github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Detection Engine][Docs] Updating examples to meet old ascii docs (#207558)

Browse source 
# Summary

As part of the effort to add missing content for Security APIs, this PR
introduces a few missing request, response, and parameter examples for
Detection Engine Alert and migration APIs.
This commit is contained in:
Yara Tercero 2025-02-04 23:02:48 -08:00 committed by GitHub
parent a93aaeee97
commit d4199dcac1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 1601 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

277
oas_docs/output/kibana.serverless.yaml
View file

@ -8011,6 +8011,42 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema:
type: object
properties:
@ -8682,6 +8718,23 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema:
type: object
properties:
@ -8690,13 +8743,32 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '#/components/schemas/Security_Detections_API_AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required:
- assignees
- ids
required: true
responses:
'200':
content:
application/ndjson:
examples:
add:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 76,
total: 1,
updated: 1,
version_conflicts: 0,
description: Indicates a successful call.
'400':
description: Invalid request.
@ -8711,6 +8783,35 @@ paths:
requestBody:
content:
application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: '2025-01-17T08:00:00.000Z'
lte: '2025-01-18T07:59:59.999Z'
runtime_mappings: {}
size: 0
schema:
description: Elasticsearch query and aggregation request
type: object
@ -8748,6 +8849,31 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema:
additionalProperties: true
description: Elasticsearch search response
@ -8784,6 +8910,43 @@ paths:
requestBody:
content:
application/json:
examples:
byId:
value:
signal_ids:
- 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema:
oneOf:
- $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds'
@ -8794,6 +8957,41 @@ paths:
'200':
content:
application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -8833,6 +9031,23 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema:
type: object
properties:
@ -8849,6 +9064,24 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
bulk: 0,
search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 68,
total: 1,
updated: 1,
version_conflicts: 0,
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -44925,22 +45158,28 @@ components:
type: object
properties:
add:
description: A list of users ids to assign.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array
remove:
description: A list of users ids to unassign.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array
required:
- add
- remove
Security_Detections_API_AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
Security_Detections_API_AlertsIndex:
@ -44962,6 +45201,7 @@ components:
- additionalProperties: true
type: object
Security_Detections_API_AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
enum:
- open
- closed
@ -45012,8 +45252,12 @@ components:
- suppress
type: string
Security_Detections_API_AlertTag:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: Use alert tags to organize related alerts into categories that you can filter and group.
format: nonempty
minLength: 1
type: string
Security_Detections_API_AlertTags:
description: List of keywords to organize related alerts into categories that you can filter and group.
items:
$ref: '#/components/schemas/Security_Detections_API_AlertTag'
type: array
@ -49019,8 +49263,11 @@ components:
type: object
properties:
signal_ids:
description: List of alert `id`s.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
status:
@ -49046,6 +49293,7 @@ components:
- query
- status
Security_Detections_API_SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:
@ -50802,9 +51050,11 @@ components:
- microsoft_defender_endpoint
type: string
Security_Endpoint_Management_API_AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
Security_Endpoint_Management_API_CaseIds:
@ -51085,11 +51335,6 @@ components:
type: string
required:
- hostStatuses
Security_Endpoint_Management_API_NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Security_Endpoint_Management_API_Page:
default: 1
description: Page number

