api/endpoint/action/state:
get:
operationId: EndpointGetActionsState
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Action State schema
/api/endpoint/action/suspend_process:
post:
operationId: EndpointSuspendProcessAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProcessActionSchemas'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Suspend process Action
/api/endpoint/action/unisolate:
post:
operationId: EndpointUnisolateHostAction
requestBody:
content:
application/json:
schema:
type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Unisolate host Action
/api/endpoint/action/upload:
post:
operationId: EndpointUploadAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FileUploadActionRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Upload Action
/api/endpoint/isolate:
post:
operationId: EndpointIsolateRedirect
requestBody:
content:
application/json:
schema:
type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
'308':
description: Permanent Redirect
headers:
Location:
description: Permanently redirects to "/api/endpoint/action/isolate"
schema:
example: /api/endpoint/action/isolate
type: string
summary: Permanently redirects to a new location
/api/endpoint/metadata:
get:
operationId: GetEndpointMetadataList
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/ListRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Metadata List schema
'/api/endpoint/metadata/{id}':
get:
operationId: GetEndpointMetadata
parameters:
- in: path
name: query
required: true
schema:
type: object
properties:
id:
type: string
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Metadata schema
/api/endpoint/metadata/transforms:
get:
operationId: GetEndpointMetadataTransform
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Metadata Transform schema
/api/endpoint/policy_response:
get:
operationId: GetPolicyResponse
parameters:
- in: query
name: query
required: true
schema:
type: object
properties:
agentId:
$ref: '#/components/schemas/AgentId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Policy Response schema
/api/endpoint/policy/summaries:
get:
operationId: GetAgentPolicySummary
parameters:
- in: query
name: query
required: true
schema:
type: object
properties:
package_name:
type: string
policy_id:
nullable: true
type: string
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Agent Policy Summary schema
'/api/endpoint/protection_updates_note/{package_policy_id}':
get:
operationId: GetProtectionUpdatesNote
parameters:
- in: path
name: package_policy_id
required: true
schema:
type: string
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProtectionUpdatesNoteResponse'
description: OK
summary: Get Protection Updates Note schema
post:
operationId: CreateUpdateProtectionUpdatesNote
parameters:
- in: path
name: package_policy_id
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
type: object
properties:
note:
type: string
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProtectionUpdatesNoteResponse'
description: OK
summary: Create Update Protection Updates Note schema
'/api/endpoint/suggestions/{suggestion_type}':
post:
operationId: GetEndpointSuggestions
parameters:
- in: path
name: suggestion_type
required: true
schema:
enum:
- eventFilters
type: string
requestBody:
content:
application/json:
schema:
type: object
properties:
field:
type: string
fieldMeta: {}
filters: {}
query:
type: string
required:
- parameters
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get suggestions
/api/endpoint/unisolate:
post:
operationId: EndpointUnisolateRedirect
requestBody:
content:
application/json:
schema:
type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
'308':
description: Permanent Redirect
headers:
Location:
description: Permanently redirects to "/api/endpoint/action/unisolate"
schema:
example: /api/endpoint/action/unisolate
type: string
summary: Permanently redirects to a new location
components:
schemas:
AgentId:
description: Agent ID
type: string
AgentIds:
minLength: 1
oneOf:
- items:
minLength: 1
type: string
maxItems: 50
minItems: 1
type: array
- minLength: 1
type: string
AlertIds:
description: A list of alerts ids.
