github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 02:09:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.18] [Detection Engine][Docs] Updating examples to meet old ascii docs (#207558) (#209942)

Browse source 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Detection Engine][Docs] Updating examples to meet old ascii docs
(#207558)](https://github.com/elastic/kibana/pull/207558)

<!--- Backport version: 9.6.4 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Yara
Tercero","email":"yctercero@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-05T07:02:48Z","message":"[Detection
Engine][Docs] Updating examples to meet old ascii docs (#207558)\n\n#
Summary\r\n\r\nAs part of the effort to add missing content for Security
APIs, this PR\r\nintroduces a few missing request, response, and
parameter examples for\r\nDetection Engine Alert and migration
APIs.","sha":"d4199dcac1f0bff5f3511e79a860c77534b35c74","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detection
Engine","v8.16.0","backport:version","v8.17.0","v8.18.0","v9.1.0"],"title":"[Detection
Engine][Docs] Updating examples to meet old ascii
docs","number":207558,"url":"https://github.com/elastic/kibana/pull/207558","mergeCommit":{"message":"[Detection
Engine][Docs] Updating examples to meet old ascii docs (#207558)\n\n#
Summary\r\n\r\nAs part of the effort to add missing content for Security
APIs, this PR\r\nintroduces a few missing request, response, and
parameter examples for\r\nDetection Engine Alert and migration
APIs.","sha":"d4199dcac1f0bff5f3511e79a860c77534b35c74"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.16","8.17","8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207558","number":207558,"mergeCommit":{"message":"[Detection
Engine][Docs] Updating examples to meet old ascii docs (#207558)\n\n#
Summary\r\n\r\nAs part of the effort to add missing content for Security
APIs, this PR\r\nintroduces a few missing request, response, and
parameter examples for\r\nDetection Engine Alert and migration
APIs.","sha":"d4199dcac1f0bff5f3511e79a860c77534b35c74"}}]}] BACKPORT-->
This commit is contained in:
Yara Tercero 2025-02-06 15:38:56 -08:00 committed by GitHub
parent 5f58a5b423
commit 4ffa5a54c0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 1609 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

293
oas_docs/output/kibana.serverless.yaml
View file

@ -5824,7 +5824,43 @@ paths:
responses: responses:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema: schema:
type: object type: object
properties: properties:
@ -6495,7 +6531,24 @@ paths:
operationId: SetAlertAssignees operationId: SetAlertAssignees
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema: schema:
type: object type: object
properties: properties:
@ -6504,13 +6557,32 @@ paths:
description: Details about the assignees to assign and unassign. description: Details about the assignees to assign and unassign.
ids: ids:
$ref: '#/components/schemas/Security_Detections_API_AlertIds' $ref: '#/components/schemas/Security_Detections_API_AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required: required:
- assignees - assignees
- ids - ids
required: true required: true
responses: responses:
'200': '200':
content:
application/ndjson:
examples:
add:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 76,
total: 1,
updated: 1,
version_conflicts: 0,
description: Indicates a successful call. description: Indicates a successful call.
'400': '400':
description: Invalid request. description: Invalid request.
@ -6524,7 +6596,36 @@ paths:
operationId: SearchAlerts operationId: SearchAlerts
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: '2025-01-17T08:00:00.000Z'
lte: '2025-01-18T07:59:59.999Z'
runtime_mappings: {}
size: 0
schema: schema:
description: Elasticsearch query and aggregation request description: Elasticsearch query and aggregation request
type: object type: object
@ -6561,7 +6662,32 @@ paths:
responses: responses:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch search response description: Elasticsearch search response
@ -6597,7 +6723,44 @@ paths:
operationId: SetAlertsStatus operationId: SetAlertsStatus
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json:
examples:
byId:
value:
signal_ids:
- 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema: schema:
oneOf: oneOf:
- $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds'
@ -6607,7 +6770,42 @@ paths:
responses: responses:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
@ -6646,7 +6844,24 @@ paths:
operationId: SetAlertTags operationId: SetAlertTags
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json:
examples:
add:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema: schema:
type: object type: object
properties: properties:
@ -6662,7 +6877,25 @@ paths:
responses: responses:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json:
examples:
success:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
bulk: 0,
search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 68,
total: 1,
updated: 1,
version_conflicts: 0,
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
@ -43276,22 +43509,28 @@ components:
type: object type: object
properties: properties:
add: add:
description: A list of users ids to assign.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array type: array
remove: remove:
description: A list of users ids to unassign.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array type: array
required: required:
- add - add
- remove - remove
Security_Detections_API_AlertIds: Security_Detections_API_AlertIds:
description: A list of alerts ids. description: A list of alerts `id`s.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
Security_Detections_API_AlertsIndex: Security_Detections_API_AlertsIndex:
@ -43313,6 +43552,7 @@ components:
- additionalProperties: true - additionalProperties: true
type: object type: object
Security_Detections_API_AlertStatus: Security_Detections_API_AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
enum: enum:
- open - open
- closed - closed
@ -43363,8 +43603,12 @@ components:
- suppress - suppress
type: string type: string
Security_Detections_API_AlertTag: Security_Detections_API_AlertTag:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Use alert tags to organize related alerts into categories that you can filter and group.
format: nonempty
minLength: 1
type: string
Security_Detections_API_AlertTags: Security_Detections_API_AlertTags:
description: List of keywords to organize related alerts into categories that you can filter and group.
items: items:
$ref: '#/components/schemas/Security_Detections_API_AlertTag' $ref: '#/components/schemas/Security_Detections_API_AlertTag'
type: array type: array
@ -47370,8 +47614,11 @@ components:
type: object type: object
properties: properties:
signal_ids: signal_ids:
description: List of alert `id`s.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
status: status:
@ -47397,6 +47644,7 @@ components:
- query - query
- status - status
Security_Detections_API_SetAlertTags: Security_Detections_API_SetAlertTags:
description: Object with list of tags to add and remove.
type: object type: object
properties: properties:
tags_to_add: tags_to_add:
@ -49153,9 +49401,11 @@ components:
- microsoft_defender_endpoint - microsoft_defender_endpoint
type: string type: string
Security_Endpoint_Management_API_AlertIds: Security_Endpoint_Management_API_AlertIds:
description: A list of alerts ids. description: A list of alerts `id`s.
items: items:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
Security_Endpoint_Management_API_CaseIds: Security_Endpoint_Management_API_CaseIds:
@ -49436,11 +49686,6 @@ components:
type: string type: string
required: required:
- hostStatuses - hostStatuses
Security_Endpoint_Management_API_NonEmptyString:
description: A string that is not empty and does not contain only whitespace
minLength: 1
pattern: ^(?! *$).+$
type: string
Security_Endpoint_Management_API_Page: Security_Endpoint_Management_API_Page:
default: 1 default: 1
description: Page number description: Page number