358
oas_docs/output/kibana.yaml
View file

@ -9498,6 +9498,11 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
index_mapping_outdated: false
name: .alerts-security.alerts-default
schema:
type: object
properties:
@ -9590,6 +9595,42 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema:
type: object
properties:
@ -10509,6 +10550,23 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema:
type: object
properties:
@ -10517,13 +10575,32 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '#/components/schemas/Security_Detections_API_AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required:
- assignees
- ids
required: true
responses:
'200':
content:
application/ndjson:
examples:
add:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 76,
total: 1,
updated: 1,
version_conflicts: 0,
description: Indicates a successful call.
'400':
description: Invalid request.
@ -10542,9 +10619,13 @@ paths:
content:
application/json:
schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object
properties:
migration_ids:
description: Array of `migration_id`s to finalize.
items:
type: string
minItems: 1
@ -10557,6 +10638,17 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
migrations:
- completed: true
destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema:
items:
$ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult'
@ -10601,9 +10693,13 @@ paths:
content:
application/json:
schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object
properties:
migration_ids:
description: Array of `migration_id`s to cleanup.
items:
type: string
minItems: 1
@ -10616,6 +10712,16 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
migrations:
- destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema:
items:
$ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult'
@ -10653,13 +10759,21 @@ paths:
requestBody:
content:
application/json:
examples:
singleIndex:
value:
index:
- .siem-signals-default-000001
schema:
allOf:
- type: object
properties:
index:
description: Array of index names to migrate.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
required:
@ -10671,6 +10785,13 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
indices:
- index: .siem-signals-default-000001,
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
schema:
type: object
properties:
@ -10708,7 +10829,7 @@ paths:
tags:
- Security Detections API
/api/detection_engine/signals/migration_status:
post:
get:
deprecated: true
description: Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices.
operationId: ReadAlertsMigrationStatus
@ -10721,12 +10842,37 @@ paths:
description: |
Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes
before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
example: now-30d
format: date-math
type: string
responses:
'200':
content:
application/json:
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
is_outdated: true
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
updated: '2021-01-06T20:41:37.173Z'
version: 16
signal_versions:
- count: 100
version: 15
- count: 87
version: 16
version: 15
- index: .siem-signals-default-000003
is_outdated: false
migrations: []
signal_versions:
- count: 54
version: 16
version: 16
schema:
type: object
properties:
@ -10767,6 +10913,35 @@ paths:
requestBody:
content:
application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: '2025-01-17T08:00:00.000Z'
lte: '2025-01-18T07:59:59.999Z'
runtime_mappings: {}
size: 0
schema:
description: Elasticsearch query and aggregation request
type: object
@ -10804,6 +10979,31 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema:
additionalProperties: true
description: Elasticsearch search response
@ -10839,6 +11039,43 @@ paths:
requestBody:
content:
application/json:
examples:
byId:
value:
signal_ids:
- 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: '2024-10-23T07:00:00.000Z'
lte: '2025-01-21T20:12:11.704Z'
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema:
oneOf:
- $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds'
@ -10849,6 +11086,41 @@ paths:
'200':
content:
application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -10887,6 +11159,23 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema:
type: object
properties:
@ -10903,6 +11192,24 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
bulk: 0,
search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 68,
total: 1,
updated: 1,
version_conflicts: 0,
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -51428,22 +51735,28 @@ components:
type: object
properties:
add:
description: A list of users ids to assign.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array
remove:
description: A list of users ids to unassign.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array
required:
- add
- remove
Security_Detections_API_AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
Security_Detections_API_AlertsIndex:
@ -51488,12 +51801,15 @@ components:
type: object
properties:
requests_per_second:
description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
minimum: 1
type: integer
size:
description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
minimum: 1
type: integer
slices:
description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
minimum: 1
type: integer
Security_Detections_API_AlertsSort:
@ -51508,6 +51824,7 @@ components:
- additionalProperties: true
type: object
Security_Detections_API_AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
enum:
- open
- closed
@ -51558,8 +51875,12 @@ components:
- suppress
type: string
Security_Detections_API_AlertTag:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
description: Use alert tags to organize related alerts into categories that you can filter and group.
format: nonempty
minLength: 1
type: string
Security_Detections_API_AlertTags:
description: List of keywords to organize related alerts into categories that you can filter and group.
items:
$ref: '#/components/schemas/Security_Detections_API_AlertTag'
type: array
@ -55702,8 +56023,11 @@ components:
type: object
properties:
signal_ids:
description: List of alert `id`s.
items:
$ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
status:
@ -55729,6 +56053,7 @@ components:
- query
- status
Security_Detections_API_SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:
@ -57492,9 +57817,11 @@ components:
- microsoft_defender_endpoint
type: string
Security_Endpoint_Management_API_AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
Security_Endpoint_Management_API_CaseIds:
@ -57775,11 +58102,6 @@ components:
type: string
required:
- hostStatuses
Security_Endpoint_Management_API_NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Security_Endpoint_Management_API_Page:
default: 1
description: Page number

