github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 02:09:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.18] [Detection Engine][Docs] Updating examples to meet old ascii docs (#207558) (#209942)

Browse source 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Detection Engine][Docs] Updating examples to meet old ascii docs
(#207558)](https://github.com/elastic/kibana/pull/207558)

<!--- Backport version: 9.6.4 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Yara
Tercero","email":"yctercero@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-05T07:02:48Z","message":"[Detection
Engine][Docs] Updating examples to meet old ascii docs (#207558)\n\n#
Summary\r\n\r\nAs part of the effort to add missing content for Security
APIs, this PR\r\nintroduces a few missing request, response, and
parameter examples for\r\nDetection Engine Alert and migration
APIs.","sha":"d4199dcac1f0bff5f3511e79a860c77534b35c74","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detection
Engine","v8.16.0","backport:version","v8.17.0","v8.18.0","v9.1.0"],"title":"[Detection
Engine][Docs] Updating examples to meet old ascii
docs","number":207558,"url":"https://github.com/elastic/kibana/pull/207558","mergeCommit":{"message":"[Detection
Engine][Docs] Updating examples to meet old ascii docs (#207558)\n\n#
Summary\r\n\r\nAs part of the effort to add missing content for Security
APIs, this PR\r\nintroduces a few missing request, response, and
parameter examples for\r\nDetection Engine Alert and migration
APIs.","sha":"d4199dcac1f0bff5f3511e79a860c77534b35c74"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.16","8.17","8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207558","number":207558,"mergeCommit":{"message":"[Detection
Engine][Docs] Updating examples to meet old ascii docs (#207558)\n\n#
Summary\r\n\r\nAs part of the effort to add missing content for Security
APIs, this PR\r\nintroduces a few missing request, response, and
parameter examples for\r\nDetection Engine Alert and migration
APIs.","sha":"d4199dcac1f0bff5f3511e79a860c77534b35c74"}}]}] BACKPORT-->
This commit is contained in:
Yara Tercero 2025-02-06 15:38:56 -08:00 committed by GitHub
parent 5f58a5b423
commit 4ffa5a54c0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 1609 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

293
oas_docs/output/kibana.serverless.yaml
View file

@ -5824,7 +5824,43 @@ paths:
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema:
type: object
properties:
@ -6495,7 +6531,24 @@ paths:
operationId: SetAlertAssignees
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema:
type: object
properties:
@ -6504,13 +6557,32 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '#/components/schemas/Security_Detections_API_AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required:
- assignees
- ids
required: true
responses:
'200':
content:
application/ndjson:
examples:
add:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 76,
total: 1,
updated: 1,
version_conflicts: 0,
description: Indicates a successful call.
'400':
description: Invalid request.
@ -6524,7 +6596,36 @@ paths:
operationId: SearchAlerts
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: '2025-01-17T08:00:00.000Z'
lte: '2025-01-18T07:59:59.999Z'
runtime_mappings: {}
size: 0
schema:
description: Elasticsearch query and aggregation request
type: object
@ -6561,7 +6662,32 @@ paths:
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema:
additionalProperties: true
description: Elasticsearch search response
@ -6597,7 +6723,44 @@ paths:
operationId: SetAlertsStatus
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
application/json:
examples:
byId:
value:
signal_ids:
- 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema:
oneOf:
- $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds'
@ -6607,7 +6770,42 @@ paths:
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -6646,7 +6844,24 @@ paths:
operationId: SetAlertTags
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
application/json:
examples:
add:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema:
type: object
properties:
@ -6662,7 +6877,25 @@ paths:
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
application/json:
examples:
success:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
bulk: 0,
search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 68,
total: 1,
updated: 1,
version_conflicts: 0,
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -43276,22 +43509,28 @@ components:
type: object
properties:
add:
description: A list of users ids to assign.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array
remove:
description: A list of users ids to unassign.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array
required:
- add
- remove
Security_Detections_API_AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
Security_Detections_API_AlertsIndex:
@ -43313,6 +43552,7 @@ components:
- additionalProperties: true
type: object
Security_Detections_API_AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
enum:
- open
- closed
@ -43363,8 +43603,12 @@ components:
- suppress
type: string
Security_Detections_API_AlertTag:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: Use alert tags to organize related alerts into categories that you can filter and group.
format: nonempty
minLength: 1
type: string
Security_Detections_API_AlertTags:
description: List of keywords to organize related alerts into categories that you can filter and group.
items:
$ref: '#/components/schemas/Security_Detections_API_AlertTag'
type: array
@ -47370,8 +47614,11 @@ components:
type: object
properties:
signal_ids:
description: List of alert `id`s.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
status:
@ -47397,6 +47644,7 @@ components:
- query
- status
Security_Detections_API_SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:
@ -49153,9 +49401,11 @@ components:
- microsoft_defender_endpoint
type: string
Security_Endpoint_Management_API_AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
Security_Endpoint_Management_API_CaseIds:
@ -49436,11 +49686,6 @@ components:
type: string
required:
- hostStatuses
Security_Endpoint_Management_API_NonEmptyString:
description: A string that is not empty and does not contain only whitespace
minLength: 1
pattern: ^(?! *$).+$
type: string
Security_Endpoint_Management_API_Page:
default: 1
description: Page number