items:
$ref: '#/components/schemas/NonEmptyString'
minItems: 1
type: array
AuditLogRequestParams:
type: object
properties:
agent_id:
$ref: '#/components/schemas/AgentId'
AuditLogRequestQuery:
type: object
properties:
end_date:
$ref: '#/components/schemas/EndDate'
page:
$ref: '#/components/schemas/Page'
page_size:
$ref: '#/components/schemas/PageSize'
start_date:
$ref: '#/components/schemas/StartDate'
CaseIds:
description: Case IDs to be updated (cannot contain empty strings)
items:
minLength: 1
type: string
minItems: 1
type: array
Command:
description: The command to be executed (cannot be an empty string)
enum:
- isolate
- unisolate
- kill-process
- suspend-process
- running-processes
- get-file
- execute
- upload
minLength: 1
type: string
Commands:
items:
$ref: '#/components/schemas/Command'
type: array
Comment:
description: Optional comment
type: string
DetailsRequestParams:
type: object
properties:
action_id:
type: string
EndDate:
description: End date
type: string
EndpointActionListRequestQuery:
type: object
properties:
agentIds:
$ref: '#/components/schemas/AgentIds'
commands:
$ref: '#/components/schemas/Commands'
endDate:
$ref: '#/components/schemas/EndDate'
page:
$ref: '#/components/schemas/Page'
pageSize:
default: 10
description: Number of items per page
maximum: 10000
minimum: 1
type: integer
startDate:
$ref: '#/components/schemas/StartDate'
types:
$ref: '#/components/schemas/Types'
userIds:
$ref: '#/components/schemas/UserIds'
withOutputs:
$ref: '#/components/schemas/WithOutputs'
EndpointIds:
description: List of endpoint IDs (cannot contain empty strings)
items:
minLength: 1
type: string
minItems: 1
type: array
ExecuteActionRequestBody:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
parameters:
type: object
properties:
command:
$ref: '#/components/schemas/Command'
timeout:
$ref: '#/components/schemas/Timeout'
required:
- command
required:
- parameters
FileDownloadRequestParams:
type: object
properties:
action_id:
type: string
file_id:
type: string
required:
- action_id
- file_id
FileInfoRequestParams:
type: object
properties:
action_id:
type: string
file_id:
type: string
required:
- action_id
- file_id
FileUploadActionRequestBody:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
file:
format: binary
type: string
parameters:
type: object
properties:
overwrite:
default: false
type: boolean
required:
- parameters
- file
GetFileActionRequestBody:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
parameters:
type: object
properties:
path:
type: string
required:
- path
required:
- parameters
ListRequestQuery:
type: object
properties:
hostStatuses:
items:
enum:
- healthy
- offline
- updating
- inactive
- unenrolled
type: string
type: array
kuery:
nullable: true
type: string
page:
default: 0
description: Page number
minimum: 0
type: integer
pageSize:
default: 10
description: Number of items per page
maximum: 10000
minimum: 1
type: integer
sortDirection:
enum:
- asc
- desc
nullable: true
type: string
sortField:
enum:
- enrolled_at
- metadata.host.hostname
- host_status
- metadata.Endpoint.policy.applied.name
- metadata.Endpoint.policy.applied.status
- metadata.host.os.name
- metadata.host.ip
- metadata.agent.version
- last_checkin
type: string
required:
- hostStatuses
NonEmptyString:
description: A string that is not empty and does not contain only whitespace
minLength: 1
pattern: ^(?! *$).+$
type: string
Page:
default: 1
description: Page number
minimum: 1
type: integer
PageSize:
default: 10
description: Number of items per page
maximum: 100
minimum: 1
type: integer
Parameters:
description: Optional parameters object
type: object
ProcessActionSchemas:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
parameters:
oneOf:
- type: object
properties:
pid:
minimum: 1
type: integer
- type: object
properties:
entity_id:
minLength: 1
type: string
required:
- parameters
ProtectionUpdatesNoteResponse:
type: object
properties:
note:
type: string
ScanActionRequestBody:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
parameters:
type: object
properties:
path:
type: string
required:
- path
required:
- parameters
StartDate:
description: Start date
type: string
SuccessResponse:
type: object
properties: {}
Timeout:
description: The maximum timeout value in milliseconds (optional)
minimum: 1
type: integer
Type:
enum:
- automated
- manual
type: string
Types:
items:
$ref: '#/components/schemas/Type'
maxLength: 2
minLength: 1
type: array
UserIds:
description: User IDs
oneOf:
- items:
minLength: 1
type: string
minItems: 1
type: array
- minLength: 1
type: string
WithOutputs:
description: With Outputs
oneOf:
- items:
minLength: 1
type: string
minItems: 1
type: array
- minLength: 1
type: string
securitySchemes:
BasicAuth:
scheme: basic
type: http
security:
- BasicAuth: []
tags: !<tag:yaml.org,2002:js/undefined> ''

866
x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml Normal file
View file

@ -0,0 +1,866 @@
openapi: 3.0.3
info:
description: Interact with and manage endpoints running the Elastic Defend integration.
