github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.16] Improves Timeline API docs content (#192744) (#204911)

Browse source 
# Backport

This will backport the following commits from `main` to `8.16`:
- [Improves Timeline API docs content
(#192744)](https://github.com/elastic/kibana/pull/192744)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"natasha-moore-elastic","email":"137783811+natasha-moore-elastic@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-19T08:03:59Z","message":"Improves
Timeline API docs content (#192744)\n\n## Summary\r\n\r\nResolves
https://github.com/elastic/security-docs-internal/issues/35
by\r\nimproving the Timeline API docs content. Adds missing and
improves\r\nexisting operation summaries and operation descriptions to
adhere to
our\r\n[OAS\r\nstandards](450494532/API+reference+docs).\r\n\r\n---------\r\n\r\nCo-authored-by:
Jatin Kathuria <jtn.kathuria@gmail.com>\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"9765f73ec2ab4d1ef2406247503b1ceaba1c3db9","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","v9.0.0","docs","Team:Threat
Hunting","Team: SecuritySolution","APIDocs","Team:Threat
Hunting:Investigations"],"number":192744,"url":"https://github.com/elastic/kibana/pull/192744","mergeCommit":{"message":"Improves
Timeline API docs content (#192744)\n\n## Summary\r\n\r\nResolves
https://github.com/elastic/security-docs-internal/issues/35
by\r\nimproving the Timeline API docs content. Adds missing and
improves\r\nexisting operation summaries and operation descriptions to
adhere to
our\r\n[OAS\r\nstandards](450494532/API+reference+docs).\r\n\r\n---------\r\n\r\nCo-authored-by:
Jatin Kathuria <jtn.kathuria@gmail.com>\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"9765f73ec2ab4d1ef2406247503b1ceaba1c3db9"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192744","number":192744,"mergeCommit":{"message":"Improves
Timeline API docs content (#192744)\n\n## Summary\r\n\r\nResolves
https://github.com/elastic/security-docs-internal/issues/35
by\r\nimproving the Timeline API docs content. Adds missing and
improves\r\nexisting operation summaries and operation descriptions to
adhere to
our\r\n[OAS\r\nstandards](450494532/API+reference+docs).\r\n\r\n---------\r\n\r\nCo-authored-by:
Jatin Kathuria <jtn.kathuria@gmail.com>\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"9765f73ec2ab4d1ef2406247503b1ceaba1c3db9"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
natasha-moore-elastic 2024-12-19 12:49:19 +00:00 committed by GitHub
parent 3919433e21
commit 62cb92963f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
22 changed files with 389 additions and 259 deletions
Download patch file Download diff file Expand all files Collapse all files