358
oas_docs/output/kibana.yaml
View file

@ -10606,6 +10606,11 @@ paths:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
index_mapping_outdated: false
name: .alerts-security.alerts-default
schema:
type: object
properties:
@ -10698,6 +10703,42 @@ paths:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema:
type: object
properties:
@ -11617,6 +11658,23 @@ paths:
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema:
type: object
properties:
@ -11625,13 +11683,32 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '#/components/schemas/Security_Detections_API_AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required:
- assignees
- ids
required: true
responses:
'200':
content:
application/ndjson; Elastic-Api-Version=2023-10-31:
examples:
add:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 76,
total: 1,
updated: 1,
version_conflicts: 0,
description: Indicates a successful call.
'400':
description: Invalid request.
@ -11650,9 +11727,13 @@ paths:
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object
properties:
migration_ids:
description: Array of `migration_id`s to finalize.
items:
type: string
minItems: 1
@ -11665,6 +11746,17 @@ paths:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
migrations:
- completed: true
destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema:
items:
$ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult'
@ -11709,9 +11801,13 @@ paths:
content:
application/json; Elastic-Api-Version=2023-10-31:
schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object
properties:
migration_ids:
description: Array of `migration_id`s to cleanup.
items:
type: string
minItems: 1
@ -11724,6 +11820,16 @@ paths:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
migrations:
- destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema:
items:
$ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult'
@ -11761,13 +11867,21 @@ paths:
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
singleIndex:
value:
index:
- .siem-signals-default-000001
schema:
allOf:
- type: object
properties:
index:
description: Array of index names to migrate.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
required:
@ -11779,6 +11893,13 @@ paths:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
indices:
- index: .siem-signals-default-000001,
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
schema:
type: object
properties:
@ -11816,7 +11937,7 @@ paths:
tags:
- Security Detections API
/api/detection_engine/signals/migration_status:
post:
get:
deprecated: true
description: Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices.
operationId: ReadAlertsMigrationStatus
@ -11829,12 +11950,37 @@ paths:
description: |
Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes
before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
example: now-30d
format: date-math
type: string
responses:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
is_outdated: true
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
updated: '2021-01-06T20:41:37.173Z'
version: 16
signal_versions:
- count: 100
version: 15
- count: 87
version: 16
version: 15
- index: .siem-signals-default-000003
is_outdated: false
migrations: []
signal_versions:
- count: 54
version: 16
version: 16
schema:
type: object
properties:
@ -11875,6 +12021,35 @@ paths:
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: '2025-01-17T08:00:00.000Z'
lte: '2025-01-18T07:59:59.999Z'
runtime_mappings: {}
size: 0
schema:
description: Elasticsearch query and aggregation request
type: object
@ -11912,6 +12087,31 @@ paths:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema:
additionalProperties: true
description: Elasticsearch search response
@ -11947,6 +12147,43 @@ paths:
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
byId:
value:
signal_ids:
- 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema:
oneOf:
- $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds'
@ -11957,6 +12194,41 @@ paths:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -11995,6 +12267,23 @@ paths:
requestBody:
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
add:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema:
type: object
properties:
@ -12011,6 +12300,24 @@ paths:
'200':
content:
application/json; Elastic-Api-Version=2023-10-31:
examples:
success:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
bulk: 0,
search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 68,
total: 1,
updated: 1,
version_conflicts: 0,
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -31463,22 +31770,28 @@ components:
type: object
properties:
add:
description: A list of users ids to assign.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array
remove:
description: A list of users ids to unassign.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array
required:
- add
- remove
Security_Detections_API_AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
Security_Detections_API_AlertsIndex:
@ -31523,12 +31836,15 @@ components:
type: object
properties:
requests_per_second:
description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
minimum: 1
type: integer
size:
description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
minimum: 1
type: integer
slices:
description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
minimum: 1
type: integer
Security_Detections_API_AlertsSort:
@ -31543,6 +31859,7 @@ components:
- additionalProperties: true
type: object
Security_Detections_API_AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
enum:
- open
- closed
@ -31593,8 +31910,12 @@ components:
- suppress
type: string
Security_Detections_API_AlertTag:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: Use alert tags to organize related alerts into categories that you can filter and group.
format: nonempty
minLength: 1
type: string
Security_Detections_API_AlertTags:
description: List of keywords to organize related alerts into categories that you can filter and group.
items:
$ref: '#/components/schemas/Security_Detections_API_AlertTag'
type: array
@ -35737,8 +36058,11 @@ components:
type: object
properties:
signal_ids:
description: List of alert `id`s.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
status:
@ -35764,6 +36088,7 @@ components:
- query
- status
Security_Detections_API_SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:
@ -37538,9 +37863,11 @@ components:
- microsoft_defender_endpoint
type: string
Security_Endpoint_Management_API_AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
Security_Endpoint_Management_API_CaseIds:
@ -37821,11 +38148,6 @@ components:
type: string
required:
- hostStatuses
Security_Endpoint_Management_API_NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Security_Endpoint_Management_API_Page:
default: 1
description: Page number

