[EDR Workflows] Move Endpoint schemas to common/api/endpoint folder (#162788)

2025-04-24 09:48:58 -04:00 · 2023-08-01 19:04:41 +02:00 · 2023-08-01 19:04:41 +02:00 · e2db0b0e66
commit e2db0b0e66
parent 0dabaca508
68 changed files with 538 additions and 337 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1230,6 +1230,7 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 /x-pack/plugins/security_solution/public/common/components/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/common/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/endpoint/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/common/api/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/lists_integration/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/lib/license/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-defend-workflows
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/action_status_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/action_status_route.ts
@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+export const ActionStatusRequestSchema = {
+  query: schema.object({
+    agent_ids: schema.oneOf([
+      schema.arrayOf(schema.string({ minLength: 1 }), { minSize: 1, maxSize: 50 }),
+      schema.string({ minLength: 1 }),
+    ]),
+  }),
+};
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/audit_log_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/audit_log_route.ts
@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TypeOf } from '@kbn/config-schema';
+import { schema } from '@kbn/config-schema';
+
+export const EndpointActionLogRequestSchema = {
+  query: schema.object({
+    page: schema.number({ defaultValue: 1, min: 1 }),
+    page_size: schema.number({ defaultValue: 10, min: 1, max: 100 }),
+    start_date: schema.string(),
+    end_date: schema.string(),
+  }),
+  params: schema.object({
+    agent_id: schema.string(),
+  }),
+};
+
+export type EndpointActionLogRequestParams = TypeOf<typeof EndpointActionLogRequestSchema.params>;
+export type EndpointActionLogRequestQuery = TypeOf<typeof EndpointActionLogRequestSchema.query>;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/common/base.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/common/base.ts
@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TypeOf } from '@kbn/config-schema';
+import { schema } from '@kbn/config-schema';
+
+export const BaseActionRequestSchema = {
+  /** A list of endpoint IDs whose hosts will be isolated (Fleet Agent IDs will be retrieved for these) */
+  endpoint_ids: schema.arrayOf(schema.string({ minLength: 1 }), {
+    minSize: 1,
+    validate: (endpointIds) => {
+      if (endpointIds.map((v) => v.trim()).some((v) => !v.length)) {
+        return 'endpoint_ids cannot contain empty strings';
+      }
+    },
+  }),
+  /** If defined, any case associated with the given IDs will be updated */
+  alert_ids: schema.maybe(
+    schema.arrayOf(schema.string({ minLength: 1 }), {
+      minSize: 1,
+      validate: (alertIds) => {
+        if (alertIds.map((v) => v.trim()).some((v) => !v.length)) {
+          return 'alert_ids cannot contain empty strings';
+        }
+      },
+    })
+  ),
+  /** Case IDs to be updated */
+  case_ids: schema.maybe(
+    schema.arrayOf(schema.string({ minLength: 1 }), {
+      minSize: 1,
+      validate: (caseIds) => {
+        if (caseIds.map((v) => v.trim()).some((v) => !v.length)) {
+          return 'case_ids cannot contain empty strings';
+        }
+      },
+    })
+  ),
+  comment: schema.maybe(schema.string()),
+  parameters: schema.maybe(schema.object({})),
+};
+
+export const NoParametersRequestSchema = {
+  body: schema.object({ ...BaseActionRequestSchema }),
+};
+export type BaseActionRequestBody = TypeOf<typeof NoParametersRequestSchema.body>;
+
+export const KillOrSuspendProcessRequestSchema = {
+  body: schema.object({
+    ...BaseActionRequestSchema,
+    parameters: schema.oneOf([
+      schema.object({ pid: schema.number({ min: 1 }) }),
+      schema.object({ entity_id: schema.string({ minLength: 1 }) }),
+    ]),
+  }),
+};
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/common/response_actions.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/common/response_actions.ts
@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+import { ExecuteActionRequestSchema } from '../execute_route';
+import { EndpointActionGetFileSchema } from '../get_file_route';
+import { KillOrSuspendProcessRequestSchema, NoParametersRequestSchema } from './base';
+
+export const ResponseActionBodySchema = schema.oneOf([
+  NoParametersRequestSchema.body,
+  KillOrSuspendProcessRequestSchema.body,
+  EndpointActionGetFileSchema.body,
+  ExecuteActionRequestSchema.body,
+]);
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/details_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/details_route.ts