title: Security Solution Endpoint Management API (Elastic Cloud Serverless)
version: '2023-10-31'
servers:
- url: 'http://{kibana_host}:{port}'
variables:
kibana_host:
default: localhost
port:
default: '5601'
paths:
/api/endpoint/action:
get:
operationId: EndpointGetActionsList
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/EndpointActionListRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Actions List schema
'/api/endpoint/action_log/{agent_id}':
get:
operationId: EndpointGetActionAuditLog
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/AuditLogRequestQuery'
- in: path
name: query
required: true
schema:
$ref: '#/components/schemas/AuditLogRequestParams'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get action audit log schema
/api/endpoint/action_status:
get:
operationId: EndpointGetActionsStatus
parameters:
- in: query
name: query
required: true
schema:
type: object
properties:
agent_ids:
$ref: '#/components/schemas/AgentIds'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Actions status schema
'/api/endpoint/action/{action_id}':
get:
operationId: EndpointGetActionsDetails
parameters:
- in: path
name: query
required: true
schema:
$ref: '#/components/schemas/DetailsRequestParams'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Action details schema
'/api/endpoint/action/{action_id}/file/{file_id}/download`':
get:
operationId: EndpointFileDownload
parameters:
- in: path
name: query
required: true
schema:
$ref: '#/components/schemas/FileDownloadRequestParams'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: File Download schema
'/api/endpoint/action/{action_id}/file/{file_id}`':
get:
operationId: EndpointFileInfo
parameters:
- in: path
name: query
required: true
schema:
$ref: '#/components/schemas/FileInfoRequestParams'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: File Info schema
/api/endpoint/action/execute:
post:
operationId: EndpointExecuteAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ExecuteActionRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Execute Action
/api/endpoint/action/get_file:
post:
operationId: EndpointGetFileAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GetFileActionRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get File Action
/api/endpoint/action/isolate:
post:
operationId: EndpointIsolateHostAction
requestBody:
content:
application/json:
schema:
type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Isolate host Action
/api/endpoint/action/kill_process:
post:
operationId: EndpointKillProcessAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProcessActionSchemas'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Kill process Action
/api/endpoint/action/running_procs:
post:
operationId: EndpointGetRunningProcessesAction
requestBody:
content:
application/json:
schema:
type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Running Processes Action
/api/endpoint/action/scan:
post:
operationId: EndpointScanAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ScanActionRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Scan Action
/api/endpoint/action/state:
get:
operationId: EndpointGetActionsState
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Action State schema
/api/endpoint/action/suspend_process:
post:
operationId: EndpointSuspendProcessAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProcessActionSchemas'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Suspend process Action
/api/endpoint/action/unisolate:
post:
operationId: EndpointUnisolateHostAction
requestBody:
content:
application/json:
schema:
type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Unisolate host Action
/api/endpoint/action/upload:
post:
operationId: EndpointUploadAction
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FileUploadActionRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Upload Action
/api/endpoint/metadata:
get:
operationId: GetEndpointMetadataList
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/ListRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Metadata List schema
'/api/endpoint/metadata/{id}':
get:
operationId: GetEndpointMetadata
parameters:
- in: path
name: query
required: true
schema:
type: object
properties:
id:
type: string
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Metadata schema
/api/endpoint/metadata/transforms:
get:
operationId: GetEndpointMetadataTransform
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Metadata Transform schema
/api/endpoint/policy_response:
get:
operationId: GetPolicyResponse
parameters:
- in: query
name: query
required: true
schema:
type: object
properties:
agentId:
$ref: '#/components/schemas/AgentId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Policy Response schema
/api/endpoint/policy/summaries:
get:
operationId: GetAgentPolicySummary
parameters:
- in: query
name: query
required: true
schema:
type: object
properties:
package_name:
type: string
policy_id:
nullable: true
type: string
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get Agent Policy Summary schema
'/api/endpoint/protection_updates_note/{package_policy_id}':
get:
operationId: GetProtectionUpdatesNote
parameters:
- in: path
name: package_policy_id
required: true
schema:
type: string
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProtectionUpdatesNoteResponse'
description: OK
summary: Get Protection Updates Note schema
post:
operationId: CreateUpdateProtectionUpdatesNote
parameters:
- in: path
name: package_policy_id
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
type: object
properties:
note:
type: string
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProtectionUpdatesNoteResponse'
description: OK
summary: Create Update Protection Updates Note schema
'/api/endpoint/suggestions/{suggestion_type}':
post:
operationId: GetEndpointSuggestions
parameters:
- in: path
name: suggestion_type
required: true
schema:
enum:
- eventFilters
type: string
requestBody:
content:
application/json:
schema:
type: object
properties:
field:
type: string
fieldMeta: {}
filters: {}
query:
type: string
required:
- parameters
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SuccessResponse'
description: OK
summary: Get suggestions
components:
schemas:
AgentId:
description: Agent ID
type: string
AgentIds:
minLength: 1
oneOf:
- items:
minLength: 1
type: string
maxItems: 50
minItems: 1
type: array
- minLength: 1
type: string
AlertIds:
description: A list of alerts ids.