15
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts
View file

@ -15,20 +15,14 @@
*/
import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { AlertIds } from '../../model/alert.gen';
import { NonEmptyString } from '../../model/primitives.gen';
export type AlertAssignees = z.infer<typeof AlertAssignees>;
export const AlertAssignees = z.object({
/**
* A list of users ids to assign.
*/
add: z.array(NonEmptyString),
/**
* A list of users ids to unassign.
*/
remove: z.array(NonEmptyString),
add: z.array(z.string().min(1).superRefine(isNonEmptyString)),
remove: z.array(z.string().min(1).superRefine(isNonEmptyString)),
});
export type SetAlertAssigneesRequestBody = z.infer<typeof SetAlertAssigneesRequestBody>;
@ -37,9 +31,6 @@ export const SetAlertAssigneesRequestBody = z.object({
* Details about the assignees to assign and unassign.
*/
assignees: AlertAssignees,
/**
* List of alerts ids to assign and unassign passed assignees.
*/
ids: AlertIds,
});
export type SetAlertAssigneesRequestBodyInput = z.input<typeof SetAlertAssigneesRequestBody>;

42
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml
View file

@ -28,10 +28,42 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '../../model/alert.schema.yaml#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
examples:
add:
value:
assignees:
add: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0']
remove: []
ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6']
remove:
value:
assignees:
add: []
remove: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0']
ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6']
responses:
200:
description: Indicates a successful call.
content:
application/ndjson:
examples:
add:
value:
took: 76,
timed_out: false,
total: 1,
updated: 1,
deleted: 0,
batches: 1,
version_conflicts: 0,
noops: 0,
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
requests_per_second: -1,
throttled_until_millis: 0,
failures: []
400:
description: Invalid request.
@ -46,10 +78,14 @@ components:
add:
type: array
items:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
format: nonempty
minLength: 1
description: A list of users ids to assign.
remove:
type: array
items:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
format: nonempty
minLength: 1
description: A list of users ids to unassign.