124
oas_docs/output/kibana.yaml
View file

@ -17062,6 +17062,7 @@ paths:
- ml
/api/note:
delete:
description: Delete a note from a Timeline using the note ID.
operationId: DeleteNote
requestBody:
content:
@ -17085,7 +17086,7 @@ paths:
type: array
required:
- noteIds
description: The id of the note to delete.
description: The ID of the note to delete.
required: true
responses:
'200':
@ -17097,11 +17098,11 @@ paths:
data:
type: object
description: Indicates the note was successfully deleted.
summary: Deletes a note from a timeline.
summary: Delete a note
tags:
- Security Timeline API
get:
description: Gets notes
description: Get all notes for a given document.
operationId: GetNotes
parameters:
- in: query
@ -17160,10 +17161,11 @@ paths:
- $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult'
- type: object
description: Indicates the requested notes were returned.
summary: Get all notes for a given document.
summary: Get notes
tags:
- Security Timeline API
patch:
description: Add a note to a Timeline or update an existing note.
operationId: PersistNoteRoute
requestBody:
content:
@ -17193,7 +17195,7 @@ paths:
type: string
required:
- note
description: The note to persist or update along with additional metadata.
description: The note to add or update, along with additional metadata.
required: true
responses:
'200':
@ -17212,7 +17214,7 @@ paths:
required:
- data
description: Indicates the note was successfully created.
summary: Persists a note to a timeline.
summary: Add or update a note
tags:
- Security Timeline API
/api/osquery/live_queries:
@ -17523,6 +17525,7 @@ paths:
- Security Osquery API
/api/pinned_event:
patch:
description: Pin an event to an existing Timeline.
operationId: PersistPinnedEventRoute
requestBody:
content:
@ -17540,7 +17543,7 @@ paths:
required:
- eventId
- timelineId
description: The pinned event to persist or update along with additional metadata.
description: The pinned event to add or update, along with additional metadata.
required: true
responses:
'200':
@ -17558,8 +17561,8 @@ paths:
- persistPinnedEventOnTimeline
required:
- data
description: Indicate the event was successfully pinned in the timeline.
summary: Persists a pinned event to a timeline.
description: Indicates the event was successfully pinned to the Timeline.
summary: Pin an event
tags:
- Security Timeline API
/api/risk_score/engine/dangerously_delete_data:
@ -20066,6 +20069,7 @@ paths:
- system
/api/timeline:
delete:
description: Delete one or more Timelines or Timeline templates.
operationId: DeleteTimelines
requestBody:
content:
@ -20084,7 +20088,7 @@ paths:
type: array
required:
- savedObjectIds
description: The ids of the timelines or timeline templates to delete.
description: The IDs of the Timelines or Timeline templates to delete.
required: true
responses:
'200':
@ -20102,11 +20106,12 @@ paths:
- deleteTimeline
required:
- data
description: Indicates the timeline was successfully deleted.
summary: Deletes one or more timelines or timeline templates.
description: Indicates the Timeline was successfully deleted.
summary: Delete Timelines or Timeline templates
tags:
- Security Timeline API
get:
description: Get the details of an existing saved Timeline or Timeline template.
operationId: GetTimeline
parameters:
- description: The ID of the template timeline to retrieve
@ -20114,7 +20119,7 @@ paths:
name: template_timeline_id
schema:
type: string
- description: The ID of the timeline to retrieve
- description: The ID of the Timeline to retrieve.
in: query
name: id
schema:
@ -20138,12 +20143,12 @@ paths:
- data
- additionalProperties: false
type: object
description: Indicates that the (template) timeline was found and returned.
summary: Get an existing saved timeline or timeline template. This API is used to retrieve an existing saved timeline or timeline template.
description: Indicates that the (template) Timeline was found and returned.
summary: Get Timeline or Timeline template details
tags:
- Security Timeline API
patch:
description: Updates an existing timeline. This API is used to update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing timeline.
description: Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline.
operationId: PatchTimeline
requestBody:
content:
@ -20163,7 +20168,7 @@ paths:
- timelineId
- version
- timeline
description: The timeline updates along with the timeline ID and version.
description: The Timeline updates, along with the Timeline ID and version.
required: true
responses:
'200':
@ -20171,7 +20176,7 @@ paths:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
description: Indicates that the draft timeline was successfully created. In the event the user already has a draft timeline, the existing draft timeline is cleared and returned.
description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
'405':
content:
application/json; Elastic-Api-Version=2023-10-31:
@ -20182,11 +20187,12 @@ paths:
type: string
statusCode:
type: number
description: Indicates that the user does not have the required access to create a draft timeline.
summary: Updates an existing timeline.
description: Indicates that the user does not have the required access to create a draft Timeline.
summary: Update a Timeline
tags:
- Security Timeline API
post:
description: Create a new Timeline or Timeline template.
operationId: CreateTimelines
requestBody:
content:
@ -20216,7 +20222,7 @@ paths:
type: string
required:
- timeline
description: The required timeline fields used to create a new timeline along with optional fields that will be created if not provided.
description: The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided.
required: true
responses:
'200':
@ -20224,7 +20230,7 @@ paths:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
description: Indicates the timeline was successfully created.
description: Indicates the Timeline was successfully created.
'405':
content:
application/json; Elastic-Api-Version=2023-10-31:
@ -20235,8 +20241,8 @@ paths:
type: string
statusCode:
type: number
description: Indicates that there was an error in the timeline creation.
summary: Creates a new timeline.
description: Indicates that there was an error in the Timeline creation.
summary: Create a Timeline or Timeline template
tags:
- Security Timeline API
/api/timeline/_copy:
@ -20270,6 +20276,7 @@ paths:
- Security Timeline API
/api/timeline/_draft:
get:
description: Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned.
operationId: GetDraftTimelines
parameters:
- in: query
@ -20283,7 +20290,7 @@ paths:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
description: Indicates that the draft timeline was successfully retrieved.
description: Indicates that the draft Timeline was successfully retrieved.
'403':
content:
application:json; Elastic-Api-Version=2023-10-31:
@ -20294,7 +20301,7 @@ paths:
type: string
status_code:
type: number
description: If a draft timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft timeline.
description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline.
'409':
content:
application:json; Elastic-Api-Version=2023-10-31:
@ -20305,13 +20312,15 @@ paths:
type: string
status_code:
type: number
description: This should never happen, but if a draft timeline was not found and we attempted to create one, it indicates that there is already a draft timeline with the given timelineId.
summary: Retrieves the draft timeline for the current user. If the user does not have a draft timeline, an empty timeline is returned.
description: This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`.
summary: Get draft Timeline or Timeline template details
tags:
- Security Timeline API
post:
description: |
Retrieves a clean draft timeline. If a draft timeline does not exist, it is created and returned.
Create a clean draft Timeline or Timeline template for the current user.
> info
> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
operationId: CleanDraftTimelines
requestBody:
content:
@ -20323,7 +20332,7 @@ paths:
$ref: '#/components/schemas/Security_Timeline_API_TimelineType'
required:
- timelineType
description: The type of timeline to create. Valid values are `default` and `template`.
description: The type of Timeline to create. Valid values are `default` and `template`.
required: true
responses:
'200':
@ -20331,7 +20340,7 @@ paths:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
description: Indicates that the draft timeline was successfully created. In the event the user already has a draft timeline, the existing draft timeline is cleared and returned.
description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
'403':
content:
application:json; Elastic-Api-Version=2023-10-31:
@ -20342,7 +20351,7 @@ paths:
type: string
status_code:
type: number
description: Indicates that the user does not have the required permissions to create a draft timeline.
description: Indicates that the user does not have the required permissions to create a draft Timeline.
'409':
content:
application:json; Elastic-Api-Version=2023-10-31:
@ -20353,12 +20362,13 @@ paths:
type: string
status_code:
type: number
description: Indicates that there is already a draft timeline with the given timelineId.
summary: Retrieves a draft timeline or timeline template.
description: Indicates that there is already a draft Timeline with the given `timelineId`.
summary: Create a clean draft Timeline or Timeline template
tags:
- Security Timeline API
/api/timeline/_export:
post:
description: Export Timelines as an NDJSON file.
operationId: ExportTimelines
parameters:
- description: The name of the file to export
@ -20378,16 +20388,16 @@ paths:
type: string
nullable: true
type: array
description: The ids of the timelines to export
description: The IDs of the Timelines to export.
required: true
responses:
'200':
content:
application/ndjson; Elastic-Api-Version=2023-10-31:
schema:
description: NDJSON of the exported timelines
description: NDJSON of the exported Timelines
type: string
description: Indicates the timelines were successfully exported
description: Indicates the Timelines were successfully exported.
'400':
content:
application/ndjson; Elastic-Api-Version=2023-10-31:
@ -20398,12 +20408,13 @@ paths:
type: string
statusCode:
type: number
description: Indicates that the export size limit was exceeded
summary: Exports timelines as an NDJSON file
description: Indicates that the export size limit was exceeded.
summary: Export Timelines
tags:
- Security Timeline API
/api/timeline/_favorite:
patch:
description: Favorite a Timeline or Timeline template for the current user.
operationId: PersistFavoriteRoute
requestBody:
content:
@ -20428,7 +20439,7 @@ paths:
- templateTimelineId
- templateTimelineVersion
- timelineType
description: The required fields used to favorite a (template) timeline.
description: The required fields used to favorite a (template) Timeline.
required: true
responses:
'200':
@ -20458,11 +20469,12 @@ paths:
statusCode:
type: number
description: Indicates the user does not have the required permissions to persist the favorite status.
summary: Persists a given users favorite status of a timeline.
summary: Favorite a Timeline or Timeline template
tags:
- Security Timeline API
/api/timeline/_import:
post:
description: Import Timelines.
operationId: ImportTimelines
requestBody:
content:
@ -20478,7 +20490,7 @@ paths:
type: string
required:
- file
description: The timelines to import as a readable stream.
description: The Timelines to import as a readable stream.
required: true
responses:
'200':
@ -20486,7 +20498,7 @@ paths:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult'
description: Indicates the import of timelines was successful.
description: Indicates the import of Timelines was successful.
'400':
content:
application/json; Elastic-Api-Version=2023-10-31:
@ -20499,7 +20511,7 @@ paths:
type: string
statusCode:
type: number
description: Indicates the import of timelines was unsuccessful because of an invalid file extension.
description: Indicates the import of Timelines was unsuccessful because of an invalid file extension.
'404':
content:
application/json; Elastic-Api-Version=2023-10-31:
@ -20523,12 +20535,13 @@ paths:
type: string
statusCode:
type: number
description: Indicates the import of timelines was unsuccessful.
summary: Imports timelines.
description: Indicates the import of Timelines was unsuccessful.
summary: Import Timelines
tags:
- Security Timeline API
/api/timeline/_prepackaged:
post:
description: Install or update prepackaged Timelines.
operationId: InstallPrepackedTimelines
requestBody:
content:
@ -20555,7 +20568,7 @@ paths:
- timelinesToInstall
- timelinesToUpdate
- prepackagedTimelines
description: The timelines to install or update.
description: The Timelines to install or update.
required: true
responses:
'200':
@ -20563,7 +20576,7 @@ paths:
application/json; Elastic-Api-Version=2023-10-31:
schema:
$ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult'
description: Indicates the installation of prepackaged timelines was successful.
description: Indicates the installation of prepackaged Timelines was successful.
'500':
content:
application:json; Elastic-Api-Version=2023-10-31:
@ -20574,8 +20587,8 @@ paths:
type: string
statusCode:
type: number
description: Indicates the installation of prepackaged timelines was unsuccessful.
summary: Installs prepackaged timelines.
description: Indicates the installation of prepackaged Timelines was unsuccessful.
summary: Install prepackaged Timelines
tags:
- Security Timeline API
/api/timeline/resolve:
@ -20606,16 +20619,17 @@ paths:
- data
- additionalProperties: false
type: object
description: The (template) timeline has been found
description: The (template) Timeline has been found
'400':
description: The request is missing parameters
'404':
description: The (template) timeline was not found
summary: Get an existing saved timeline or timeline template.
description: The (template) Timeline was not found
summary: Get an existing saved Timeline or Timeline template
tags:
- Security Timeline API
/api/timelines:
get:
description: Get a list of all saved Timelines or Timeline templates.
operationId: GetTimelines
parameters:
- description: If true, only timelines that are marked as favorites by the user are returned.
@ -20689,7 +20703,7 @@ paths:
required:
- timeline
- totalCount
description: Indicates that the (template) timelines were found and returned.
description: Indicates that the (template) Timelines were found and returned.
'400':
content:
application:json; Elastic-Api-Version=2023-10-31:
@ -20701,7 +20715,7 @@ paths:
statusCode:
type: number
description: Bad request. The user supplied invalid data.
summary: This API is used to retrieve a list of existing saved timelines or timeline templates.
summary: Get Timelines or Timeline templates
tags:
- Security Timeline API
/s/{spaceId}/api/observability/slos:

44
x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts
View file

@ -537,7 +537,9 @@ after 30 days. It also deletes other artifacts specific to the migration impleme
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Retrieves a clean draft timeline. If a draft timeline does not exist, it is created and returned.
* Create a clean draft Timeline or Timeline template for the current user.
> info
> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
*/
async cleanDraftTimelines(props: CleanDraftTimelinesProps) {
@ -647,6 +649,9 @@ Migrations are initiated per index. While the process is neither destructive nor
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Create a new Timeline or Timeline template.
*/
async createTimelines(props: CreateTimelinesProps) {
this.log.info(`${new Date().toISOString()} Calling API CreateTimelines`);
return this.kbnClient
@ -719,6 +724,9 @@ Migrations are initiated per index. While the process is neither destructive nor
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Delete a note from a Timeline using the note ID.
*/
async deleteNote(props: DeleteNoteProps) {
this.log.info(`${new Date().toISOString()} Calling API DeleteNote`);
return this.kbnClient
@ -749,6 +757,9 @@ Migrations are initiated per index. While the process is neither destructive nor
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Delete one or more Timelines or Timeline templates.
*/
async deleteTimelines(props: DeleteTimelinesProps) {
this.log.info(`${new Date().toISOString()} Calling API DeleteTimelines`);
return this.kbnClient
@ -1103,6 +1114,9 @@ Migrations are initiated per index. While the process is neither destructive nor
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Export Timelines as an NDJSON file.
*/
async exportTimelines(props: ExportTimelinesProps) {
this.log.info(`${new Date().toISOString()} Calling API ExportTimelines`);
return this.kbnClient
@ -1213,6 +1227,9 @@ finalize it.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned.
*/
async getDraftTimelines(props: GetDraftTimelinesProps) {
this.log.info(`${new Date().toISOString()} Calling API GetDraftTimelines`);
return this.kbnClient
@ -1279,7 +1296,7 @@ finalize it.
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Gets notes
* Get all notes for a given document.
*/
async getNotes(props: GetNotesProps) {
this.log.info(`${new Date().toISOString()} Calling API GetNotes`);
@ -1373,6 +1390,9 @@ finalize it.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Get the details of an existing saved Timeline or Timeline template.
*/
async getTimeline(props: GetTimelineProps) {
this.log.info(`${new Date().toISOString()} Calling API GetTimeline`);
return this.kbnClient
@ -1387,6 +1407,9 @@ finalize it.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Get a list of all saved Timelines or Timeline templates.
*/
async getTimelines(props: GetTimelinesProps) {
this.log.info(`${new Date().toISOString()} Calling API GetTimelines`);
return this.kbnClient
@ -1421,6 +1444,9 @@ finalize it.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Import Timelines.
*/
async importTimelines(props: ImportTimelinesProps) {
this.log.info(`${new Date().toISOString()} Calling API ImportTimelines`);
return this.kbnClient
@ -1477,6 +1503,9 @@ finalize it.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Install or update prepackaged Timelines.
*/
async installPrepackedTimelines(props: InstallPrepackedTimelinesProps) {
this.log.info(`${new Date().toISOString()} Calling API InstallPrepackedTimelines`);
return this.kbnClient
@ -1549,7 +1578,7 @@ finalize it.
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Updates an existing timeline. This API is used to update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing timeline.
* Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline.
*/
async patchTimeline(props: PatchTimelineProps) {
this.log.info(`${new Date().toISOString()} Calling API PatchTimeline`);
@ -1581,6 +1610,9 @@ finalize it.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Favorite a Timeline or Timeline template for the current user.
*/
async persistFavoriteRoute(props: PersistFavoriteRouteProps) {
this.log.info(`${new Date().toISOString()} Calling API PersistFavoriteRoute`);
return this.kbnClient
@ -1594,6 +1626,9 @@ finalize it.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Add a note to a Timeline or update an existing note.
*/
async persistNoteRoute(props: PersistNoteRouteProps) {
this.log.info(`${new Date().toISOString()} Calling API PersistNoteRoute`);
return this.kbnClient
@ -1607,6 +1642,9 @@ finalize it.
})
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Pin an event to an existing Timeline.
*/
async persistPinnedEventRoute(props: PersistPinnedEventRouteProps) {
this.log.info(`${new Date().toISOString()} Calling API PersistPinnedEventRoute`);
return this.kbnClient

14
x-pack/plugins/security_solution/common/api/timeline/clean_draft_timelines/clean_draft_timelines_route.schema.yaml
View file

@ -8,13 +8,15 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: CleanDraftTimelines
summary: Retrieves a draft timeline or timeline template.
summary: Create a clean draft Timeline or Timeline template
description: |
Retrieves a clean draft timeline. If a draft timeline does not exist, it is created and returned.
Create a clean draft Timeline or Timeline template for the current user.
> info
> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
tags:
- access:securitySolution
requestBody:
description: The type of timeline to create. Valid values are `default` and `template`.
description: The type of Timeline to create. Valid values are `default` and `template`.
required: true
content:
application/json:
@ -26,13 +28,13 @@ paths:
$ref: '../model/components.schema.yaml#/components/schemas/TimelineType'
responses:
'200':
description: Indicates that the draft timeline was successfully created. In the event the user already has a draft timeline, the existing draft timeline is cleared and returned.
description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
content:
application/json:
schema:
$ref: '../model/components.schema.yaml#/components/schemas/PersistTimelineResponse'
'403':
description: Indicates that the user does not have the required permissions to create a draft timeline.
description: Indicates that the user does not have the required permissions to create a draft Timeline.
content:
application:json:
schema:
@ -43,7 +45,7 @@ paths:
status_code:
type: number
'409':
description: Indicates that there is already a draft timeline with the given timelineId.
description: Indicates that there is already a draft Timeline with the given `timelineId`.
content:
application:json:
schema:

9
x-pack/plugins/security_solution/common/api/timeline/create_timelines/create_timelines_route.schema.yaml
View file

@ -11,11 +11,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: CreateTimelines
summary: Creates a new timeline.
summary: Create a Timeline or Timeline template
description: Create a new Timeline or Timeline template.
tags:
- access:securitySolution
requestBody:
description: The required timeline fields used to create a new timeline along with optional fields that will be created if not provided.
description: The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided.
required: true
content:
application/json:
@ -45,13 +46,13 @@ paths:
nullable: true
responses:
'200':
description: Indicates the timeline was successfully created.
description: Indicates the Timeline was successfully created.
content:
application/json:
schema:
$ref: '../model/components.schema.yaml#/components/schemas/PersistTimelineResponse'
'405':
description: Indicates that there was an error in the timeline creation.
description: Indicates that there was an error in the Timeline creation.
content:
application/json:
schema:

5
x-pack/plugins/security_solution/common/api/timeline/delete_note/delete_note_route.schema.yaml
View file

@ -8,11 +8,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: DeleteNote
summary: Deletes a note from a timeline.
summary: Delete a note
description: Delete a note from a Timeline using the note ID.
tags:
- access:securitySolution
requestBody:
description: The id of the note to delete.
description: The ID of the note to delete.
required: true
content:
application/json:

7
x-pack/plugins/security_solution/common/api/timeline/delete_timelines/delete_timelines_route.schema.yaml
View file

@ -11,11 +11,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: DeleteTimelines
summary: Deletes one or more timelines or timeline templates.
summary: Delete Timelines or Timeline templates
description: Delete one or more Timelines or Timeline templates.
tags:
- access:securitySolution
requestBody:
description: The ids of the timelines or timeline templates to delete.
description: The IDs of the Timelines or Timeline templates to delete.
required: true
content:
application/json:
@ -34,7 +35,7 @@ paths:
type: string
responses:
'200':
description: Indicates the timeline was successfully deleted.
description: Indicates the Timeline was successfully deleted.
content:
application/json:
schema:

11
x-pack/plugins/security_solution/common/api/timeline/export_timelines/export_timelines_route.schema.yaml
View file