items:
$ref: '#/components/schemas/NonEmptyString'
minItems: 1
type: array
AuditLogRequestParams:
type: object
properties:
agent_id:
$ref: '#/components/schemas/AgentId'
AuditLogRequestQuery:
type: object
properties:
end_date:
$ref: '#/components/schemas/EndDate'
page:
$ref: '#/components/schemas/Page'
page_size:
$ref: '#/components/schemas/PageSize'
start_date:
$ref: '#/components/schemas/StartDate'
CaseIds:
description: Case IDs to be updated (cannot contain empty strings)
items:
minLength: 1
type: string
minItems: 1
type: array
Command:
description: The command to be executed (cannot be an empty string)
enum:
- isolate
- unisolate
- kill-process
- suspend-process
- running-processes
- get-file
- execute
- upload
minLength: 1
type: string
Commands:
items:
$ref: '#/components/schemas/Command'
type: array
Comment:
description: Optional comment
type: string
DetailsRequestParams:
type: object
properties:
action_id:
type: string
EndDate:
description: End date
type: string
EndpointActionListRequestQuery:
type: object
properties:
agentIds:
$ref: '#/components/schemas/AgentIds'
commands:
$ref: '#/components/schemas/Commands'
endDate:
$ref: '#/components/schemas/EndDate'
page:
$ref: '#/components/schemas/Page'
pageSize:
default: 10
description: Number of items per page
maximum: 10000
minimum: 1
type: integer
startDate:
$ref: '#/components/schemas/StartDate'
types:
$ref: '#/components/schemas/Types'
userIds:
$ref: '#/components/schemas/UserIds'
withOutputs:
$ref: '#/components/schemas/WithOutputs'
EndpointIds:
description: List of endpoint IDs (cannot contain empty strings)
items:
minLength: 1
type: string
minItems: 1
type: array
ExecuteActionRequestBody:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
parameters:
type: object
properties:
command:
$ref: '#/components/schemas/Command'
timeout:
$ref: '#/components/schemas/Timeout'
required:
- command
required:
- parameters
FileDownloadRequestParams:
type: object
properties:
action_id:
type: string
file_id:
type: string
required:
- action_id
- file_id
FileInfoRequestParams:
type: object
properties:
action_id:
type: string
file_id:
type: string
required:
- action_id
- file_id
FileUploadActionRequestBody:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
file:
format: binary
type: string
parameters:
type: object
properties:
overwrite:
default: false
type: boolean
required:
- parameters
- file
GetFileActionRequestBody:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
parameters:
type: object
properties:
path:
type: string
required:
- path
required:
- parameters
ListRequestQuery:
type: object
properties:
hostStatuses:
items:
enum:
- healthy
- offline
- updating
- inactive
- unenrolled
type: string
type: array
kuery:
nullable: true
type: string
page:
default: 0
description: Page number
minimum: 0
type: integer
pageSize:
default: 10
description: Number of items per page
maximum: 10000
minimum: 1
type: integer
sortDirection:
enum:
- asc
- desc
nullable: true
type: string
sortField:
enum:
- enrolled_at
- metadata.host.hostname
- host_status
- metadata.Endpoint.policy.applied.name
- metadata.Endpoint.policy.applied.status
- metadata.host.os.name
- metadata.host.ip
- metadata.agent.version
- last_checkin
type: string
required:
- hostStatuses
NonEmptyString:
description: A string that is not empty and does not contain only whitespace
minLength: 1
pattern: ^(?! *$).+$
type: string
Page:
default: 1
description: Page number