15
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts
View file

@ -15,20 +15,14 @@
*/
import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { AlertIds } from '../../model/alert.gen';
import { NonEmptyString } from '../../model/primitives.gen';
export type AlertAssignees = z.infer<typeof AlertAssignees>;
export const AlertAssignees = z.object({
/**
* A list of users ids to assign.
*/
add: z.array(NonEmptyString),
/**
* A list of users ids to unassign.
*/
remove: z.array(NonEmptyString),
add: z.array(z.string().min(1).superRefine(isNonEmptyString)),
remove: z.array(z.string().min(1).superRefine(isNonEmptyString)),
});
export type SetAlertAssigneesRequestBody = z.infer<typeof SetAlertAssigneesRequestBody>;
@ -37,9 +31,6 @@ export const SetAlertAssigneesRequestBody = z.object({
* Details about the assignees to assign and unassign.
*/
assignees: AlertAssignees,
/**
* List of alerts ids to assign and unassign passed assignees.
*/
ids: AlertIds,
});
export type SetAlertAssigneesRequestBodyInput = z.input<typeof SetAlertAssigneesRequestBody>;

46
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml
View file

@ -28,10 +28,42 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '../../model/alert.schema.yaml#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
examples:
add:
value:
assignees:
add: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0']
remove: []
ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6']
remove:
value:
assignees:
add: []
remove: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0']
ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6']
responses:
200:
description: Indicates a successful call.
content:
application/ndjson:
examples:
add:
value:
took: 76,
timed_out: false,
total: 1,
updated: 1,
deleted: 0,
batches: 1,
version_conflicts: 0,
noops: 0,
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
requests_per_second: -1,
throttled_until_millis: 0,
failures: []
400:
description: Invalid request.
@ -46,10 +78,14 @@ components:
add:
type: array
items:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
description: A list of users ids to assign.
type: string
format: nonempty
minLength: 1
description: A list of users ids to assign.
remove:
type: array
items:
$ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
description: A list of users ids to unassign.
type: string
format: nonempty
minLength: 1
description: A list of users ids to unassign.

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts
View file

@ -18,6 +18,9 @@ import { z } from '@kbn/zod';
import { AlertIds, AlertTags } from '../../../model/alert.gen';
/**
* Object with list of tags to add and remove.
*/
export type SetAlertTags = z.infer<typeof SetAlertTags>;
export const SetAlertTags = z.object({
tags_to_add: AlertTags,

32
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml
View file

@ -30,6 +30,19 @@ paths:
required:
- ids
- tags
examples:
add:
value:
tags:
tags_to_add: ['Duplicate']
tags_to_remove: []
ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e']
remove:
value:
tags:
tags_to_add: []
tags_to_remove: ['Duplicate']
ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e']
responses:
200:
description: Successful response
@ -39,6 +52,24 @@ paths:
type: object
additionalProperties: true
description: Elasticsearch update by query response
examples:
success:
value:
took: 68,
timed_out: false,
total: 1,
updated: 1,
deleted: 0,
batches: 1,
version_conflicts: 0,
noops: 0,
retries:
bulk: 0,
search: 0
throttled_millis: 0,
requests_per_second: -1,
throttled_until_millis: 0,
failures: []
400:
description: Invalid input data response
content:
@ -63,6 +94,7 @@ paths:
components:
schemas:
SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:

5
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml
View file

@ -25,6 +25,11 @@ paths:
type: boolean
nullable: true
required: [name, index_mapping_outdated]
examples:
success:
value:
index_mapping_outdated: false
name: '.alerts-security.alerts-default'
401:
description: Unsuccessful authentication response
content:

36
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml
View file

@ -29,6 +29,42 @@ paths:
has_encryption_key:
type: boolean
required: [is_authenticated, has_encryption_key]
examples:
success:
value:
username: elastic
has_all_requested: true
cluster:
all: true
monitor_ml: true
manage_transform: true
manage_index_templates: true
monitor_transform: true
manage_ml: true
monitor: true
manage_pipeline: true
manage_api_key: true
manage_security: true
manage_own_api_key: true
manage: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
application: {}
is_authenticated: true
has_encryption_key: true
401:
description: Unsuccessful authentication response
content:

54
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml
View file

@ -48,6 +48,35 @@ paths:
sort:
$ref: '#/components/schemas/AlertsSort'
description: Elasticsearch query and aggregation request
examples:
query:
value:
size: 0
query:
bool:
filter:
- bool:
must: []
filter:
- match_phrase:
kibana.alert.workflow_status: open
should: []
must_not:
- exists:
field: kibana.alert.building_block_type
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
runtime_mappings: {}
responses:
200:
description: Successful response
@ -57,6 +86,31 @@ paths:
type: object
additionalProperties: true
description: Elasticsearch search response
examples:
success:
value:
took: 0
timed_out: false
_shards:
total: 1
successful: 1
skipped: 0
failed: 0
hits:
total:
value: 5
relation: eq
max_score: null
hits: []
aggregations:
alertsByGrouping:
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
buckets:
- key: Host-f43kkddfyc
doc_count: 5
missingFields:
doc_count: 0
400:
description: Invalid input data response
content:

7
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts
View file

@ -15,13 +15,16 @@
*/
import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { NonEmptyString } from '../../../model/primitives.gen';
import { AlertStatus } from '../../../model/alert.gen';
export type SetAlertsStatusByIds = z.infer<typeof SetAlertsStatusByIds>;
export const SetAlertsStatusByIds = z.object({
signal_ids: z.array(NonEmptyString).min(1),
/**
* List of alert `id`s.
*/
signal_ids: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1),
status: AlertStatus,
});

76
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml
View file

@ -21,6 +21,42 @@ paths:
oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds'
- $ref: '#/components/schemas/SetAlertsStatusByQuery'
examples:
byId:
value:
status: closed
signal_ids: ['80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1']
byQuery:
value:
conflicts: proceed
status: closed
query:
bool:
must: []
filter:
- range:
'@timestamp':
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
format: strict_date_optional_time
- bool:
filter:
bool:
must: []
filter:
- match_phrase:
kibana.alert.workflow_status: open
- range:
'@timestamp':
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
format: strict_date_optional_time
should: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must_not: []
responses:
200:
description: Successful response
@ -30,6 +66,41 @@ paths:
type: object
additionalProperties: true
description: Elasticsearch update by query response
examples:
byId:
value:
took: 81
timed_out: false
total: 1
updated: 1
deleted: 0
batches: 1
version_conflicts: 0
noops: 0
retries:
bulk: 0
search: 0
throttled_millis: 0
requests_per_second: -1
throttled_until_millis: 0
failures: []
byQuery:
value:
took: 100
timed_out: false
total: 17
updated: 17
deleted: 0
batches: 1
version_conflicts: 0
noops: 0
retries:
bulk: 0
search: 0
throttled_millis: 0
requests_per_second: -1
throttled_until_millis: 0
failures: []
400:
description: Invalid input data response
content:
@ -58,8 +129,11 @@ components:
properties:
signal_ids:
type: array
description: List of alert `id`s.
items:
$ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
format: nonempty
minLength: 1
minItems: 1
status:
$ref: '../../../model/alert.schema.yaml#/components/schemas/AlertStatus'

17
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts
View file

@ -15,13 +15,21 @@
*/
import { z } from '@kbn/zod';
import { NonEmptyString } from '../../../model/primitives.gen';
import { isNonEmptyString } from '@kbn/zod-helpers';
export type AlertsReindexOptions = z.infer<typeof AlertsReindexOptions>;
export const AlertsReindexOptions = z.object({
/**
* The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
*/
requests_per_second: z.number().int().min(1).optional(),
/**
* Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
*/
size: z.number().int().min(1).optional(),
/**
* The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
*/
slices: z.number().int().min(1).optional(),
});
@ -49,7 +57,10 @@ export const SkippedAlertsIndexMigration = z.object({
export type CreateAlertsMigrationRequestBody = z.infer<typeof CreateAlertsMigrationRequestBody>;
export const CreateAlertsMigrationRequestBody = z
.object({
index: z.array(NonEmptyString).min(1),
/**
* Array of index names to migrate.
*/
index: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1),
})
.merge(AlertsReindexOptions);
export type CreateAlertsMigrationRequestBodyInput = z.input<

20
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml
View file

@ -25,13 +25,19 @@ paths:
- type: object
properties:
index:
description: Array of index names to migrate.
type: array
items:
$ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
format: nonempty
minLength: 1
minItems: 1
required: [index]
- $ref: '#/components/schemas/AlertsReindexOptions'
examples:
singleIndex:
value:
index: [.siem-signals-default-000001]
responses:
200:
description: Successful response
@ -48,6 +54,13 @@ paths:
- $ref: '#/components/schemas/AlertsIndexMigrationError'
- $ref: '#/components/schemas/SkippedAlertsIndexMigration'
required: [indices]
examples:
success:
value:
indices:
- index: .siem-signals-default-000001,
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
400:
description: Invalid input data response
content:
@ -77,12 +90,15 @@ components:
requests_per_second:
type: integer
minimum: 1
description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.
size:
type: integer
minimum: 1
description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.
slices:
type: integer
minimum: 1
description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API.
AlertsIndexMigrationSuccess:
type: object