@ -11,7 +11,8 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: ExportTimelines
summary: Exports timelines as an NDJSON file
summary: Export Timelines
description: Export Timelines as an NDJSON file.
tags:
- access:securitySolution
parameters:
@ -22,7 +23,7 @@ paths:
type: string
description: The name of the file to export
requestBody:
description: The ids of the timelines to export
description: The IDs of the Timelines to export.
required: true
content:
application/json:
@ -36,14 +37,14 @@ paths:
type: string
responses:
'200':
description: Indicates the timelines were successfully exported
description: Indicates the Timelines were successfully exported.
content:
application/ndjson:
schema:
type: string
description: NDJSON of the exported timelines
description: NDJSON of the exported Timelines
'400':
description: Indicates that the export size limit was exceeded
description: Indicates that the export size limit was exceeded.
content:
application/ndjson:
schema:

9
x-pack/plugins/security_solution/common/api/timeline/get_draft_timelines/get_draft_timelines_route.schema.yaml
View file

@ -8,7 +8,8 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetDraftTimelines
summary: Retrieves the draft timeline for the current user. If the user does not have a draft timeline, an empty timeline is returned.
summary: Get draft Timeline or Timeline template details
description: Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned.
tags:
- access:securitySolution
parameters:
@ -19,13 +20,13 @@ paths:
$ref: '../model/components.schema.yaml#/components/schemas/TimelineType'
responses:
'200':
description: Indicates that the draft timeline was successfully retrieved.
description: Indicates that the draft Timeline was successfully retrieved.
content:
application/json:
schema:
$ref: '../model/components.schema.yaml#/components/schemas/PersistTimelineResponse'
'403':
description: If a draft timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft timeline.
description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline.
content:
application:json:
schema:
@ -36,7 +37,7 @@ paths:
status_code:
type: number
'409':
description: This should never happen, but if a draft timeline was not found and we attempted to create one, it indicates that there is already a draft timeline with the given timelineId.
description: This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`.
content:
application:json:
schema:

4
x-pack/plugins/security_solution/common/api/timeline/get_notes/get_notes_route.schema.yaml
View file

@ -8,8 +8,8 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetNotes
description: Gets notes
summary: Get all notes for a given document.
description: Get all notes for a given document.
summary: Get notes
tags:
- access:securitySolution
parameters:

2
x-pack/plugins/security_solution/common/api/timeline/get_timeline/get_timeline_route.gen.ts
View file

@ -25,7 +25,7 @@ export const GetTimelineRequestQuery = z.object({
*/
template_timeline_id: z.string().optional(),
/**
* The ID of the timeline to retrieve
* The ID of the Timeline to retrieve.
*/
id: z.string().optional(),
});

7
x-pack/plugins/security_solution/common/api/timeline/get_timeline/get_timeline_route.schema.yaml
View file

@ -11,7 +11,8 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetTimeline
summary: Get an existing saved timeline or timeline template. This API is used to retrieve an existing saved timeline or timeline template.
summary: Get Timeline or Timeline template details
description: Get the details of an existing saved Timeline or Timeline template.
tags:
- access:securitySolution
parameters:
@ -24,10 +25,10 @@ paths:
name: id
schema:
type: string
description: The ID of the timeline to retrieve
description: The ID of the Timeline to retrieve.
responses:
'200':
description: Indicates that the (template) timeline was found and returned.
description: Indicates that the (template) Timeline was found and returned.
content:
application/json:
schema:

5
x-pack/plugins/security_solution/common/api/timeline/get_timelines/get_timelines_route.schema.yaml
View file

@ -11,7 +11,8 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetTimelines
summary: This API is used to retrieve a list of existing saved timelines or timeline templates.
summary: Get Timelines or Timeline templates
description: Get a list of all saved Timelines or Timeline templates.
tags:
- access:securitySolution
parameters:
@ -62,7 +63,7 @@ paths:
nullable: true
responses:
'200':
description: Indicates that the (template) timelines were found and returned.
description: Indicates that the (template) Timelines were found and returned.
content:
application/json:
schema:

11
x-pack/plugins/security_solution/common/api/timeline/import_timelines/import_timelines_route.schema.yaml
View file

@ -11,11 +11,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: ImportTimelines
summary: Imports timelines.
summary: Import Timelines
description: Import Timelines.
tags:
- access:securitySolution
requestBody:
description: The timelines to import as a readable stream.
description: The Timelines to import as a readable stream.
required: true
content:
application/json:
@ -31,14 +32,14 @@ paths:
file: {}
responses:
'200':
description: Indicates the import of timelines was successful.
description: Indicates the import of Timelines was successful.
content:
application/json:
schema:
$ref: '../model/components.schema.yaml#/components/schemas/ImportTimelineResult'
'400':
description: Indicates the import of timelines was unsuccessful because of an invalid file extension.
description: Indicates the import of Timelines was unsuccessful because of an invalid file extension.
content:
application/json:
schema:
@ -63,7 +64,7 @@ paths:
statusCode:
type: number
'409':
description: Indicates the import of timelines was unsuccessful.
description: Indicates the import of Timelines was unsuccessful.
content:
application/json:
schema:

9
x-pack/plugins/security_solution/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.schema.yaml
View file

@ -8,11 +8,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: InstallPrepackedTimelines
summary: Installs prepackaged timelines.
summary: Install prepackaged Timelines
description: Install or update prepackaged Timelines.
tags:
- access:securitySolution
requestBody:
description: The timelines to install or update.
description: The Timelines to install or update.
required: true
content:
application/json:
@ -37,13 +38,13 @@ paths:
nullable: true
responses:
'200':
description: Indicates the installation of prepackaged timelines was successful.
description: Indicates the installation of prepackaged Timelines was successful.
content:
application/json:
schema:
$ref: '../model/components.schema.yaml#/components/schemas/ImportTimelineResult'
'500':
description: Indicates the installation of prepackaged timelines was unsuccessful.
description: Indicates the installation of prepackaged Timelines was unsuccessful.
content:
application:json:
schema:

10
x-pack/plugins/security_solution/common/api/timeline/patch_timelines/patch_timeline_route.schema.yaml
View file

@ -8,12 +8,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: PatchTimeline
summary: Updates an existing timeline.
description: Updates an existing timeline. This API is used to update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing timeline.
summary: Update a Timeline
description: Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline.
tags:
- access:securitySolution
requestBody:
description: The timeline updates along with the timeline ID and version.
description: The Timeline updates, along with the Timeline ID and version.
required: true
content:
application/json:
@ -31,13 +31,13 @@ paths:
$ref: '../model/components.schema.yaml#/components/schemas/SavedTimeline'
responses:
'200':
description: Indicates that the draft timeline was successfully created. In the event the user already has a draft timeline, the existing draft timeline is cleared and returned.
description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
content:
application/json:
schema:
$ref: '../model/components.schema.yaml#/components/schemas/PersistTimelineResponse'
'405':
description: Indicates that the user does not have the required access to create a draft timeline.
description: Indicates that the user does not have the required access to create a draft Timeline.
content:
application/json:
schema:

5
x-pack/plugins/security_solution/common/api/timeline/persist_favorite/persist_favorite_route.schema.yaml
View file

@ -8,11 +8,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: PersistFavoriteRoute
summary: Persists a given users favorite status of a timeline.
summary: Favorite a Timeline or Timeline template
description: Favorite a Timeline or Timeline template for the current user.
tags:
- access:securitySolution
requestBody:
description: The required fields used to favorite a (template) timeline.
description: The required fields used to favorite a (template) Timeline.
required: true
content:
application/json:

5
x-pack/plugins/security_solution/common/api/timeline/persist_note/persist_note_route.schema.yaml
View file

@ -11,11 +11,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: PersistNoteRoute
summary: Persists a note to a timeline.
summary: Add or update a note
description: Add a note to a Timeline or update an existing note.
tags:
- access:securitySolution
requestBody:
description: The note to persist or update along with additional metadata.
description: The note to add or update, along with additional metadata.
required: true
content:
application/json:

7
x-pack/plugins/security_solution/common/api/timeline/pinned_events/pinned_events_route.schema.yaml
View file