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts
View file

@ -18,6 +18,9 @@ import { z } from '@kbn/zod';
import { AlertIds, AlertTags } from '../../../model/alert.gen';
/**
* Object with list of tags to add and remove.
*/
export type SetAlertTags = z.infer<typeof SetAlertTags>;
export const SetAlertTags = z.object({
tags_to_add: AlertTags,

32
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml
View file

@ -30,6 +30,19 @@ paths:
required:
- ids
- tags
examples:
add:
value:
tags:
tags_to_add: ['Duplicate']
tags_to_remove: []
ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e']
remove:
value:
tags:
tags_to_add: []
tags_to_remove: ['Duplicate']
ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e']
responses:
200:
description: Successful response
@ -39,6 +52,24 @@ paths:
type: object
additionalProperties: true
description: Elasticsearch update by query response
examples:
success:
value:
took: 68,
timed_out: false,
total: 1,
updated: 1,
deleted: 0,
batches: 1,
version_conflicts: 0,
noops: 0,
retries:
bulk: 0,
search: 0
throttled_millis: 0,
requests_per_second: -1,
throttled_until_millis: 0,
failures: []
400:
description: Invalid input data response
content:
@ -63,6 +94,7 @@ paths:
components:
schemas:
SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:

5
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml
View file

@ -25,6 +25,11 @@ paths:
type: boolean
nullable: true
required: [name, index_mapping_outdated]
examples:
success:
value:
index_mapping_outdated: false
name: '.alerts-security.alerts-default'
401:
description: Unsuccessful authentication response
content:

36
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml
View file

@ -29,6 +29,42 @@ paths:
has_encryption_key:
type: boolean
required: [is_authenticated, has_encryption_key]
examples:
success:
value:
username: elastic
has_all_requested: true
cluster:
all: true
monitor_ml: true
manage_transform: true
manage_index_templates: true
monitor_transform: true
manage_ml: true
monitor: true
manage_pipeline: true
manage_api_key: true
manage_security: true
manage_own_api_key: true
manage: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
application: {}
is_authenticated: true
has_encryption_key: true
401:
description: Unsuccessful authentication response
content:

54
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml
View file

@ -48,6 +48,35 @@ paths:
sort:
$ref: '#/components/schemas/AlertsSort'
description: Elasticsearch query and aggregation request
examples:
query:
value:
size: 0
query:
bool:
filter:
- bool:
must: []
filter:
- match_phrase:
kibana.alert.workflow_status: open
should: []
must_not:
- exists:
field: kibana.alert.building_block_type
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
runtime_mappings: {}
responses:
200:
description: Successful response
@ -57,6 +86,31 @@ paths:
type: object
additionalProperties: true
description: Elasticsearch search response
examples:
success:
value:
took: 0
timed_out: false
_shards:
total: 1
successful: 1
skipped: 0
failed: 0
hits:
total:
value: 5
relation: eq
max_score: null
hits: []
aggregations:
alertsByGrouping:
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
buckets:
- key: Host-f43kkddfyc
doc_count: 5
missingFields:
doc_count: 0
400:
description: Invalid input data response
content:

7
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts
View file

@ -15,13 +15,16 @@
*/
import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { NonEmptyString } from '../../../model/primitives.gen';
import { AlertStatus } from '../../../model/alert.gen';
export type SetAlertsStatusByIds = z.infer<typeof SetAlertsStatusByIds>;
export const SetAlertsStatusByIds = z.object({
signal_ids: z.array(NonEmptyString).min(1),
/**
* List of alert `id`s.
*/
signal_ids: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1),
status: AlertStatus,
});

76
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml
View file

@ -21,6 +21,42 @@ paths:
oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds'
- $ref: '#/components/schemas/SetAlertsStatusByQuery'
examples:
byId:
value:
status: closed
signal_ids: ['80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1']
byQuery:
value:
conflicts: proceed
status: closed
query:
bool:
must: []
filter:
- range:
'@timestamp':
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
format: strict_date_optional_time
- bool:
filter:
bool:
must: []
filter:
- match_phrase:
kibana.alert.workflow_status: open
- range:
'@timestamp':
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
format: strict_date_optional_time
should: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must_not: []
responses:
200:
description: Successful response
@ -30,6 +66,41 @@ paths:
type: object
additionalProperties: true
description: Elasticsearch update by query response
examples:
byId:
value:
took: 81
timed_out: false
total: 1
updated: 1
deleted: 0
batches: 1
version_conflicts: 0
noops: 0
retries:
bulk: 0
search: 0
throttled_millis: 0
requests_per_second: -1
throttled_until_millis: 0
failures: []
byQuery:
value:
took: 100
timed_out: false
total: 17
updated: 17
deleted: 0
batches: 1
version_conflicts: 0
noops: 0
retries:
bulk: 0
search: 0
throttled_millis: 0
requests_per_second: -1
throttled_until_millis: 0
failures: []
400:
description: Invalid input data response
content:
@ -58,8 +129,11 @@ components:
properties:
signal_ids:
type: array
description: List of alert `id`s.
items:
$ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
format: nonempty
minLength: 1
minItems: 1
status:
$ref: '../../../model/alert.schema.yaml#/components/schemas/AlertStatus'