358
oas_docs/output/kibana.yaml
View file

@ -10606,6 +10606,11 @@ paths:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
index_mapping_outdated: false
name: .alerts-security.alerts-default
schema: schema:
type: object type: object
properties: properties:
@ -10698,6 +10703,42 @@ paths:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema: schema:
type: object type: object
properties: properties:
@ -11617,6 +11658,23 @@ paths:
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema: schema:
type: object type: object
properties: properties:
@ -11625,13 +11683,32 @@ paths:
description: Details about the assignees to assign and unassign. description: Details about the assignees to assign and unassign.
ids: ids:
$ref: '#/components/schemas/Security_Detections_API_AlertIds' $ref: '#/components/schemas/Security_Detections_API_AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required: required:
- assignees - assignees
- ids - ids
required: true required: true
responses: responses:
'200': '200':
content:
application/ndjson; Elastic-Api-Version=2023-10-31:
examples:
add:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 76,
total: 1,
updated: 1,
version_conflicts: 0,
description: Indicates a successful call. description: Indicates a successful call.
'400': '400':
description: Invalid request. description: Invalid request.
@ -11650,9 +11727,13 @@ paths:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
schema: schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object type: object
properties: properties:
migration_ids: migration_ids:
description: Array of `migration_id`s to finalize.
items: items:
type: string type: string
minItems: 1 minItems: 1
@ -11665,6 +11746,17 @@ paths:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
migrations:
- completed: true
destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema: schema:
items: items:
$ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult' $ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult'
@ -11709,9 +11801,13 @@ paths:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
schema: schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object type: object
properties: properties:
migration_ids: migration_ids:
description: Array of `migration_id`s to cleanup.
items: items:
type: string type: string
minItems: 1 minItems: 1
@ -11724,6 +11820,16 @@ paths:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
migrations:
- destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema: schema:
items: items:
$ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult' $ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult'
@ -11761,13 +11867,21 @@ paths:
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
singleIndex:
value:
index:
- .siem-signals-default-000001
schema: schema:
allOf: allOf:
- type: object - type: object
properties: properties:
index: index:
description: Array of index names to migrate.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
required: required:
@ -11779,6 +11893,13 @@ paths:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
indices:
- index: .siem-signals-default-000001,
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
schema: schema:
type: object type: object
properties: properties:
@ -11816,7 +11937,7 @@ paths:
tags: tags:
- Security Detections API - Security Detections API
/api/detection_engine/signals/migration_status: /api/detection_engine/signals/migration_status:
post: get:
deprecated: true deprecated: true
description: Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. description: Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices.
operationId: ReadAlertsMigrationStatus operationId: ReadAlertsMigrationStatus
@ -11829,12 +11950,37 @@ paths:
description: | description: |
Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes
before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
example: now-30d
format: date-math format: date-math
type: string type: string
responses: responses:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
is_outdated: true
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
updated: '2021-01-06T20:41:37.173Z'
version: 16
signal_versions:
- count: 100
version: 15
- count: 87
version: 16
version: 15
- index: .siem-signals-default-000003
is_outdated: false
migrations: []
signal_versions:
- count: 54
version: 16
version: 16
schema: schema:
type: object type: object
properties: properties:
@ -11875,6 +12021,35 @@ paths:
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: '2025-01-17T08:00:00.000Z'
lte: '2025-01-18T07:59:59.999Z'
runtime_mappings: {}
size: 0
schema: schema:
description: Elasticsearch query and aggregation request description: Elasticsearch query and aggregation request
type: object type: object
@ -11912,6 +12087,31 @@ paths:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch search response description: Elasticsearch search response
@ -11947,6 +12147,43 @@ paths:
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
byId:
value:
signal_ids:
- 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema: schema:
oneOf: oneOf:
- $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds'
@ -11957,6 +12194,41 @@ paths:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
@ -11995,6 +12267,23 @@ paths:
requestBody: requestBody:
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
add:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema: schema:
type: object type: object
properties: properties:
@ -12011,6 +12300,24 @@ paths:
'200': '200':
content: content:
application/json; Elastic-Api-Version=2023-10-31: application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
bulk: 0,
search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 68,
total: 1,
updated: 1,
version_conflicts: 0,
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
@ -31463,22 +31770,28 @@ components:
type: object type: object
properties: properties:
add: add:
description: A list of users ids to assign.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array type: array
remove: remove:
description: A list of users ids to unassign.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array type: array
required: required:
- add - add
- remove - remove
Security_Detections_API_AlertIds: Security_Detections_API_AlertIds:
description: A list of alerts ids. description: A list of alerts `id`s.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
Security_Detections_API_AlertsIndex: Security_Detections_API_AlertsIndex:
@ -31523,12 +31836,15 @@ components:
type: object type: object
properties: properties:
requests_per_second: requests_per_second:
description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
minimum: 1 minimum: 1
type: integer type: integer
size: size:
description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
minimum: 1 minimum: 1
type: integer type: integer
slices: slices:
description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
minimum: 1 minimum: 1
type: integer type: integer
Security_Detections_API_AlertsSort: Security_Detections_API_AlertsSort:
@ -31543,6 +31859,7 @@ components:
- additionalProperties: true - additionalProperties: true
type: object type: object
Security_Detections_API_AlertStatus: Security_Detections_API_AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
enum: enum:
- open - open
- closed - closed
@ -31593,8 +31910,12 @@ components:
- suppress - suppress
type: string type: string
Security_Detections_API_AlertTag: Security_Detections_API_AlertTag:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Use alert tags to organize related alerts into categories that you can filter and group.
format: nonempty
minLength: 1
type: string
Security_Detections_API_AlertTags: Security_Detections_API_AlertTags:
description: List of keywords to organize related alerts into categories that you can filter and group.
items: items:
$ref: '#/components/schemas/Security_Detections_API_AlertTag' $ref: '#/components/schemas/Security_Detections_API_AlertTag'
type: array type: array
@ -35737,8 +36058,11 @@ components:
type: object type: object
properties: properties:
signal_ids: signal_ids:
description: List of alert `id`s.
items: items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
status: status:
@ -35764,6 +36088,7 @@ components:
- query - query
- status - status
Security_Detections_API_SetAlertTags: Security_Detections_API_SetAlertTags:
description: Object with list of tags to add and remove.
type: object type: object
properties: properties:
tags_to_add: tags_to_add:
@ -37538,9 +37863,11 @@ components:
- microsoft_defender_endpoint - microsoft_defender_endpoint
type: string type: string
Security_Endpoint_Management_API_AlertIds: Security_Endpoint_Management_API_AlertIds:
description: A list of alerts ids. description: A list of alerts `id`s.
items: items:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
Security_Endpoint_Management_API_CaseIds: Security_Endpoint_Management_API_CaseIds:
@ -37821,11 +38148,6 @@ components:
type: string type: string
required: required:
- hostStatuses - hostStatuses
Security_Endpoint_Management_API_NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Security_Endpoint_Management_API_Page: Security_Endpoint_Management_API_Page:
default: 1 default: 1
description: Page number description: Page number