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts
View file

@ -34,6 +34,9 @@ export const MigrationCleanupResult = z.object({
export type AlertsMigrationCleanupRequestBody = z.infer<typeof AlertsMigrationCleanupRequestBody>;
export const AlertsMigrationCleanupRequestBody = z.object({
/**
* Array of `migration_id`s to cleanup.
*/
migration_ids: z.array(z.string()).min(1),
});
export type AlertsMigrationCleanupRequestBodyInput = z.input<

15
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml
View file

@ -14,7 +14,7 @@ paths:
Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of
the migration process. A successful migration will result in both the old and new indices being present.
As such, the old, orphaned index can (and likely should) be deleted.
While you can delete these indices manually,
the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted
after 30 days. It also deletes other artifacts specific to the migration implementation.
@ -29,11 +29,14 @@ paths:
type: object
properties:
migration_ids:
description: Array of `migration_id`s to cleanup.
type: array
items:
type: string
minItems: 1
required: [migration_ids]
example:
migration_ids: [924f7c50-505f-11eb-ae0a-3fa2e626a51d]
responses:
200:
description: Successful response
@ -43,6 +46,16 @@ paths:
type: array
items:
$ref: '#/components/schemas/MigrationCleanupResult'
examples:
success:
value:
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
destinationIndex: .siem-signals-default-000002-r000016
status: success
sourceIndex: .siem-signals-default-000002
version: 16
updated: 2021-01-06T22:05:56.859Z
400:
description: Invalid input data response
content:

3
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts
View file

@ -35,6 +35,9 @@ export const MigrationFinalizationResult = z.object({
export type FinalizeAlertsMigrationRequestBody = z.infer<typeof FinalizeAlertsMigrationRequestBody>;
export const FinalizeAlertsMigrationRequestBody = z.object({
/**
* Array of `migration_id`s to finalize.
*/
migration_ids: z.array(z.string()).min(1),
});
export type FinalizeAlertsMigrationRequestBodyInput = z.input<

14
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml
View file

@ -25,11 +25,14 @@ paths:
type: object
properties:
migration_ids:
description: Array of `migration_id`s to finalize.
type: array
items:
type: string
minItems: 1
required: [migration_ids]
example:
migration_ids: ['924f7c50-505f-11eb-ae0a-3fa2e626a51d']
responses:
200:
description: Successful response
@ -39,6 +42,17 @@ paths:
type: array
items:
$ref: '#/components/schemas/MigrationFinalizationResult'
examples:
success:
value:
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
completed: true
destinationIndex: '.siem-signals-default-000002-r000016'
status: success
sourceIndex: '.siem-signals-default-000002'
version: 16
updated: '2021-01-06T22:05:56.859Z'
400:
description: Invalid input data response
content:

27
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml
View file

@ -4,7 +4,7 @@ info:
version: '2023-10-31'
paths:
/api/detection_engine/signals/migration_status:
post:
get:
x-labels: [ess]
operationId: ReadAlertsMigrationStatus
x-codegen-enabled: true
@ -24,6 +24,7 @@ paths:
Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes
before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
format: date-math
example: now-30d
responses:
200:
description: Successful response
@ -37,6 +38,30 @@ paths:
items:
$ref: '#/components/schemas/IndexMigrationStatus'
required: [indices]
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
version: 15
signal_versions:
- version: 15
count: 100
- version: 16
count: 87
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
version: 16
updated: 2021-01-06T20:41:37.173Z
is_outdated: true
- index: .siem-signals-default-000003
version: 16
signal_versions:
- version: 16
count: 54
migrations: []
is_outdated: false
400:
description: Invalid input data response
content:

18
x-pack/solutions/security/plugins/security_solution/common/api/model/alert.gen.ts
View file

@ -15,21 +15,29 @@
*/
import { z } from '@kbn/zod';
import { NonEmptyString } from './primitives.gen';
import { isNonEmptyString } from '@kbn/zod-helpers';
/**
* A list of alerts ids.
* A list of alerts `id`s.
*/
export type AlertIds = z.infer<typeof AlertIds>;
export const AlertIds = z.array(NonEmptyString).min(1);
export const AlertIds = z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1);
/**
* Use alert tags to organize related alerts into categories that you can filter and group.
*/
export type AlertTag = z.infer<typeof AlertTag>;
export const AlertTag = NonEmptyString;
export const AlertTag = z.string().min(1).superRefine(isNonEmptyString);
/**
* List of keywords to organize related alerts into categories that you can filter and group.
*/
export type AlertTags = z.infer<typeof AlertTags>;
export const AlertTags = z.array(AlertTag);
/**
* The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
*/
export type AlertStatus = z.infer<typeof AlertStatus>;
export const AlertStatus = z.enum(['open', 'closed', 'acknowledged', 'in-progress']);
export type AlertStatusEnum = typeof AlertStatus.enum;