17
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts
View file

@ -15,13 +15,21 @@
*/
import { z } from '@kbn/zod';
import { NonEmptyString } from '../../../model/primitives.gen';
import { isNonEmptyString } from '@kbn/zod-helpers';
export type AlertsReindexOptions = z.infer<typeof AlertsReindexOptions>;
export const AlertsReindexOptions = z.object({
/**
* The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
*/
requests_per_second: z.number().int().min(1).optional(),
/**
* Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
*/
size: z.number().int().min(1).optional(),
/**
* The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
*/
slices: z.number().int().min(1).optional(),
});
@ -49,7 +57,10 @@ export const SkippedAlertsIndexMigration = z.object({
export type CreateAlertsMigrationRequestBody = z.infer<typeof CreateAlertsMigrationRequestBody>;
export const CreateAlertsMigrationRequestBody = z
.object({
index: z.array(NonEmptyString).min(1),
/**
* Array of index names to migrate.
*/
index: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1),
})
.merge(AlertsReindexOptions);
export type CreateAlertsMigrationRequestBodyInput = z.input<

20
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml
View file

@ -25,13 +25,19 @@ paths:
- type: object
properties:
index:
description: Array of index names to migrate.
type: array
items:
$ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
format: nonempty
minLength: 1
minItems: 1
required: [index]
- $ref: '#/components/schemas/AlertsReindexOptions'
examples:
singleIndex:
value:
index: [.siem-signals-default-000001]
responses:
200:
description: Successful response
@ -48,6 +54,13 @@ paths:
- $ref: '#/components/schemas/AlertsIndexMigrationError'
- $ref: '#/components/schemas/SkippedAlertsIndexMigration'
required: [indices]
examples:
success:
value:
indices:
- index: .siem-signals-default-000001,
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
400:
description: Invalid input data response
content:
@ -77,12 +90,15 @@ components:
requests_per_second:
type: integer
minimum: 1
description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
size:
type: integer
minimum: 1
description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
slices:
type: integer
minimum: 1
description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
AlertsIndexMigrationSuccess:
type: object

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts
View file

@ -34,6 +34,9 @@ export const MigrationCleanupResult = z.object({
export type AlertsMigrationCleanupRequestBody = z.infer<typeof AlertsMigrationCleanupRequestBody>;
export const AlertsMigrationCleanupRequestBody = z.object({
/**
* Array of `migration_id`s to cleanup.
*/
migration_ids: z.array(z.string()).min(1),
});
export type AlertsMigrationCleanupRequestBodyInput = z.input<

13
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml
View file

@ -29,11 +29,14 @@ paths:
type: object
properties:
migration_ids:
description: Array of `migration_id`s to cleanup.
type: array
items:
type: string
minItems: 1
required: [migration_ids]
example:
migration_ids: [924f7c50-505f-11eb-ae0a-3fa2e626a51d]
responses:
200:
description: Successful response
@ -43,6 +46,16 @@ paths:
type: array
items:
$ref: '#/components/schemas/MigrationCleanupResult'
examples:
success:
value:
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
destinationIndex: .siem-signals-default-000002-r000016
status: success
sourceIndex: .siem-signals-default-000002
version: 16
updated: 2021-01-06T22:05:56.859Z
400:
description: Invalid input data response
content:

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts
View file

@ -35,6 +35,9 @@ export const MigrationFinalizationResult = z.object({
export type FinalizeAlertsMigrationRequestBody = z.infer<typeof FinalizeAlertsMigrationRequestBody>;
export const FinalizeAlertsMigrationRequestBody = z.object({
/**
* Array of `migration_id`s to finalize.
*/
migration_ids: z.array(z.string()).min(1),
});
export type FinalizeAlertsMigrationRequestBodyInput = z.input<