@ -11,11 +11,12 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: PersistPinnedEventRoute
summary: Persists a pinned event to a timeline.
summary: Pin an event
description: Pin an event to an existing Timeline.
tags:
- access:securitySolution
requestBody:
description: The pinned event to persist or update along with additional metadata.
description: The pinned event to add or update, along with additional metadata.
required: true
content:
application/json:
@ -32,7 +33,7 @@ paths:
type: string
responses:
'200':
description: Indicate the event was successfully pinned in the timeline.
description: Indicates the event was successfully pinned to the Timeline.
content:
application/json:
schema:

6
x-pack/plugins/security_solution/common/api/timeline/resolve_timeline/resolve_timeline_route.schema.yaml
View file

@ -8,7 +8,7 @@ paths:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: ResolveTimeline
summary: Get an existing saved timeline or timeline template.
summary: Get an existing saved Timeline or Timeline template
tags:
- access:securitySolution
parameters:
@ -24,7 +24,7 @@ paths:
description: The ID of the timeline to resolve
responses:
'200':
description: The (template) timeline has been found
description: The (template) Timeline has been found
content:
application/json:
schema:
@ -40,4 +40,4 @@ paths:
'400':
description: The request is missing parameters
'404':
description: The (template) timeline was not found
description: The (template) Timeline was not found

155
x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml
View file

@ -15,6 +15,7 @@ servers:
paths:
/api/note:
delete:
description: Delete a note from a Timeline using the note ID.
operationId: DeleteNote
requestBody:
content:
@ -38,7 +39,7 @@ paths:
type: array
required:
- noteIds
description: The id of the note to delete.
description: The ID of the note to delete.
required: true
responses:
'200':
@ -50,12 +51,12 @@ paths:
data:
type: object
description: Indicates the note was successfully deleted.
summary: Deletes a note from a timeline.
summary: Delete a note
tags:
- Security Timeline API
- 'access:securitySolution'
get:
description: Gets notes
description: Get all notes for a given document.
operationId: GetNotes
parameters:
- in: query
@ -114,11 +115,12 @@ paths:
- $ref: '#/components/schemas/GetNotesResult'
- type: object
description: Indicates the requested notes were returned.
summary: Get all notes for a given document.
summary: Get notes
tags:
- Security Timeline API
- 'access:securitySolution'
patch:
description: Add a note to a Timeline or update an existing note.
operationId: PersistNoteRoute
requestBody:
content:
@ -148,7 +150,7 @@ paths:
type: string
required:
- note
description: The note to persist or update along with additional metadata.
description: 'The note to add or update, along with additional metadata.'
required: true
responses:
'200':
@ -167,12 +169,13 @@ paths:
required:
- data
description: Indicates the note was successfully created.
summary: Persists a note to a timeline.
summary: Add or update a note
tags:
- Security Timeline API
- 'access:securitySolution'
/api/pinned_event:
patch:
description: Pin an event to an existing Timeline.
operationId: PersistPinnedEventRoute
requestBody:
content:
@ -190,7 +193,7 @@ paths:
required:
- eventId
- timelineId
description: The pinned event to persist or update along with additional metadata.
description: 'The pinned event to add or update, along with additional metadata.'
required: true
responses:
'200':
@ -208,13 +211,14 @@ paths:
- persistPinnedEventOnTimeline
required:
- data
description: Indicate the event was successfully pinned in the timeline.
summary: Persists a pinned event to a timeline.
description: Indicates the event was successfully pinned to the Timeline.
summary: Pin an event
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline:
delete:
description: Delete one or more Timelines or Timeline templates.
operationId: DeleteTimelines
requestBody:
content:
@ -235,7 +239,7 @@ paths:
type: array
required:
- savedObjectIds
description: The ids of the timelines or timeline templates to delete.
description: The IDs of the Timelines or Timeline templates to delete.
required: true
responses:
'200':
@ -253,12 +257,13 @@ paths:
- deleteTimeline
required:
- data
description: Indicates the timeline was successfully deleted.
summary: Deletes one or more timelines or timeline templates.
description: Indicates the Timeline was successfully deleted.
summary: Delete Timelines or Timeline templates
tags:
- Security Timeline API
- 'access:securitySolution'
get:
description: Get the details of an existing saved Timeline or Timeline template.
operationId: GetTimeline
parameters:
- description: The ID of the template timeline to retrieve
@ -266,7 +271,7 @@ paths:
name: template_timeline_id
schema:
type: string
- description: The ID of the timeline to retrieve
- description: The ID of the Timeline to retrieve.
in: query
name: id
schema:
@ -290,18 +295,16 @@ paths:
- data
- additionalProperties: false
type: object
description: Indicates that the (template) timeline was found and returned.
summary: >-
Get an existing saved timeline or timeline template. This API is used to
retrieve an existing saved timeline or timeline template.
description: Indicates that the (template) Timeline was found and returned.
summary: Get Timeline or Timeline template details
tags:
- Security Timeline API
- 'access:securitySolution'
patch:
description: >-
Updates an existing timeline. This API is used to update the title,
description, date range, pinned events, pinned queries, and/or pinned
saved queries of an existing timeline.
Update an existing Timeline. You can update the title, description, date
range, pinned events, pinned queries, and/or pinned saved queries of an
existing Timeline.
operationId: PatchTimeline
requestBody:
content:
@ -321,7 +324,7 @@ paths:
- timelineId
- version
- timeline
description: The timeline updates along with the timeline ID and version.
description: 'The Timeline updates, along with the Timeline ID and version.'
required: true
responses:
'200':
@ -330,9 +333,9 @@ paths:
schema:
$ref: '#/components/schemas/PersistTimelineResponse'
description: >-
Indicates that the draft timeline was successfully created. In the
event the user already has a draft timeline, the existing draft
timeline is cleared and returned.
Indicates that the draft Timeline was successfully created. In the
event the user already has a draft Timeline, the existing draft
Timeline is cleared and returned.
'405':
content:
application/json:
@ -345,12 +348,13 @@ paths:
type: number
description: >-
Indicates that the user does not have the required access to create
a draft timeline.
summary: Updates an existing timeline.
a draft Timeline.
summary: Update a Timeline
tags:
- Security Timeline API
- 'access:securitySolution'
post:
description: Create a new Timeline or Timeline template.
operationId: CreateTimelines
requestBody:
content:
@ -381,7 +385,7 @@ paths:
required:
- timeline
description: >-
The required timeline fields used to create a new timeline along with
The required Timeline fields used to create a new Timeline, along with
optional fields that will be created if not provided.
required: true
responses:
@ -390,7 +394,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/PersistTimelineResponse'
description: Indicates the timeline was successfully created.
description: Indicates the Timeline was successfully created.
'405':
content:
application/json:
@ -401,8 +405,8 @@ paths:
type: string
statusCode:
type: number
description: Indicates that there was an error in the timeline creation.
summary: Creates a new timeline.
description: Indicates that there was an error in the Timeline creation.
summary: Create a Timeline or Timeline template
tags:
- Security Timeline API
- 'access:securitySolution'
@ -438,6 +442,10 @@ paths:
- 'access:securitySolution'
/api/timeline/_draft:
get:
description: >-
Get the details of the draft Timeline or Timeline template for the