15
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts
View file

@ -15,20 +15,14 @@
*/ */
import { z } from '@kbn/zod'; import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { AlertIds } from '../../model/alert.gen'; import { AlertIds } from '../../model/alert.gen';
import { NonEmptyString } from '../../model/primitives.gen';
export type AlertAssignees = z.infer<typeof AlertAssignees>; export type AlertAssignees = z.infer<typeof AlertAssignees>;
export const AlertAssignees = z.object({ export const AlertAssignees = z.object({
/** add: z.array(z.string().min(1).superRefine(isNonEmptyString)),
* A list of users ids to assign. remove: z.array(z.string().min(1).superRefine(isNonEmptyString)),
*/
add: z.array(NonEmptyString),
/**
* A list of users ids to unassign.
*/
remove: z.array(NonEmptyString),
}); });
export type SetAlertAssigneesRequestBody = z.infer<typeof SetAlertAssigneesRequestBody>; export type SetAlertAssigneesRequestBody = z.infer<typeof SetAlertAssigneesRequestBody>;
@ -37,9 +31,6 @@ export const SetAlertAssigneesRequestBody = z.object({
* Details about the assignees to assign and unassign. * Details about the assignees to assign and unassign.
*/ */
assignees: AlertAssignees, assignees: AlertAssignees,
/**
* List of alerts ids to assign and unassign passed assignees.
*/
ids: AlertIds, ids: AlertIds,
}); });
export type SetAlertAssigneesRequestBodyInput = z.input<typeof SetAlertAssigneesRequestBody>; export type SetAlertAssigneesRequestBodyInput = z.input<typeof SetAlertAssigneesRequestBody>;

46
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml
View file

@ -28,10 +28,42 @@ paths:
description: Details about the assignees to assign and unassign. description: Details about the assignees to assign and unassign.
ids: ids:
$ref: '../../model/alert.schema.yaml#/components/schemas/AlertIds' $ref: '../../model/alert.schema.yaml#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees. examples:
add:
value:
assignees:
add: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0']
remove: []
ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6']
remove:
value:
assignees:
add: []
remove: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0']
ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6']
responses: responses:
200: 200:
description: Indicates a successful call. description: Indicates a successful call.
content:
application/ndjson:
examples:
add:
value:
took: 76,
timed_out: false,
total: 1,
updated: 1,
deleted: 0,
batches: 1,
version_conflicts: 0,
noops: 0,
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
requests_per_second: -1,
throttled_until_millis: 0,
failures: []
400: 400:
description: Invalid request. description: Invalid request.
@ -46,10 +78,14 @@ components:
add: add:
type: array type: array
items: items:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' type: string
description: A list of users ids to assign. format: nonempty
minLength: 1
description: A list of users ids to assign.
remove: remove:
type: array type: array
items: items:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' type: string
description: A list of users ids to unassign. format: nonempty
minLength: 1
description: A list of users ids to unassign.

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts
View file

@ -18,6 +18,9 @@ import { z } from '@kbn/zod';
import { AlertIds, AlertTags } from '../../../model/alert.gen'; import { AlertIds, AlertTags } from '../../../model/alert.gen';
/**
* Object with list of tags to add and remove.
*/
export type SetAlertTags = z.infer<typeof SetAlertTags>; export type SetAlertTags = z.infer<typeof SetAlertTags>;
export const SetAlertTags = z.object({ export const SetAlertTags = z.object({
tags_to_add: AlertTags, tags_to_add: AlertTags,