14
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml
View file

@ -25,11 +25,14 @@ paths:
type: object
properties:
migration_ids:
description: Array of `migration_id`s to finalize.
type: array
items:
type: string
minItems: 1
required: [migration_ids]
example:
migration_ids: ['924f7c50-505f-11eb-ae0a-3fa2e626a51d']
responses:
200:
description: Successful response
@ -39,6 +42,17 @@ paths:
type: array
items:
$ref: '#/components/schemas/MigrationFinalizationResult'
examples:
success:
value:
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
completed: true
destinationIndex: '.siem-signals-default-000002-r000016'
status: success
sourceIndex: '.siem-signals-default-000002'
version: 16
updated: '2021-01-06T22:05:56.859Z'
400:
description: Invalid input data response
content:

27
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml
View file

@ -4,7 +4,7 @@ info:
version: '2023-10-31'
paths:
/api/detection_engine/signals/migration_status:
post:
get:
x-labels: [ess]
operationId: ReadAlertsMigrationStatus
x-codegen-enabled: true
@ -24,6 +24,7 @@ paths:
Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes
before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
format: date-math
example: now-30d
responses:
200:
description: Successful response
@ -37,6 +38,30 @@ paths:
items:
$ref: '#/components/schemas/IndexMigrationStatus'
required: [indices]
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
version: 15
signal_versions:
- version: 15
count: 100
- version: 16
count: 87
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
version: 16
updated: 2021-01-06T20:41:37.173Z
is_outdated: true
- index: .siem-signals-default-000003
version: 16
signal_versions:
- version: 16
count: 54
migrations: []
is_outdated: false
400:
description: Invalid input data response
content:

18
x-pack/solutions/security/plugins/security_solution/common/api/model/alert.gen.ts
View file

@ -15,21 +15,29 @@
*/
import { z } from '@kbn/zod';
import { NonEmptyString } from './primitives.gen';
import { isNonEmptyString } from '@kbn/zod-helpers';
/**
* A list of alerts ids.
* A list of alerts `id`s.
*/
export type AlertIds = z.infer<typeof AlertIds>;
export const AlertIds = z.array(NonEmptyString).min(1);
export const AlertIds = z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1);
/**
* Use alert tags to organize related alerts into categories that you can filter and group.
*/
export type AlertTag = z.infer<typeof AlertTag>;
export const AlertTag = NonEmptyString;
export const AlertTag = z.string().min(1).superRefine(isNonEmptyString);
/**
* List of keywords to organize related alerts into categories that you can filter and group.
*/
export type AlertTags = z.infer<typeof AlertTags>;
export const AlertTags = z.array(AlertTag);
/**
* The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
*/
export type AlertStatus = z.infer<typeof AlertStatus>;
export const AlertStatus = z.enum(['open', 'closed', 'acknowledged', 'in-progress']);
export type AlertStatusEnum = typeof AlertStatus.enum;

13
x-pack/solutions/security/plugins/security_solution/common/api/model/alert.schema.yaml
View file

@ -9,19 +9,26 @@ components:
AlertIds:
type: array
items:
$ref: './primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
minItems: 1
description: A list of alerts ids.
description: A list of alerts `id`s.
AlertTag:
$ref: './primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
format: nonempty
minLength: 1
description: Use alert tags to organize related alerts into categories that you can filter and group.
AlertTags:
type: array
description: List of keywords to organize related alerts into categories that you can filter and group.
items:
$ref: '#/components/schemas/AlertTag'
AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
type: string
enum:
- open

2
x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
View file

@ -1962,7 +1962,7 @@ finalize it.
headers: {
[ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
},
method: 'POST',
method: 'GET',
query: props.query,
})