minimum: 1
type: integer
PageSize:
default: 10
description: Number of items per page
maximum: 100
minimum: 1
type: integer
Parameters:
description: Optional parameters object
type: object
ProcessActionSchemas:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
parameters:
oneOf:
- type: object
properties:
pid:
minimum: 1
type: integer
- type: object
properties:
entity_id:
minLength: 1
type: string
required:
- parameters
ProtectionUpdatesNoteResponse:
type: object
properties:
note:
type: string
ScanActionRequestBody:
allOf:
- type: object
properties:
alert_ids:
$ref: '#/components/schemas/AlertIds'
case_ids:
$ref: '#/components/schemas/CaseIds'
comment:
$ref: '#/components/schemas/Comment'
endpoint_ids:
$ref: '#/components/schemas/EndpointIds'
parameters:
$ref: '#/components/schemas/Parameters'
- type: object
properties:
parameters:
type: object
properties:
path:
type: string
required:
- path
required:
- parameters
StartDate:
description: Start date
type: string
SuccessResponse:
type: object
properties: {}
Timeout:
description: The maximum timeout value in milliseconds (optional)
minimum: 1
type: integer
Type:
enum:
- automated
- manual
type: string
Types:
items:
$ref: '#/components/schemas/Type'
maxLength: 2
minLength: 1
type: array
UserIds:
description: User IDs
oneOf:
- items:
minLength: 1
type: string
minItems: 1
type: array
- minLength: 1
type: string
WithOutputs:
description: With Outputs
oneOf:
- items:
minLength: 1
type: string
minItems: 1
type: array
- minLength: 1
type: string
securitySchemes:
BasicAuth:
scheme: basic
type: http
security:
- BasicAuth: []
tags: !<tag:yaml.org,2002:js/undefined> ''

3
x-pack/plugins/security_solution/package.json
View file

@ -32,6 +32,7 @@
"openapi:generate:debug": "node --inspect-brk scripts/openapi/generate",
"openapi:bundle:detections": "node scripts/openapi/bundle_detections",
"openapi:bundle:timeline": "node scripts/openapi/bundle_timeline",
"openapi:bundle:entity-analytics": "node scripts/openapi/bundle_entity_analytics"
"openapi:bundle:entity-analytics": "node scripts/openapi/bundle_entity_analytics",
"openapi:bundle:endpoint-management": "node scripts/openapi/bundle_endpoint_management"
}
}

44
x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js Normal file
View file

@ -0,0 +1,44 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
require('../../../../../src/setup_node_env');
const { bundle } = require('@kbn/openapi-bundler');
const { join, resolve } = require('path');
const ROOT = resolve(__dirname, '../..');
(async () => {
await bundle({
sourceGlob: join(ROOT, 'common/api/endpoint/**/*.schema.yaml'),
outputFilePath: join(
ROOT,
'docs/openapi/serverless/security_solution_endpoint_management_api_{version}.bundled.schema.yaml'
),
options: {
includeLabels: ['serverless'],
specInfo: {
title: 'Security Solution Endpoint Management API (Elastic Cloud Serverless)',
description: 'Interact with and manage endpoints running the Elastic Defend integration.',
},
},
});
await bundle({
sourceGlob: join(ROOT, 'common/api/endpoint/**/*.schema.yaml'),
outputFilePath: join(
ROOT,
'docs/openapi/ess/security_solution_endpoint_management_api_{version}.bundled.schema.yaml'
),
options: {
includeLabels: ['ess'],
specInfo: {
title: 'Security Solution Endpoint Management API (Elastic Cloud and self-hosted)',
description: 'Interact with and manage endpoints running the Elastic Defend integration.',
},
},
});
})();