13
x-pack/solutions/security/plugins/security_solution/common/api/model/alert.schema.yaml
View file

@ -9,19 +9,26 @@ components:
AlertIds:
type: array
items:
$ref: './primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
minItems: 1
description: A list of alerts ids.
description: A list of alerts `id`s.
AlertTag:
$ref: './primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
format: nonempty
minLength: 1
description: Use alert tags to organize related alerts into categories that you can filter and group.
AlertTags:
type: array
description: List of keywords to organize related alerts into categories that you can filter and group.
items:
$ref: '#/components/schemas/AlertTag'
AlertStatus:
description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.
type: string
enum:
- open

2
x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
View file

@ -1912,7 +1912,7 @@ finalize it.
headers: {
[ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
},
method: 'POST',
method: 'GET',
query: props.query,
})

364
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
View file

@ -65,6 +65,11 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
index_mapping_outdated: false
name: .alerts-security.alerts-default
schema:
type: object
properties:
@ -163,6 +168,42 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema:
type: object
properties:
@ -1001,6 +1042,25 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema:
type: object
properties:
@ -1009,13 +1069,32 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required:
- assignees
- ids
required: true
responses:
'200':
content:
application/ndjson:
examples:
add:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 76,
total: 1,
updated: 1,
version_conflicts: 0,
description: Indicates a successful call.
'400':
description: Invalid request.
@ -1038,9 +1117,13 @@ paths:
content:
application/json:
schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object
properties:
migration_ids:
description: Array of `migration_id`s to finalize.
items:
type: string
minItems: 1
@ -1053,6 +1136,17 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
migrations:
- completed: true
destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: '2021-01-06T22:05:56.859Z'
version: 16
schema:
items:
$ref: '#/components/schemas/MigrationFinalizationResult'
@ -1107,9 +1201,13 @@ paths:
content:
application/json:
schema:
example:
migration_ids:
- 924f7c50-505f-11eb-ae0a-3fa2e626a51d
type: object
properties:
migration_ids:
description: Array of `migration_id`s to cleanup.
items:
type: string
minItems: 1
@ -1122,6 +1220,16 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
migrations:
- destinationIndex: .siem-signals-default-000002-r000016
id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
sourceIndex: .siem-signals-default-000002
status: success
updated: 2021-01-06T22:05:56.859Z
version: 16
schema:
items:
$ref: '#/components/schemas/MigrationCleanupResult'
@ -1164,13 +1272,21 @@ paths:
requestBody:
content:
application/json:
examples:
singleIndex:
value:
index:
- .siem-signals-default-000001
schema:
allOf:
- type: object
properties:
index:
description: Array of index names to migrate.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
required:
@ -1182,6 +1298,13 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
indices:
- index: .siem-signals-default-000001,
migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d
migration_index: .siem-signals-default-000001-r000016
schema:
type: object
properties:
@ -1220,7 +1343,7 @@ paths:
- Security Detections API
- Alerts migration API
/api/detection_engine/signals/migration_status:
post:
get:
deprecated: true
description: >-
Retrieve indices that contain detection alerts of a particular age,
@ -1238,12 +1361,37 @@ paths:
before its start time. Defaults to now-6m (analyzes data from 6
minutes before the start time).
example: now-30d
format: date-math
type: string
responses:
'200':
content:
application/json:
examples:
success:
value:
indices:
- index: .siem-signals-default-000002
is_outdated: true
migrations:
- id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d
status: pending
updated: 2021-01-06T20:41:37.173Z
version: 16
signal_versions:
- count: 100
version: 15
- count: 87
version: 16
version: 15
- index: .siem-signals-default-000003
is_outdated: false
migrations: []
signal_versions:
- count: 54
version: 16
version: 16
schema:
type: object
properties:
@ -1285,6 +1433,35 @@ paths:
requestBody:
content:
application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
runtime_mappings: {}
size: 0
schema:
description: Elasticsearch query and aggregation request
type: object
@ -1322,6 +1499,31 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema:
additionalProperties: true
description: Elasticsearch search response
@ -1358,6 +1560,44 @@ paths:
requestBody:
content:
application/json:
examples:
byId:
value:
signal_ids:
- >-
80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema:
oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds'
@ -1370,6 +1610,41 @@ paths:
'200':
content:
application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -1409,6 +1684,25 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema:
type: object
properties:
@ -1427,6 +1721,24 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
bulk: 0,
search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 68,
total: 1,
updated: 1,
version_conflicts: 0,
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -1477,22 +1789,28 @@ components:
type: object
properties:
add:
description: A list of users ids to assign.
items:
$ref: '#/components/schemas/NonEmptyString'
description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array
remove:
description: A list of users ids to unassign.
items:
$ref: '#/components/schemas/NonEmptyString'
description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array
required:
- add
- remove
AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
AlertsIndex:
@ -1537,12 +1855,21 @@ components:
type: object
properties:
requests_per_second:
description: >-
The throttle for the migration task in sub-requests per second.
Corresponds to requests_per_second on the Reindex API.
minimum: 1
type: integer
size:
description: >-
Number of alerts to migrate per batch. Corresponds to the
source.size option on the Reindex API.
minimum: 1
type: integer
slices:
description: >-
The number of subtasks for the migration task. Corresponds to slices
on the Reindex API.
minimum: 1
type: integer
AlertsSort:
@ -1557,6 +1884,9 @@ components:
- additionalProperties: true
type: object
AlertStatus:
description: >-
The status of an alert, which can be `open`, `acknowledged`,
`in-progress`, or `closed`.
enum:
- open
- closed
@ -1610,8 +1940,16 @@ components:
- suppress
type: string
AlertTag:
$ref: '#/components/schemas/NonEmptyString'
description: >-
Use alert tags to organize related alerts into categories that you can
filter and group.
format: nonempty
minLength: 1
type: string
AlertTags:
description: >-
List of keywords to organize related alerts into categories that you can
filter and group.
items:
$ref: '#/components/schemas/AlertTag'
type: array
@ -5872,8 +6210,11 @@ components:
type: object
properties:
signal_ids:
description: List of alert `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
status:
@ -5899,6 +6240,7 @@ components:
- query
- status
SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:

11
x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
View file

@ -508,9 +508,11 @@ components:
- microsoft_defender_endpoint
type: string
AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
CaseIds:
@ -791,11 +793,6 @@ components:
type: string
required:
- hostStatuses
NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Page:
default: 1
description: Page number

277
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
View file

@ -32,6 +32,42 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
application: {}
cluster:
all: true
manage: true
manage_api_key: true
manage_index_templates: true
manage_ml: true
manage_own_api_key: true
manage_pipeline: true
manage_security: true
manage_transform: true
monitor: true
monitor_ml: true
monitor_transform: true
has_all_requested: true
has_encryption_key: true
index:
.alerts-security.alerts-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
is_authenticated: true
username: elastic
schema:
type: object
properties:
@ -586,6 +622,25 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
assignees:
add:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
remove: []
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
remove:
value:
assignees:
add: []
remove:
- u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0
ids:
- >-
681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6
schema:
type: object
properties:
@ -594,13 +649,32 @@ paths:
description: Details about the assignees to assign and unassign.
ids:
$ref: '#/components/schemas/AlertIds'
description: List of alerts ids to assign and unassign passed assignees.
required:
- assignees
- ids
required: true
responses:
'200':
content:
application/ndjson:
examples:
add:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
- bulk: 0,
- search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 76,
total: 1,
updated: 1,
version_conflicts: 0,
description: Indicates a successful call.
'400':
description: Invalid request.
@ -614,6 +688,35 @@ paths:
requestBody:
content:
application/json:
examples:
query:
value:
aggs:
alertsByGrouping:
terms:
field: host.name
size: 10
missingFields:
missing:
field: host.name
query:
bool:
filter:
- bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
- range:
'@timestamp':
gte: 2025-01-17T08:00:00.000Z
lte: 2025-01-18T07:59:59.999Z
runtime_mappings: {}
size: 0
schema:
description: Elasticsearch query and aggregation request
type: object
@ -651,6 +754,31 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
_shards:
failed: 0
skipped: 0
successful: 1
total: 1
aggregations:
alertsByGrouping:
buckets:
- doc_count: 5
key: Host-f43kkddfyc
doc_count_error_upper_bound: 0
sum_other_doc_count: 0
missingFields:
doc_count: 0
hits:
hits: []
max_score: null
total:
relation: eq
value: 5
timed_out: false
took: 0
schema:
additionalProperties: true
description: Elasticsearch search response
@ -687,6 +815,44 @@ paths:
requestBody:
content:
application/json:
examples:
byId:
value:
signal_ids:
- >-
80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1
status: closed
byQuery:
value:
conflicts: proceed
query:
bool:
filter:
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
- bool:
filter:
bool:
filter:
- match_phrase:
kibana.alert.workflow_status: open
- '@timestamp':
format: strict_date_optional_time
gte: 2024-10-23T07:00:00.000Z
lte: 2025-01-21T20:12:11.704Z
range: null
must: []
must_not:
- exists:
field: kibana.alert.building_block_type
should: []
must: []
must_not: []
should: []
status: closed
schema:
oneOf:
- $ref: '#/components/schemas/SetAlertsStatusByIds'
@ -699,6 +865,41 @@ paths:
'200':
content:
application/json:
examples:
byId:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 81
total: 1
updated: 1
version_conflicts: 0
byQuery:
value:
batches: 1
deleted: 0
failures: []
noops: 0
requests_per_second: -1
retries:
bulk: 0
search: 0
throttled_millis: 0
throttled_until_millis: 0
timed_out: false
took: 100
total: 17
updated: 17
version_conflicts: 0
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -738,6 +939,25 @@ paths:
requestBody:
content:
application/json:
examples:
add:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add:
- Duplicate
tags_to_remove: []
remove:
value:
ids:
- >-
549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e
tags:
tags_to_add: []
tags_to_remove:
- Duplicate
schema:
type: object
properties:
@ -756,6 +976,24 @@ paths:
'200':
content:
application/json:
examples:
success:
value:
batches: 1,
deleted: 0,
failures: []
noops: 0,
requests_per_second: '-1,'
retries:
bulk: 0,
search: 0
throttled_millis: 0,
throttled_until_millis: 0,
timed_out: false,
took: 68,
total: 1,
updated: 1,
version_conflicts: 0,
schema:
additionalProperties: true
description: Elasticsearch update by query response
@ -806,22 +1044,28 @@ components:
type: object
properties:
add:
description: A list of users ids to assign.
items:
$ref: '#/components/schemas/NonEmptyString'
description: A list of users ids to assign.
format: nonempty
minLength: 1
type: string
type: array
remove:
description: A list of users ids to unassign.
items:
$ref: '#/components/schemas/NonEmptyString'
description: A list of users ids to unassign.
format: nonempty
minLength: 1
type: string
type: array
required:
- add
- remove
AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
AlertsIndex:
@ -843,6 +1087,9 @@ components:
- additionalProperties: true
type: object
AlertStatus:
description: >-
The status of an alert, which can be `open`, `acknowledged`,
`in-progress`, or `closed`.
enum:
- open
- closed
@ -896,8 +1143,16 @@ components:
- suppress
type: string
AlertTag:
$ref: '#/components/schemas/NonEmptyString'
description: >-
Use alert tags to organize related alerts into categories that you can
filter and group.
format: nonempty
minLength: 1
type: string
AlertTags:
description: >-
List of keywords to organize related alerts into categories that you can
filter and group.
items:
$ref: '#/components/schemas/AlertTag'
type: array
@ -5021,8 +5276,11 @@ components:
type: object
properties:
signal_ids:
description: List of alert `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
status:
@ -5048,6 +5306,7 @@ components:
- query
- status
SetAlertTags:
description: Object with list of tags to add and remove.
type: object
properties:
tags_to_add:

11
x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
View file

@ -508,9 +508,11 @@ components:
- microsoft_defender_endpoint
type: string
AlertIds:
description: A list of alerts ids.
description: A list of alerts `id`s.
items:
$ref: '#/components/schemas/NonEmptyString'
format: nonempty
minLength: 1
type: string
minItems: 1
type: array
CaseIds:
@ -791,11 +793,6 @@ components:
type: string
required:
- hostStatuses
NonEmptyString:
description: A string that does not contain only whitespace characters
format: nonempty
minLength: 1
type: string
Page:
default: 1
description: Page number

2
x-pack/test/api_integration/services/security_solution_api.gen.ts
View file

@ -1325,7 +1325,7 @@ finalize it.
kibanaSpace: string = 'default'
) {
return supertest
.post(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace))
.get(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')