32
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml
View file

@ -30,6 +30,19 @@ paths:
required: required:
- ids - ids
- tags - tags
examples:
add:
value:
tags:
tags_to_add: ['Duplicate']
tags_to_remove: []
ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e']
remove:
value:
tags:
tags_to_add: []
tags_to_remove: ['Duplicate']
ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e']
responses: responses:
200: 200:
description: Successful response description: Successful response
@ -39,6 +52,24 @@ paths:
type: object type: object
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
examples:
success:
value:
took: 68,
timed_out: false,
total: 1,
updated: 1,
deleted: 0,
batches: 1,
version_conflicts: 0,
noops: 0,
retries:
bulk: 0,
search: 0
throttled_millis: 0,
requests_per_second: -1,
throttled_until_millis: 0,
failures: []
400: 400:
description: Invalid input data response description: Invalid input data response
content: content:
@ -63,6 +94,7 @@ paths:
components: components:
schemas: schemas:
SetAlertTags: SetAlertTags:
description: Object with list of tags to add and remove.
type: object type: object
properties: properties:
tags_to_add: tags_to_add:

5
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml
View file

@ -25,6 +25,11 @@ paths:
type: boolean type: boolean
nullable: true nullable: true
required: [name, index_mapping_outdated] required: [name, index_mapping_outdated]
examples:
success:
value:
index_mapping_outdated: false
name: '.alerts-security.alerts-default'
401: 401:
description: Unsuccessful authentication response description: Unsuccessful authentication response
content: content:

36
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml
View file

@ -29,6 +29,42 @@ paths:
has_encryption_key: has_encryption_key:
type: boolean type: boolean
required: [is_authenticated, has_encryption_key] required: [is_authenticated, has_encryption_key]
examples:
success:
value:
username: elastic
has_all_requested: true
cluster:
all: true
monitor_ml: true
manage_transform: true
manage_index_templates: true
monitor_transform: true
manage_ml: true
monitor: true
manage_pipeline: true
manage_api_key: true
manage_security: true
manage_own_api_key: true
manage: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
application: {}
is_authenticated: true
has_encryption_key: true
401: 401:
description: Unsuccessful authentication response description: Unsuccessful authentication response
content: content:

54
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml
View file

@ -48,6 +48,35 @@ paths:
sort: sort:
$ref: '#/components/schemas/AlertsSort' $ref: '#/components/schemas/AlertsSort'
description: Elasticsearch query and aggregation request description: Elasticsearch query and aggregation request
examples:
query:
value:
size: 0
query:
bool:
filter:
- bool:
must: []
filter:
- match_phrase:
kibana.alert.workflow_status: open
should: []
must_not:
- exists:
field: kibana.alert.building_block_type
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
runtime_mappings: {}
responses: responses:
200: 200:
description: Successful response description: Successful response
@ -57,6 +86,31 @@ paths:
type: object type: object
additionalProperties: true additionalProperties: true
description: Elasticsearch search response description: Elasticsearch search response
examples:
success:
value:
took: 0
timed_out: false
_shards:
total: 1
successful: 1
skipped: 0
failed: 0
hits:
total:
value: 5
relation: eq
max_score: null
hits: []
aggregations:
alertsByGrouping:
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
buckets:
- key: Host-f43kkddfyc
doc_count: 5
missingFields:
doc_count: 0
400: 400:
description: Invalid input data response description: Invalid input data response
content: content:

7
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts
View file

@ -15,13 +15,16 @@
*/ */
import { z } from '@kbn/zod'; import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { NonEmptyString } from '../../../model/primitives.gen';
import { AlertStatus } from '../../../model/alert.gen'; import { AlertStatus } from '../../../model/alert.gen';
export type SetAlertsStatusByIds = z.infer<typeof SetAlertsStatusByIds>; export type SetAlertsStatusByIds = z.infer<typeof SetAlertsStatusByIds>;
export const SetAlertsStatusByIds = z.object({ export const SetAlertsStatusByIds = z.object({
signal_ids: z.array(NonEmptyString).min(1), /**
* List of alert `id`s.
*/
signal_ids: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1),
status: AlertStatus, status: AlertStatus,
}); });

76
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml
View file

@ -21,6 +21,42 @@ paths:
oneOf: oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds' - $ref: '#/components/schemas/SetAlertsStatusByIds'
- $ref: '#/components/schemas/SetAlertsStatusByQuery' - $ref: '#/components/schemas/SetAlertsStatusByQuery'
examples:
byId:
value:
status: closed
signal_ids: ['80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1']
byQuery:
value:
conflicts: proceed
status: closed
query:
bool:
must: []
filter:
- range:
'@timestamp':
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
format: strict_date_optional_time
- bool:
filter:
bool:
must: []
filter:
- match_phrase:
kibana.alert.workflow_status: open
- range:
'@timestamp':
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
format: strict_date_optional_time
should: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must_not: []
responses: responses:
200: 200:
description: Successful response description: Successful response
@ -30,6 +66,41 @@ paths:
type: object type: object
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
examples:
byId:
value:
took: 81
timed_out: false
total: 1
updated: 1
deleted: 0
batches: 1
version_conflicts: 0
noops: 0
retries:
bulk: 0
search: 0
throttled_millis: 0
requests_per_second: -1
throttled_until_millis: 0
failures: []
byQuery:
value:
took: 100
timed_out: false
total: 17
updated: 17
deleted: 0
batches: 1
version_conflicts: 0
noops: 0
retries:
bulk: 0
search: 0
throttled_millis: 0
requests_per_second: -1
throttled_until_millis: 0
failures: []
400: 400:
description: Invalid input data response description: Invalid input data response
content: content:
@ -58,8 +129,11 @@ components:
properties: properties:
signal_ids: signal_ids:
type: array type: array
description: List of alert `id`s.
items: items:
$ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' type: string
format: nonempty
minLength: 1
minItems: 1 minItems: 1
status: status:
$ref: '../../../model/alert.schema.yaml#/components/schemas/AlertStatus' $ref: '../../../model/alert.schema.yaml#/components/schemas/AlertStatus'