364
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
View file

@ -65,6 +65,11 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
index_mapping_outdated: false
name: .alerts-security.alerts-default
schema:
type: object
properties:
@ -163,6 +168,42 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema:
type: object
properties:
@ -1001,6 +1042,25 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema:
type: object
properties:
@ -1009,13 +1069,32 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required:
- assignees
- ids
required: true
responses:
'200':
content:
application/ndjson:
examples:
add:
value:
batches: '1,'
deleted: '0,'
failures: []
noops: '0,'
requests_per_second: '-1,'
retries:
- bulk: '0,'
- search: 0
throttled_millis: '0,'
throttled_until_millis: '0,'
timed_out: 'false,'
took: '76,'
total: '1,'
updated: '1,'
version_conflicts: '0,'
description: Indicates a successful call.
'400':
description: Invalid request.
@ -1038,9 +1117,13 @@ paths:
content:
application/json:
schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object
properties:
migration_ids:
description: Array of `migration_id`s to finalize.
items:
type: string
minItems: 1
@ -1053,6 +1136,17 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
migrations:
- completed: true
destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema:
items:
$ref: '#/components/schemas/MigrationFinalizationResult'
@ -1107,9 +1201,13 @@ paths:
content:
application/json:
schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object
properties:
migration_ids:
description: Array of `migration_id`s to cleanup.
items:
type: string
minItems: 1
@ -1122,6 +1220,16 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
migrations:
- destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: 2021-01-06T22:05:56.859Z
version: 16
schema:
items:
$ref: '#/components/schemas/MigrationCleanupResult'
@ -1164,13 +1272,21 @@ paths:
requestBody:
content:
application/json:
examples:
singleIndex:
value:
index:
- .siem-signals-default-000001
schema:
allOf:
- type: object
properties:
index:
description: Array of index names to migrate.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
required:
@ -1182,6 +1298,13 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
indices:
- index: '.siem-signals-default-000001,'
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
schema:
type: object
properties:
@ -1220,7 +1343,7 @@ paths:
- Security Detections API
- Alerts migration API
/api/detection_engine/signals/migration_status:
post:
get:
deprecated: true
description: >-
Retrieve indices that contain detection alerts of a particular age,
@ -1238,12 +1361,37 @@ paths:
before its start time. Defaults to now-6m (analyzes data from 6
minutes before the start time).
example: now-30d
format: date-math
type: string
responses:
'200':
content:
application/json:
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
is_outdated: true
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
updated: 2021-01-06T20:41:37.173Z
version: 16
signal_versions:
- count: 100
version: 15
- count: 87
version: 16
version: 15
- index: .siem-signals-default-000003
is_outdated: false
migrations: []
signal_versions:
- count: 54
version: 16
version: 16
schema:
type: object
properties:
@ -1285,6 +1433,35 @@ paths:
requestBody:
content:
application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
runtime_mappings: {}
size: 0
schema:
description: Elasticsearch query and aggregation request
type: object
@ -1322,6 +1499,31 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema:
additionalProperties: true
description: Elasticsearch search response
@ -1358,6 +1560,44 @@ paths:
requestBody:
content:
application/json:
examples:
byId:
value:
signal_ids:
- >-
80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema:
oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds'
@ -1370,6 +1610,41 @@ paths:
'200':
content:
application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -1409,6 +1684,25 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema:
type: object
properties:
@ -1427,6 +1721,24 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
batches: '1,'
deleted: '0,'
failures: []
noops: '0,'
requests_per_second: '-1,'
retries:
bulk: '0,'
search: 0
throttled_millis: '0,'
throttled_until_millis: '0,'
timed_out: 'false,'
took: '68,'
total: '1,'
updated: '1,'
version_conflicts: '0,'
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -1477,22 +1789,28 @@ components:
type: object
properties:
add:
description: A list of users ids to assign.
items:
$ref: '#/components/schemas/NonEmptyString'
description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array
remove:
description: A list of users ids to unassign.
items:
$ref: '#/components/schemas/NonEmptyString'
description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array
required:
- add
- remove
AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
AlertsIndex:
@ -1537,12 +1855,21 @@ components:
type: object
properties:
requests_per_second:
description: >-
The throttle for the migration task in sub-requests per second.
Corresponds to requests_per_second on the Reindex API.
minimum: 1
type: integer
size:
description: >-
Number of alerts to migrate per batch. Corresponds to the
source.size option on the Reindex API.
minimum: 1
type: integer
slices:
description: >-
The number of subtasks for the migration task. Corresponds to slices
on the Reindex API.
minimum: 1
type: integer
AlertsSort:
@ -1557,6 +1884,9 @@ components:
- additionalProperties: true
type: object
AlertStatus:
description: >-
The status of an alert, which can be `open`, `acknowledged`,
`in-progress`, or `closed`.
enum:
- open
- closed
@ -1610,8 +1940,16 @@ components:
- suppress
type: string
AlertTag:
$ref: '#/components/schemas/NonEmptyString'
description: >-
Use alert tags to organize related alerts into categories that you can
filter and group.
format: nonempty
minLength: 1
type: string
AlertTags:
description: >-
List of keywords to organize related alerts into categories that you can
filter and group.
items:
$ref: '#/components/schemas/AlertTag'
type: array
@ -5872,8 +6210,11 @@ components:
type: object
properties:
signal_ids:
description: List of alert `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
status:
@ -5899,6 +6240,7 @@ components:
- query
- status
SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:

11
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
View file

@ -722,9 +722,11 @@ components:
- microsoft_defender_endpoint
type: string
AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
CaseIds:
@ -1005,11 +1007,6 @@ components:
type: string
required:
- hostStatuses
NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Page:
default: 1
description: Page number

277
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
View file

@ -32,6 +32,42 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema:
type: object
properties:
@ -586,6 +622,25 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema:
type: object
properties:
@ -594,13 +649,32 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required:
- assignees
- ids
required: true
responses:
'200':
content:
application/ndjson:
examples:
add:
value:
batches: '1,'
deleted: '0,'
failures: []
noops: '0,'
requests_per_second: '-1,'
retries:
- bulk: '0,'
- search: 0
throttled_millis: '0,'
throttled_until_millis: '0,'
timed_out: 'false,'
took: '76,'
total: '1,'
updated: '1,'
version_conflicts: '0,'
description: Indicates a successful call.
'400':
description: Invalid request.
@ -614,6 +688,35 @@ paths:
requestBody:
content:
application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
runtime_mappings: {}
size: 0
schema:
description: Elasticsearch query and aggregation request
type: object
@ -651,6 +754,31 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema:
additionalProperties: true
description: Elasticsearch search response
@ -687,6 +815,44 @@ paths:
requestBody:
content:
application/json:
examples:
byId:
value:
signal_ids:
- >-
80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema:
oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds'
@ -699,6 +865,41 @@ paths:
'200':
content:
application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -738,6 +939,25 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema:
type: object
properties:
@ -756,6 +976,24 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
batches: '1,'
deleted: '0,'
failures: []
noops: '0,'
requests_per_second: '-1,'
retries:
bulk: '0,'
search: 0
throttled_millis: '0,'
throttled_until_millis: '0,'
timed_out: 'false,'
took: '68,'
total: '1,'
updated: '1,'
version_conflicts: '0,'
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -806,22 +1044,28 @@ components:
type: object
properties:
add:
description: A list of users ids to assign.
items:
$ref: '#/components/schemas/NonEmptyString'
description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array
remove:
description: A list of users ids to unassign.
items:
$ref: '#/components/schemas/NonEmptyString'
description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array
required:
- add
- remove
AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
AlertsIndex:
@ -843,6 +1087,9 @@ components:
- additionalProperties: true
type: object
AlertStatus:
description: >-
The status of an alert, which can be `open`, `acknowledged`,
`in-progress`, or `closed`.
enum:
- open
- closed
@ -896,8 +1143,16 @@ components:
- suppress
type: string
AlertTag:
$ref: '#/components/schemas/NonEmptyString'
description: >-
Use alert tags to organize related alerts into categories that you can
filter and group.
format: nonempty
minLength: 1
type: string
AlertTags:
description: >-
List of keywords to organize related alerts into categories that you can
filter and group.
items:
$ref: '#/components/schemas/AlertTag'
type: array
@ -5021,8 +5276,11 @@ components:
type: object
properties:
signal_ids:
description: List of alert `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
status:
@ -5048,6 +5306,7 @@ components:
- query
- status
SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:

11
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
View file

@ -622,9 +622,11 @@ components:
- microsoft_defender_endpoint
type: string
AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
CaseIds:
@ -905,11 +907,6 @@ components:
type: string
required:
- hostStatuses
NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Page:
default: 1
description: Page number

2
x-pack/test/api_integration/services/security_solution_api.gen.ts
View file

@ -1352,7 +1352,7 @@ finalize it.
kibanaSpace: string = 'default'
) {
return supertest
.post(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace))
.get(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')