current user. If the user doesn't have a draft Timeline, an empty
Timeline is returned.
operationId: GetDraftTimelines
parameters:
- in: query
@ -451,7 +459,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/PersistTimelineResponse'
description: Indicates that the draft timeline was successfully retrieved.
description: Indicates that the draft Timeline was successfully retrieved.
'403':
content:
'application:json':
@ -463,9 +471,9 @@ paths:
status_code:
type: number
description: >-
If a draft timeline was not found and we attempted to create one, it
If a draft Timeline was not found and we attempted to create one, it
indicates that the user does not have the required permissions to
create a draft timeline.
create a draft Timeline.
'409':
content:
'application:json':
@ -477,19 +485,21 @@ paths:
status_code:
type: number
description: >-
This should never happen, but if a draft timeline was not found and
This should never happen, but if a draft Timeline was not found and
we attempted to create one, it indicates that there is already a
draft timeline with the given timelineId.
summary: >-
Retrieves the draft timeline for the current user. If the user does not
have a draft timeline, an empty timeline is returned.
draft Timeline with the given `timelineId`.
summary: Get draft Timeline or Timeline template details
tags:
- Security Timeline API
- 'access:securitySolution'
post:
description: >
Retrieves a clean draft timeline. If a draft timeline does not exist, it
is created and returned.
Create a clean draft Timeline or Timeline template for the current user.
> info
> If the user already has a draft Timeline, the existing draft Timeline
is cleared and returned.
operationId: CleanDraftTimelines
requestBody:
content:
@ -502,7 +512,7 @@ paths:
required:
- timelineType
description: >-
The type of timeline to create. Valid values are `default` and
The type of Timeline to create. Valid values are `default` and
`template`.
required: true
responses:
@ -512,9 +522,9 @@ paths:
schema:
$ref: '#/components/schemas/PersistTimelineResponse'
description: >-
Indicates that the draft timeline was successfully created. In the
event the user already has a draft timeline, the existing draft
timeline is cleared and returned.
Indicates that the draft Timeline was successfully created. In the
event the user already has a draft Timeline, the existing draft
Timeline is cleared and returned.
'403':
content:
'application:json':
@ -527,7 +537,7 @@ paths:
type: number
description: >-
Indicates that the user does not have the required permissions to
create a draft timeline.
create a draft Timeline.
'409':
content:
'application:json':
@ -539,14 +549,15 @@ paths:
status_code:
type: number
description: >-
Indicates that there is already a draft timeline with the given
timelineId.
summary: Retrieves a draft timeline or timeline template.
Indicates that there is already a draft Timeline with the given
`timelineId`.
summary: Create a clean draft Timeline or Timeline template
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline/_export:
post:
description: Export Timelines as an NDJSON file.
operationId: ExportTimelines
parameters:
- description: The name of the file to export
@ -566,16 +577,16 @@ paths:
type: string
nullable: true
type: array
description: The ids of the timelines to export
description: The IDs of the Timelines to export.
required: true
responses:
'200':
content:
application/ndjson:
schema:
description: NDJSON of the exported timelines
description: NDJSON of the exported Timelines
type: string
description: Indicates the timelines were successfully exported
description: Indicates the Timelines were successfully exported.
'400':
content:
application/ndjson:
@ -586,13 +597,14 @@ paths:
type: string
statusCode:
type: number
description: Indicates that the export size limit was exceeded
summary: Exports timelines as an NDJSON file
description: Indicates that the export size limit was exceeded.
summary: Export Timelines
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline/_favorite:
patch:
description: Favorite a Timeline or Timeline template for the current user.
operationId: PersistFavoriteRoute
requestBody:
content:
@ -617,7 +629,7 @@ paths:
- templateTimelineId
- templateTimelineVersion
- timelineType
description: The required fields used to favorite a (template) timeline.
description: The required fields used to favorite a (template) Timeline.
required: true
responses:
'200':
@ -649,12 +661,13 @@ paths:
description: >-
Indicates the user does not have the required permissions to persist
the favorite status.
summary: Persists a given users favorite status of a timeline.
summary: Favorite a Timeline or Timeline template
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline/_import:
post:
description: Import Timelines.
operationId: ImportTimelines
requestBody:
content:
@ -670,7 +683,7 @@ paths:
type: string
required:
- file
description: The timelines to import as a readable stream.
description: The Timelines to import as a readable stream.
required: true
responses:
'200':
@ -678,7 +691,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ImportTimelineResult'
description: Indicates the import of timelines was successful.
description: Indicates the import of Timelines was successful.
'400':
content:
application/json:
@ -692,7 +705,7 @@ paths:
statusCode:
type: number
description: >-
Indicates the import of timelines was unsuccessful because of an
Indicates the import of Timelines was unsuccessful because of an
invalid file extension.
'404':
content:
@ -719,13 +732,14 @@ paths:
type: string
statusCode:
type: number
description: Indicates the import of timelines was unsuccessful.
summary: Imports timelines.
description: Indicates the import of Timelines was unsuccessful.
summary: Import Timelines
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline/_prepackaged:
post:
description: Install or update prepackaged Timelines.
operationId: InstallPrepackedTimelines
requestBody:
content:
@ -752,7 +766,7 @@ paths:
- timelinesToInstall
- timelinesToUpdate
- prepackagedTimelines
description: The timelines to install or update.
description: The Timelines to install or update.
required: true
responses:
'200':
@ -760,7 +774,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ImportTimelineResult'
description: Indicates the installation of prepackaged timelines was successful.
description: Indicates the installation of prepackaged Timelines was successful.
'500':
content:
'application:json':
@ -772,9 +786,9 @@ paths:
statusCode:
type: number
description: >-
Indicates the installation of prepackaged timelines was
Indicates the installation of prepackaged Timelines was
unsuccessful.
summary: Installs prepackaged timelines.
summary: Install prepackaged Timelines
tags:
- Security Timeline API
- 'access:securitySolution'
@ -806,17 +820,18 @@ paths:
- data
- additionalProperties: false
type: object
description: The (template) timeline has been found
description: The (template) Timeline has been found
'400':
description: The request is missing parameters
'404':
description: The (template) timeline was not found
summary: Get an existing saved timeline or timeline template.
description: The (template) Timeline was not found
summary: Get an existing saved Timeline or Timeline template
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timelines:
get:
description: Get a list of all saved Timelines or Timeline templates.
operationId: GetTimelines
parameters:
- description: >-
@ -892,7 +907,7 @@ paths:
required:
- timeline
- totalCount
description: Indicates that the (template) timelines were found and returned.
description: Indicates that the (template) Timelines were found and returned.
'400':
content:
'application:json':
@ -904,9 +919,7 @@ paths:
statusCode:
type: number
description: Bad request. The user supplied invalid data.
summary: >-
This API is used to retrieve a list of existing saved timelines or
timeline templates.
summary: Get Timelines or Timeline templates
tags:
- Security Timeline API
- 'access:securitySolution'