17
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts
View file

@ -15,13 +15,21 @@
*/ */
import { z } from '@kbn/zod'; import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { NonEmptyString } from '../../../model/primitives.gen';
export type AlertsReindexOptions = z.infer<typeof AlertsReindexOptions>; export type AlertsReindexOptions = z.infer<typeof AlertsReindexOptions>;
export const AlertsReindexOptions = z.object({ export const AlertsReindexOptions = z.object({
/**
* The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
*/
requests_per_second: z.number().int().min(1).optional(), requests_per_second: z.number().int().min(1).optional(),
/**
* Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
*/
size: z.number().int().min(1).optional(), size: z.number().int().min(1).optional(),
/**
* The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
*/
slices: z.number().int().min(1).optional(), slices: z.number().int().min(1).optional(),
}); });
@ -49,7 +57,10 @@ export const SkippedAlertsIndexMigration = z.object({
export type CreateAlertsMigrationRequestBody = z.infer<typeof CreateAlertsMigrationRequestBody>; export type CreateAlertsMigrationRequestBody = z.infer<typeof CreateAlertsMigrationRequestBody>;
export const CreateAlertsMigrationRequestBody = z export const CreateAlertsMigrationRequestBody = z
.object({ .object({
index: z.array(NonEmptyString).min(1), /**
* Array of index names to migrate.
*/
index: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1),
}) })
.merge(AlertsReindexOptions); .merge(AlertsReindexOptions);
export type CreateAlertsMigrationRequestBodyInput = z.input< export type CreateAlertsMigrationRequestBodyInput = z.input<

20
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml
View file

@ -25,13 +25,19 @@ paths:
- type: object - type: object
properties: properties:
index: index:
description: Array of index names to migrate.
type: array type: array
items: items:
$ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' type: string
format: nonempty
minLength: 1
minItems: 1 minItems: 1
required: [index] required: [index]
- $ref: '#/components/schemas/AlertsReindexOptions' - $ref: '#/components/schemas/AlertsReindexOptions'
examples:
singleIndex:
value:
index: [.siem-signals-default-000001]
responses: responses:
200: 200:
description: Successful response description: Successful response
@ -48,6 +54,13 @@ paths:
- $ref: '#/components/schemas/AlertsIndexMigrationError' - $ref: '#/components/schemas/AlertsIndexMigrationError'
- $ref: '#/components/schemas/SkippedAlertsIndexMigration' - $ref: '#/components/schemas/SkippedAlertsIndexMigration'
required: [indices] required: [indices]
examples:
success:
value:
indices:
- index: .siem-signals-default-000001,
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
400: 400:
description: Invalid input data response description: Invalid input data response
content: content:
@ -77,12 +90,15 @@ components:
requests_per_second: requests_per_second:
type: integer type: integer
minimum: 1 minimum: 1
description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
size: size:
type: integer type: integer
minimum: 1 minimum: 1
description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
slices: slices:
type: integer type: integer
minimum: 1 minimum: 1
description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
AlertsIndexMigrationSuccess: AlertsIndexMigrationSuccess:
type: object type: object

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts
View file

@ -34,6 +34,9 @@ export const MigrationCleanupResult = z.object({
export type AlertsMigrationCleanupRequestBody = z.infer<typeof AlertsMigrationCleanupRequestBody>; export type AlertsMigrationCleanupRequestBody = z.infer<typeof AlertsMigrationCleanupRequestBody>;
export const AlertsMigrationCleanupRequestBody = z.object({ export const AlertsMigrationCleanupRequestBody = z.object({
/**
* Array of `migration_id`s to cleanup.
*/
migration_ids: z.array(z.string()).min(1), migration_ids: z.array(z.string()).min(1),
}); });
export type AlertsMigrationCleanupRequestBodyInput = z.input< export type AlertsMigrationCleanupRequestBodyInput = z.input<

15
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml
View file

@ -14,7 +14,7 @@ paths:
Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of
the migration process. A successful migration will result in both the old and new indices being present. the migration process. A successful migration will result in both the old and new indices being present.
As such, the old, orphaned index can (and likely should) be deleted. As such, the old, orphaned index can (and likely should) be deleted.
While you can delete these indices manually, While you can delete these indices manually,
the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted
after 30 days. It also deletes other artifacts specific to the migration implementation. after 30 days. It also deletes other artifacts specific to the migration implementation.
@ -29,11 +29,14 @@ paths:
type: object type: object
properties: properties:
migration_ids: migration_ids:
description: Array of `migration_id`s to cleanup.
type: array type: array
items: items:
type: string type: string
minItems: 1 minItems: 1
required: [migration_ids] required: [migration_ids]
example:
migration_ids: [924f7c50-505f-11eb-ae0a-3fa2e626a51d]
responses: responses:
200: 200:
description: Successful response description: Successful response
@ -43,6 +46,16 @@ paths:
type: array type: array
items: items:
$ref: '#/components/schemas/MigrationCleanupResult' $ref: '#/components/schemas/MigrationCleanupResult'
examples:
success:
value:
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
destinationIndex: .siem-signals-default-000002-r000016
status: success
sourceIndex: .siem-signals-default-000002
version: 16
updated: 2021-01-06T22:05:56.859Z
400: 400:
description: Invalid input data response description: Invalid input data response
content: content:

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts
View file

@ -35,6 +35,9 @@ export const MigrationFinalizationResult = z.object({
export type FinalizeAlertsMigrationRequestBody = z.infer<typeof FinalizeAlertsMigrationRequestBody>; export type FinalizeAlertsMigrationRequestBody = z.infer<typeof FinalizeAlertsMigrationRequestBody>;
export const FinalizeAlertsMigrationRequestBody = z.object({ export const FinalizeAlertsMigrationRequestBody = z.object({
/**
* Array of `migration_id`s to finalize.
*/
migration_ids: z.array(z.string()).min(1), migration_ids: z.array(z.string()).min(1),
}); });
export type FinalizeAlertsMigrationRequestBodyInput = z.input< export type FinalizeAlertsMigrationRequestBodyInput = z.input<