155
x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml
View file

@ -15,6 +15,7 @@ servers:
paths:
/api/note:
delete:
description: Delete a note from a Timeline using the note ID.
operationId: DeleteNote
requestBody:
content:
@ -38,7 +39,7 @@ paths:
type: array
required:
- noteIds
description: The id of the note to delete.
description: The ID of the note to delete.
required: true
responses:
'200':
@ -50,12 +51,12 @@ paths:
data:
type: object
description: Indicates the note was successfully deleted.
summary: Deletes a note from a timeline.
summary: Delete a note
tags:
- Security Timeline API
- 'access:securitySolution'
get:
description: Gets notes
description: Get all notes for a given document.
operationId: GetNotes
parameters:
- in: query
@ -114,11 +115,12 @@ paths:
- $ref: '#/components/schemas/GetNotesResult'
- type: object
description: Indicates the requested notes were returned.
summary: Get all notes for a given document.
summary: Get notes
tags:
- Security Timeline API
- 'access:securitySolution'
patch:
description: Add a note to a Timeline or update an existing note.
operationId: PersistNoteRoute
requestBody:
content:
@ -148,7 +150,7 @@ paths:
type: string
required:
- note
description: The note to persist or update along with additional metadata.
description: 'The note to add or update, along with additional metadata.'
required: true
responses:
'200':
@ -167,12 +169,13 @@ paths:
required:
- data
description: Indicates the note was successfully created.
summary: Persists a note to a timeline.
summary: Add or update a note
tags:
- Security Timeline API
- 'access:securitySolution'
/api/pinned_event:
patch:
description: Pin an event to an existing Timeline.
operationId: PersistPinnedEventRoute
requestBody:
content:
@ -190,7 +193,7 @@ paths:
required:
- eventId
- timelineId
description: The pinned event to persist or update along with additional metadata.
description: 'The pinned event to add or update, along with additional metadata.'
required: true
responses:
'200':
@ -208,13 +211,14 @@ paths:
- persistPinnedEventOnTimeline
required:
- data
description: Indicate the event was successfully pinned in the timeline.
summary: Persists a pinned event to a timeline.
description: Indicates the event was successfully pinned to the Timeline.
summary: Pin an event
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline:
delete:
description: Delete one or more Timelines or Timeline templates.
operationId: DeleteTimelines
requestBody:
content:
@ -235,7 +239,7 @@ paths:
type: array
required:
- savedObjectIds
description: The ids of the timelines or timeline templates to delete.
description: The IDs of the Timelines or Timeline templates to delete.
required: true
responses:
'200':
@ -253,12 +257,13 @@ paths:
- deleteTimeline
required:
- data
description: Indicates the timeline was successfully deleted.
summary: Deletes one or more timelines or timeline templates.
description: Indicates the Timeline was successfully deleted.
summary: Delete Timelines or Timeline templates
tags:
- Security Timeline API
- 'access:securitySolution'
get:
description: Get the details of an existing saved Timeline or Timeline template.
operationId: GetTimeline
parameters:
- description: The ID of the template timeline to retrieve
@ -266,7 +271,7 @@ paths:
name: template_timeline_id
schema:
type: string
- description: The ID of the timeline to retrieve
- description: The ID of the Timeline to retrieve.
in: query
name: id
schema:
@ -290,18 +295,16 @@ paths:
- data
- additionalProperties: false
type: object
description: Indicates that the (template) timeline was found and returned.
summary: >-
Get an existing saved timeline or timeline template. This API is used to
retrieve an existing saved timeline or timeline template.
description: Indicates that the (template) Timeline was found and returned.
summary: Get Timeline or Timeline template details
tags:
- Security Timeline API
- 'access:securitySolution'
patch:
description: >-
Updates an existing timeline. This API is used to update the title,
description, date range, pinned events, pinned queries, and/or pinned
saved queries of an existing timeline.
Update an existing Timeline. You can update the title, description, date
range, pinned events, pinned queries, and/or pinned saved queries of an
existing Timeline.
operationId: PatchTimeline
requestBody:
content:
@ -321,7 +324,7 @@ paths:
- timelineId
- version
- timeline
description: The timeline updates along with the timeline ID and version.
description: 'The Timeline updates, along with the Timeline ID and version.'
required: true
responses:
'200':
@ -330,9 +333,9 @@ paths:
schema:
$ref: '#/components/schemas/PersistTimelineResponse'
description: >-
Indicates that the draft timeline was successfully created. In the
event the user already has a draft timeline, the existing draft
timeline is cleared and returned.
Indicates that the draft Timeline was successfully created. In the
event the user already has a draft Timeline, the existing draft
Timeline is cleared and returned.
'405':
content:
application/json:
@ -345,12 +348,13 @@ paths:
type: number
description: >-
Indicates that the user does not have the required access to create
a draft timeline.
summary: Updates an existing timeline.
a draft Timeline.
summary: Update a Timeline
tags:
- Security Timeline API
- 'access:securitySolution'
post:
description: Create a new Timeline or Timeline template.
operationId: CreateTimelines
requestBody:
content:
@ -381,7 +385,7 @@ paths:
required:
- timeline
description: >-
The required timeline fields used to create a new timeline along with
The required Timeline fields used to create a new Timeline, along with
optional fields that will be created if not provided.
required: true
responses:
@ -390,7 +394,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/PersistTimelineResponse'
description: Indicates the timeline was successfully created.
description: Indicates the Timeline was successfully created.
'405':
content:
application/json:
@ -401,8 +405,8 @@ paths:
type: string
statusCode:
type: number
description: Indicates that there was an error in the timeline creation.
summary: Creates a new timeline.
description: Indicates that there was an error in the Timeline creation.
summary: Create a Timeline or Timeline template
tags:
- Security Timeline API
- 'access:securitySolution'
@ -438,6 +442,10 @@ paths:
- 'access:securitySolution'
/api/timeline/_draft:
get:
description: >-
Get the details of the draft Timeline or Timeline template for the
current user. If the user doesn't have a draft Timeline, an empty
Timeline is returned.
operationId: GetDraftTimelines
parameters:
- in: query
@ -451,7 +459,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/PersistTimelineResponse'
description: Indicates that the draft timeline was successfully retrieved.
description: Indicates that the draft Timeline was successfully retrieved.
'403':
content:
'application:json':
@ -463,9 +471,9 @@ paths:
status_code:
type: number
description: >-
If a draft timeline was not found and we attempted to create one, it
If a draft Timeline was not found and we attempted to create one, it
indicates that the user does not have the required permissions to
create a draft timeline.
create a draft Timeline.
'409':
content:
'application:json':
@ -477,19 +485,21 @@ paths:
status_code:
type: number
description: >-
This should never happen, but if a draft timeline was not found and
This should never happen, but if a draft Timeline was not found and
we attempted to create one, it indicates that there is already a
draft timeline with the given timelineId.
summary: >-
Retrieves the draft timeline for the current user. If the user does not
have a draft timeline, an empty timeline is returned.
draft Timeline with the given `timelineId`.
summary: Get draft Timeline or Timeline template details
tags:
- Security Timeline API
- 'access:securitySolution'
post:
description: >
Retrieves a clean draft timeline. If a draft timeline does not exist, it
is created and returned.
Create a clean draft Timeline or Timeline template for the current user.
> info
> If the user already has a draft Timeline, the existing draft Timeline
is cleared and returned.
operationId: CleanDraftTimelines
requestBody:
content:
@ -502,7 +512,7 @@ paths:
required:
- timelineType
description: >-
The type of timeline to create. Valid values are `default` and
The type of Timeline to create. Valid values are `default` and
`template`.
required: true
responses:
@ -512,9 +522,9 @@ paths:
schema:
$ref: '#/components/schemas/PersistTimelineResponse'
description: >-
Indicates that the draft timeline was successfully created. In the
event the user already has a draft timeline, the existing draft
timeline is cleared and returned.
Indicates that the draft Timeline was successfully created. In the
event the user already has a draft Timeline, the existing draft
Timeline is cleared and returned.
'403':
content:
'application:json':
@ -527,7 +537,7 @@ paths:
type: number
description: >-
Indicates that the user does not have the required permissions to
create a draft timeline.
create a draft Timeline.
'409':
content:
'application:json':
@ -539,14 +549,15 @@ paths:
status_code:
type: number
description: >-
Indicates that there is already a draft timeline with the given
timelineId.
summary: Retrieves a draft timeline or timeline template.
Indicates that there is already a draft Timeline with the given
`timelineId`.
summary: Create a clean draft Timeline or Timeline template
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline/_export:
post:
description: Export Timelines as an NDJSON file.
operationId: ExportTimelines
parameters:
- description: The name of the file to export
@ -566,16 +577,16 @@ paths:
type: string
nullable: true
type: array
description: The ids of the timelines to export
description: The IDs of the Timelines to export.
required: true
responses:
'200':
content:
application/ndjson:
schema:
description: NDJSON of the exported timelines
description: NDJSON of the exported Timelines
type: string
description: Indicates the timelines were successfully exported
description: Indicates the Timelines were successfully exported.
'400':
content:
application/ndjson:
@ -586,13 +597,14 @@ paths:
type: string
statusCode:
type: number
description: Indicates that the export size limit was exceeded
summary: Exports timelines as an NDJSON file
description: Indicates that the export size limit was exceeded.
summary: Export Timelines
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline/_favorite:
patch:
description: Favorite a Timeline or Timeline template for the current user.
operationId: PersistFavoriteRoute
requestBody:
content:
@ -617,7 +629,7 @@ paths:
- templateTimelineId
- templateTimelineVersion
- timelineType
description: The required fields used to favorite a (template) timeline.
description: The required fields used to favorite a (template) Timeline.
required: true
responses:
'200':
@ -649,12 +661,13 @@ paths:
description: >-
Indicates the user does not have the required permissions to persist
the favorite status.
summary: Persists a given users favorite status of a timeline.
summary: Favorite a Timeline or Timeline template
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline/_import:
post:
description: Import Timelines.
operationId: ImportTimelines
requestBody:
content:
@ -670,7 +683,7 @@ paths:
type: string
required:
- file
description: The timelines to import as a readable stream.
description: The Timelines to import as a readable stream.
required: true
responses:
'200':
@ -678,7 +691,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ImportTimelineResult'
description: Indicates the import of timelines was successful.
description: Indicates the import of Timelines was successful.
'400':
content:
application/json:
@ -692,7 +705,7 @@ paths:
statusCode:
type: number
description: >-
Indicates the import of timelines was unsuccessful because of an
Indicates the import of Timelines was unsuccessful because of an
invalid file extension.
'404':
content:
@ -719,13 +732,14 @@ paths:
type: string
statusCode:
type: number
description: Indicates the import of timelines was unsuccessful.
summary: Imports timelines.
description: Indicates the import of Timelines was unsuccessful.
summary: Import Timelines
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timeline/_prepackaged:
post:
description: Install or update prepackaged Timelines.
operationId: InstallPrepackedTimelines
requestBody:
content:
@ -752,7 +766,7 @@ paths:
- timelinesToInstall
- timelinesToUpdate
- prepackagedTimelines
description: The timelines to install or update.
description: The Timelines to install or update.
required: true
responses:
'200':
@ -760,7 +774,7 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ImportTimelineResult'
description: Indicates the installation of prepackaged timelines was successful.
description: Indicates the installation of prepackaged Timelines was successful.
'500':
content:
'application:json':
@ -772,9 +786,9 @@ paths:
statusCode:
type: number
description: >-
Indicates the installation of prepackaged timelines was
Indicates the installation of prepackaged Timelines was
unsuccessful.
summary: Installs prepackaged timelines.
summary: Install prepackaged Timelines
tags:
- Security Timeline API
- 'access:securitySolution'
@ -806,17 +820,18 @@ paths:
- data
- additionalProperties: false
type: object
description: The (template) timeline has been found
description: The (template) Timeline has been found
'400':
description: The request is missing parameters
'404':
description: The (template) timeline was not found
summary: Get an existing saved timeline or timeline template.
description: The (template) Timeline was not found
summary: Get an existing saved Timeline or Timeline template
tags:
- Security Timeline API
- 'access:securitySolution'
/api/timelines:
get:
description: Get a list of all saved Timelines or Timeline templates.
operationId: GetTimelines
parameters:
- description: >-
@ -892,7 +907,7 @@ paths:
required:
- timeline
- totalCount
description: Indicates that the (template) timelines were found and returned.
description: Indicates that the (template) Timelines were found and returned.
'400':
content:
'application:json':
@ -904,9 +919,7 @@ paths:
statusCode:
type: number
description: Bad request. The user supplied invalid data.
summary: >-
This API is used to retrieve a list of existing saved timelines or
timeline templates.
summary: Get Timelines or Timeline templates
tags:
- Security Timeline API
- 'access:securitySolution'