14
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml
View file

@ -25,11 +25,14 @@ paths:
type: object type: object
properties: properties:
migration_ids: migration_ids:
description: Array of `migration_id`s to finalize.
type: array type: array
items: items:
type: string type: string
minItems: 1 minItems: 1
required: [migration_ids] required: [migration_ids]
example:
migration_ids: ['924f7c50-505f-11eb-ae0a-3fa2e626a51d']
responses: responses:
200: 200:
description: Successful response description: Successful response
@ -39,6 +42,17 @@ paths:
type: array type: array
items: items:
$ref: '#/components/schemas/MigrationFinalizationResult' $ref: '#/components/schemas/MigrationFinalizationResult'
examples:
success:
value:
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
completed: true
destinationIndex: '.siem-signals-default-000002-r000016'
status: success
sourceIndex: '.siem-signals-default-000002'
version: 16
updated: '2021-01-06T22:05:56.859Z'
400: 400:
description: Invalid input data response description: Invalid input data response
content: content:

27
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml
View file

@ -4,7 +4,7 @@ info:
version: '2023-10-31' version: '2023-10-31'
paths: paths:
/api/detection_engine/signals/migration_status: /api/detection_engine/signals/migration_status:
post: get:
x-labels: [ess] x-labels: [ess]
operationId: ReadAlertsMigrationStatus operationId: ReadAlertsMigrationStatus
x-codegen-enabled: true x-codegen-enabled: true
@ -24,6 +24,7 @@ paths:
Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes
before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
format: date-math format: date-math
example: now-30d
responses: responses:
200: 200:
description: Successful response description: Successful response
@ -37,6 +38,30 @@ paths:
items: items:
$ref: '#/components/schemas/IndexMigrationStatus' $ref: '#/components/schemas/IndexMigrationStatus'
required: [indices] required: [indices]
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
version: 15
signal_versions:
- version: 15
count: 100
- version: 16
count: 87
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
version: 16
updated: 2021-01-06T20:41:37.173Z
is_outdated: true
- index: .siem-signals-default-000003
version: 16
signal_versions:
- version: 16
count: 54
migrations: []
is_outdated: false
400: 400:
description: Invalid input data response description: Invalid input data response
content: content:

18
x-pack/solutions/security/plugins/security_solution/common/api/model/alert.gen.ts
View file

@ -15,21 +15,29 @@
*/ */
import { z } from '@kbn/zod'; import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { NonEmptyString } from './primitives.gen';
/** /**
* A list of alerts ids. * A list of alerts `id`s.
*/ */
export type AlertIds = z.infer<typeof AlertIds>; export type AlertIds = z.infer<typeof AlertIds>;
export const AlertIds = z.array(NonEmptyString).min(1); export const AlertIds = z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1);
/**
* Use alert tags to organize related alerts into categories that you can filter and group.
*/
export type AlertTag = z.infer<typeof AlertTag>; export type AlertTag = z.infer<typeof AlertTag>;
export const AlertTag = NonEmptyString; export const AlertTag = z.string().min(1).superRefine(isNonEmptyString);
/**
* List of keywords to organize related alerts into categories that you can filter and group.
*/
export type AlertTags = z.infer<typeof AlertTags>; export type AlertTags = z.infer<typeof AlertTags>;
export const AlertTags = z.array(AlertTag); export const AlertTags = z.array(AlertTag);
/**
* The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
*/
export type AlertStatus = z.infer<typeof AlertStatus>; export type AlertStatus = z.infer<typeof AlertStatus>;
export const AlertStatus = z.enum(['open', 'closed', 'acknowledged', 'in-progress']); export const AlertStatus = z.enum(['open', 'closed', 'acknowledged', 'in-progress']);
export type AlertStatusEnum = typeof AlertStatus.enum; export type AlertStatusEnum = typeof AlertStatus.enum;

13
x-pack/solutions/security/plugins/security_solution/common/api/model/alert.schema.yaml
View file

@ -9,19 +9,26 @@ components:
AlertIds: AlertIds:
type: array type: array
items: items:
$ref: './primitives.schema.yaml#/components/schemas/NonEmptyString' type: string
minLength: 1
format: nonempty
minItems: 1 minItems: 1
description: A list of alerts ids. description: A list of alerts `id`s.
AlertTag: AlertTag:
$ref: './primitives.schema.yaml#/components/schemas/NonEmptyString' type: string
format: nonempty
minLength: 1
description: Use alert tags to organize related alerts into categories that you can filter and group.
AlertTags: AlertTags:
type: array type: array
description: List of keywords to organize related alerts into categories that you can filter and group.
items: items:
$ref: '#/components/schemas/AlertTag' $ref: '#/components/schemas/AlertTag'
AlertStatus: AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
type: string type: string
enum: enum:
- open - open

2
x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
View file

@ -1962,7 +1962,7 @@ finalize it.
headers: { headers: {
[ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
}, },
method: 'POST', method: 'GET',
query: props.query, query: props.query,
}) })