44
x-pack/test/api_integration/services/security_solution_api.gen.ts
View file

@ -254,7 +254,9 @@ after 30 days. It also deletes other artifacts specific to the migration impleme
.send(props.body as object);
},
/**
* Retrieves a clean draft timeline. If a draft timeline does not exist, it is created and returned.
* Create a clean draft Timeline or Timeline template for the current user.
> info
> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
*/
cleanDraftTimelines(props: CleanDraftTimelinesProps, kibanaSpace: string = 'default') {
@ -332,6 +334,9 @@ Migrations are initiated per index. While the process is neither destructive nor
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
/**
* Create a new Timeline or Timeline template.
*/
createTimelines(props: CreateTimelinesProps, kibanaSpace: string = 'default') {
return supertest
.post(routeWithNamespace('/api/timeline', kibanaSpace))
@ -393,6 +398,9 @@ Migrations are initiated per index. While the process is neither destructive nor
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Delete a note from a Timeline using the note ID.
*/
deleteNote(props: DeleteNoteProps, kibanaSpace: string = 'default') {
return supertest
.delete(routeWithNamespace('/api/note', kibanaSpace))
@ -412,6 +420,9 @@ Migrations are initiated per index. While the process is neither destructive nor
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Delete one or more Timelines or Timeline templates.
*/
deleteTimelines(props: DeleteTimelinesProps, kibanaSpace: string = 'default') {
return supertest
.delete(routeWithNamespace('/api/timeline', kibanaSpace))
@ -687,6 +698,9 @@ Migrations are initiated per index. While the process is neither destructive nor
.send(props.body as object)
.query(props.query);
},
/**
* Export Timelines as an NDJSON file.
*/
exportTimelines(props: ExportTimelinesProps, kibanaSpace: string = 'default') {
return supertest
.post(routeWithNamespace('/api/timeline/_export', kibanaSpace))
@ -764,6 +778,9 @@ finalize it.
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned.
*/
getDraftTimelines(props: GetDraftTimelinesProps, kibanaSpace: string = 'default') {
return supertest
.get(routeWithNamespace('/api/timeline/_draft', kibanaSpace))
@ -818,7 +835,7 @@ finalize it.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Gets notes
* Get all notes for a given document.
*/
getNotes(props: GetNotesProps, kibanaSpace: string = 'default') {
return supertest
@ -896,6 +913,9 @@ finalize it.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Get the details of an existing saved Timeline or Timeline template.
*/
getTimeline(props: GetTimelineProps, kibanaSpace: string = 'default') {
return supertest
.get(routeWithNamespace('/api/timeline', kibanaSpace))
@ -904,6 +924,9 @@ finalize it.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Get a list of all saved Timelines or Timeline templates.
*/
getTimelines(props: GetTimelinesProps, kibanaSpace: string = 'default') {
return supertest
.get(routeWithNamespace('/api/timelines', kibanaSpace))
@ -926,6 +949,9 @@ finalize it.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
/**
* Import Timelines.
*/
importTimelines(props: ImportTimelinesProps, kibanaSpace: string = 'default') {
return supertest
.post(routeWithNamespace('/api/timeline/_import', kibanaSpace))
@ -967,6 +993,9 @@ finalize it.
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Install or update prepackaged Timelines.
*/
installPrepackedTimelines(
props: InstallPrepackedTimelinesProps,
kibanaSpace: string = 'default'
@ -1015,7 +1044,7 @@ finalize it.
.send(props.body as object);
},
/**
* Updates an existing timeline. This API is used to update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing timeline.
* Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline.
*/
patchTimeline(props: PatchTimelineProps, kibanaSpace: string = 'default') {
return supertest
@ -1037,6 +1066,9 @@ finalize it.
.send(props.body as object)
.query(props.query);
},
/**
* Favorite a Timeline or Timeline template for the current user.
*/
persistFavoriteRoute(props: PersistFavoriteRouteProps, kibanaSpace: string = 'default') {
return supertest
.patch(routeWithNamespace('/api/timeline/_favorite', kibanaSpace))
@ -1045,6 +1077,9 @@ finalize it.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
/**
* Add a note to a Timeline or update an existing note.
*/
persistNoteRoute(props: PersistNoteRouteProps, kibanaSpace: string = 'default') {
return supertest
.patch(routeWithNamespace('/api/note', kibanaSpace))
@ -1053,6 +1088,9 @@ finalize it.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
/**
* Pin an event to an existing Timeline.
*/
persistPinnedEventRoute(props: PersistPinnedEventRouteProps, kibanaSpace: string = 'default') {
return supertest
.patch(routeWithNamespace('/api/pinned_event', kibanaSpace))