364
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
View file

@ -65,6 +65,11 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
index_mapping_outdated: false
name: .alerts-security.alerts-default
schema: schema:
type: object type: object
properties: properties:
@ -163,6 +168,42 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema: schema:
type: object type: object
properties: properties:
@ -1001,6 +1042,25 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema: schema:
type: object type: object
properties: properties:
@ -1009,13 +1069,32 @@ paths:
description: Details about the assignees to assign and unassign. description: Details about the assignees to assign and unassign.
ids: ids:
$ref: '#/components/schemas/AlertIds' $ref: '#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required: required:
- assignees - assignees
- ids - ids
required: true required: true
responses: responses:
'200': '200':
content:
application/ndjson:
examples:
add:
value:
batches: '1,'
deleted: '0,'
failures: []
noops: '0,'
requests_per_second: '-1,'
retries:
- bulk: '0,'
- search: 0
throttled_millis: '0,'
throttled_until_millis: '0,'
timed_out: 'false,'
took: '76,'
total: '1,'
updated: '1,'
version_conflicts: '0,'
description: Indicates a successful call. description: Indicates a successful call.
'400': '400':
description: Invalid request. description: Invalid request.
@ -1038,9 +1117,13 @@ paths:
content: content:
application/json: application/json:
schema: schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object type: object
properties: properties:
migration_ids: migration_ids:
description: Array of `migration_id`s to finalize.
items: items:
type: string type: string
minItems: 1 minItems: 1
@ -1053,6 +1136,17 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
migrations:
- completed: true
destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema: schema:
items: items:
$ref: '#/components/schemas/MigrationFinalizationResult' $ref: '#/components/schemas/MigrationFinalizationResult'
@ -1107,9 +1201,13 @@ paths:
content: content:
application/json: application/json:
schema: schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object type: object
properties: properties:
migration_ids: migration_ids:
description: Array of `migration_id`s to cleanup.
items: items:
type: string type: string
minItems: 1 minItems: 1
@ -1122,6 +1220,16 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
migrations:
- destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: 2021-01-06T22:05:56.859Z
version: 16
schema: schema:
items: items:
$ref: '#/components/schemas/MigrationCleanupResult' $ref: '#/components/schemas/MigrationCleanupResult'
@ -1164,13 +1272,21 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
singleIndex:
value:
index:
- .siem-signals-default-000001
schema: schema:
allOf: allOf:
- type: object - type: object
properties: properties:
index: index:
description: Array of index names to migrate.
items: items:
$ref: '#/components/schemas/NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
required: required:
@ -1182,6 +1298,13 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
indices:
- index: '.siem-signals-default-000001,'
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
schema: schema:
type: object type: object
properties: properties:
@ -1220,7 +1343,7 @@ paths:
- Security Detections API - Security Detections API
- Alerts migration API - Alerts migration API
/api/detection_engine/signals/migration_status: /api/detection_engine/signals/migration_status:
post: get:
deprecated: true deprecated: true
description: >- description: >-
Retrieve indices that contain detection alerts of a particular age, Retrieve indices that contain detection alerts of a particular age,
@ -1238,12 +1361,37 @@ paths:
before its start time. Defaults to now-6m (analyzes data from 6 before its start time. Defaults to now-6m (analyzes data from 6
minutes before the start time). minutes before the start time).
example: now-30d
format: date-math format: date-math
type: string type: string
responses: responses:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
is_outdated: true
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
updated: 2021-01-06T20:41:37.173Z
version: 16
signal_versions:
- count: 100
version: 15
- count: 87
version: 16
version: 15
- index: .siem-signals-default-000003
is_outdated: false
migrations: []
signal_versions:
- count: 54
version: 16
version: 16
schema: schema:
type: object type: object
properties: properties:
@ -1285,6 +1433,35 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
runtime_mappings: {}
size: 0
schema: schema:
description: Elasticsearch query and aggregation request description: Elasticsearch query and aggregation request
type: object type: object
@ -1322,6 +1499,31 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch search response description: Elasticsearch search response
@ -1358,6 +1560,44 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
byId:
value:
signal_ids:
- >-
80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema: schema:
oneOf: oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds' - $ref: '#/components/schemas/SetAlertsStatusByIds'
@ -1370,6 +1610,41 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
@ -1409,6 +1684,25 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
add:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema: schema:
type: object type: object
properties: properties:
@ -1427,6 +1721,24 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
batches: '1,'
deleted: '0,'
failures: []
noops: '0,'
requests_per_second: '-1,'
retries:
bulk: '0,'
search: 0
throttled_millis: '0,'
throttled_until_millis: '0,'
timed_out: 'false,'
took: '68,'
total: '1,'
updated: '1,'
version_conflicts: '0,'
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
@ -1477,22 +1789,28 @@ components:
type: object type: object
properties: properties:
add: add:
description: A list of users ids to assign.
items: items:
$ref: '#/components/schemas/NonEmptyString' description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array type: array
remove: remove:
description: A list of users ids to unassign.
items: items:
$ref: '#/components/schemas/NonEmptyString' description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array type: array
required: required:
- add - add
- remove - remove
AlertIds: AlertIds:
description: A list of alerts ids. description: A list of alerts `id`s.
items: items:
$ref: '#/components/schemas/NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
AlertsIndex: AlertsIndex:
@ -1537,12 +1855,21 @@ components:
type: object type: object
properties: properties:
requests_per_second: requests_per_second:
description: >-
The throttle for the migration task in sub-requests per second.
Corresponds to requests_per_second on the Reindex API.
minimum: 1 minimum: 1
type: integer type: integer
size: size:
description: >-
Number of alerts to migrate per batch. Corresponds to the
source.size option on the Reindex API.
minimum: 1 minimum: 1
type: integer type: integer
slices: slices:
description: >-
The number of subtasks for the migration task. Corresponds to slices
on the Reindex API.
minimum: 1 minimum: 1
type: integer type: integer
AlertsSort: AlertsSort:
@ -1557,6 +1884,9 @@ components:
- additionalProperties: true - additionalProperties: true
type: object type: object
AlertStatus: AlertStatus:
description: >-
The status of an alert, which can be `open`, `acknowledged`,
`in-progress`, or `closed`.
enum: enum:
- open - open
- closed - closed
@ -1610,8 +1940,16 @@ components:
- suppress - suppress
type: string type: string
AlertTag: AlertTag:
$ref: '#/components/schemas/NonEmptyString' description: >-
Use alert tags to organize related alerts into categories that you can
filter and group.
format: nonempty
minLength: 1
type: string
AlertTags: AlertTags:
description: >-
List of keywords to organize related alerts into categories that you can
filter and group.
items: items:
$ref: '#/components/schemas/AlertTag' $ref: '#/components/schemas/AlertTag'
type: array type: array
@ -5872,8 +6210,11 @@ components:
type: object type: object
properties: properties:
signal_ids: signal_ids:
description: List of alert `id`s.
items: items:
$ref: '#/components/schemas/NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
status: status:
@ -5899,6 +6240,7 @@ components:
- query - query
- status - status
SetAlertTags: SetAlertTags:
description: Object with list of tags to add and remove.
type: object type: object
properties: properties:
tags_to_add: tags_to_add:

11
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
View file

@ -722,9 +722,11 @@ components:
- microsoft_defender_endpoint - microsoft_defender_endpoint
type: string type: string
AlertIds: AlertIds:
description: A list of alerts ids. description: A list of alerts `id`s.
items: items:
$ref: '#/components/schemas/NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
CaseIds: CaseIds:
@ -1005,11 +1007,6 @@ components:
type: string type: string
required: required:
- hostStatuses - hostStatuses
NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Page: Page:
default: 1 default: 1
description: Page number description: Page number

277
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
View file

@ -32,6 +32,42 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema: schema:
type: object type: object
properties: properties:
@ -586,6 +622,25 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema: schema:
type: object type: object
properties: properties:
@ -594,13 +649,32 @@ paths:
description: Details about the assignees to assign and unassign. description: Details about the assignees to assign and unassign.
ids: ids:
$ref: '#/components/schemas/AlertIds' $ref: '#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required: required:
- assignees - assignees
- ids - ids
required: true required: true
responses: responses:
'200': '200':
content:
application/ndjson:
examples:
add:
value:
batches: '1,'
deleted: '0,'
failures: []
noops: '0,'
requests_per_second: '-1,'
retries:
- bulk: '0,'
- search: 0
throttled_millis: '0,'
throttled_until_millis: '0,'
timed_out: 'false,'
took: '76,'
total: '1,'
updated: '1,'
version_conflicts: '0,'
description: Indicates a successful call. description: Indicates a successful call.
'400': '400':
description: Invalid request. description: Invalid request.
@ -614,6 +688,35 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
runtime_mappings: {}
size: 0
schema: schema:
description: Elasticsearch query and aggregation request description: Elasticsearch query and aggregation request
type: object type: object
@ -651,6 +754,31 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch search response description: Elasticsearch search response
@ -687,6 +815,44 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
byId:
value:
signal_ids:
- >-
80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema: schema:
oneOf: oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds' - $ref: '#/components/schemas/SetAlertsStatusByIds'
@ -699,6 +865,41 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
@ -738,6 +939,25 @@ paths:
requestBody: requestBody:
content: content:
application/json: application/json:
examples:
add:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema: schema:
type: object type: object
properties: properties:
@ -756,6 +976,24 @@ paths:
'200': '200':
content: content:
application/json: application/json:
examples:
success:
value:
batches: '1,'
deleted: '0,'
failures: []
noops: '0,'
requests_per_second: '-1,'
retries:
bulk: '0,'
search: 0
throttled_millis: '0,'
throttled_until_millis: '0,'
timed_out: 'false,'
took: '68,'
total: '1,'
updated: '1,'
version_conflicts: '0,'
schema: schema:
additionalProperties: true additionalProperties: true
description: Elasticsearch update by query response description: Elasticsearch update by query response
@ -806,22 +1044,28 @@ components:
type: object type: object
properties: properties:
add: add:
description: A list of users ids to assign.
items: items:
$ref: '#/components/schemas/NonEmptyString' description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array type: array
remove: remove:
description: A list of users ids to unassign.
items: items:
$ref: '#/components/schemas/NonEmptyString' description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array type: array
required: required:
- add - add
- remove - remove
AlertIds: AlertIds:
description: A list of alerts ids. description: A list of alerts `id`s.
items: items:
$ref: '#/components/schemas/NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
AlertsIndex: AlertsIndex:
@ -843,6 +1087,9 @@ components:
- additionalProperties: true - additionalProperties: true
type: object type: object
AlertStatus: AlertStatus:
description: >-
The status of an alert, which can be `open`, `acknowledged`,
`in-progress`, or `closed`.
enum: enum:
- open - open
- closed - closed
@ -896,8 +1143,16 @@ components:
- suppress - suppress
type: string type: string
AlertTag: AlertTag:
$ref: '#/components/schemas/NonEmptyString' description: >-
Use alert tags to organize related alerts into categories that you can
filter and group.
format: nonempty
minLength: 1
type: string
AlertTags: AlertTags:
description: >-
List of keywords to organize related alerts into categories that you can
filter and group.
items: items:
$ref: '#/components/schemas/AlertTag' $ref: '#/components/schemas/AlertTag'
type: array type: array
@ -5021,8 +5276,11 @@ components:
type: object type: object
properties: properties:
signal_ids: signal_ids:
description: List of alert `id`s.
items: items:
$ref: '#/components/schemas/NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
status: status:
@ -5048,6 +5306,7 @@ components:
- query - query
- status - status
SetAlertTags: SetAlertTags:
description: Object with list of tags to add and remove.
type: object type: object
properties: properties:
tags_to_add: tags_to_add:

11
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
View file

@ -622,9 +622,11 @@ components:
- microsoft_defender_endpoint - microsoft_defender_endpoint
type: string type: string
AlertIds: AlertIds:
description: A list of alerts ids. description: A list of alerts `id`s.
items: items:
$ref: '#/components/schemas/NonEmptyString' format: nonempty
minLength: 1
type: string
minItems: 1 minItems: 1
type: array type: array
CaseIds: CaseIds:
@ -905,11 +907,6 @@ components:
type: string type: string
required: required:
- hostStatuses - hostStatuses
NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Page: Page:
default: 1 default: 1
description: Page number description: Page number

2
x-pack/test/api_integration/services/security_solution_api.gen.ts
View file

@ -1352,7 +1352,7 @@ finalize it.
kibanaSpace: string = 'default' kibanaSpace: string = 'default'
) { ) {
return supertest return supertest
.post(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace)) .get(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace))
.set('kbn-xsrf', 'true') .set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')