@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+export const ActionDetailsRequestSchema = {
+  params: schema.object({
+    action_id: schema.string(),
+  }),
+};
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/execute_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/execute_route.ts
@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TypeOf } from '@kbn/config-schema';
+import { schema } from '@kbn/config-schema';
+import { BaseActionRequestSchema } from './common/base';
+
+export const ExecuteActionRequestSchema = {
+  body: schema.object({
+    ...BaseActionRequestSchema,
+    parameters: schema.object({
+      command: schema.string({
+        minLength: 1,
+        validate: (value) => {
+          if (!value.trim().length) {
+            return 'command cannot be an empty string';
+          }
+        },
+      }),
+      /**
+       * The max timeout value before the command is killed. Number represents milliseconds
+       */
+      timeout: schema.maybe(schema.number({ min: 1 })),
+    }),
+  }),
+};
+
+export type ExecuteActionRequestBody = TypeOf<typeof ExecuteActionRequestSchema.body>;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/file_download_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/file_download_route.ts
@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+import type { TypeOf } from '@kbn/config-schema';
+
+/** Schema that validates the file download API */
+export const EndpointActionFileDownloadSchema = {
+  params: schema.object({
+    action_id: schema.string({ minLength: 1 }),
+    file_id: schema.string({ minLength: 1 }),
+  }),
+};
+
+export type EndpointActionFileDownloadParams = TypeOf<
+  typeof EndpointActionFileDownloadSchema.params
+>;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/file_info_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/file_info_route.ts
@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TypeOf } from '@kbn/config-schema';
+import { schema } from '@kbn/config-schema';
+
+/** Schema that validates the file info API */
+export const EndpointActionFileInfoSchema = {
+  params: schema.object({
+    action_id: schema.string({ minLength: 1 }),
+    file_id: schema.string({ minLength: 1 }),
+  }),
+};
+
+export type EndpointActionFileInfoParams = TypeOf<typeof EndpointActionFileInfoSchema.params>;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/file_upload_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/file_upload_route.ts
@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TypeOf } from '@kbn/config-schema';
+import { schema } from '@kbn/config-schema';
+import { BaseActionRequestSchema } from './common/base';
+
+export const UploadActionRequestSchema = {
+  body: schema.object({
+    ...BaseActionRequestSchema,
+
+    parameters: schema.object({
+      overwrite: schema.maybe(schema.boolean({ defaultValue: false })),
+    }),
+
+    file: schema.stream(),
+  }),
+};
+
+/** Type used by the server's API for `upload` action */
+export type UploadActionApiRequestBody = TypeOf<typeof UploadActionRequestSchema.body>;
+
+/**
+ * Type used on the UI side. The `file` definition is different on the UI side, thus the
+ * need for a separate type.
+ */
+export type UploadActionUIRequestBody = Omit<UploadActionApiRequestBody, 'file'> & {
+  file: File;
+};
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/get_file_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/get_file_route.ts
@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TypeOf } from '@kbn/config-schema';
+import { schema } from '@kbn/config-schema';
+import { BaseActionRequestSchema } from './common/base';
+
+export const EndpointActionGetFileSchema = {
+  body: schema.object({
+    ...BaseActionRequestSchema,
+
+    parameters: schema.object({
+      path: schema.string({ minLength: 1 }),
+    }),
+  }),
+};
+
+export type ResponseActionGetFileRequestBody = TypeOf<typeof EndpointActionGetFileSchema.body>;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/get_processes_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/get_processes_route.ts
@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { NoParametersRequestSchema } from './common/base';
+
+export const GetProcessesRouteRequestSchema = NoParametersRequestSchema;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/isolate_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/isolate_route.ts
@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { NoParametersRequestSchema } from './common/base';
+
+export const IsolateRouteRequestSchema = NoParametersRequestSchema;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/kill_process_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/kill_process_route.ts
@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { KillOrSuspendProcessRequestSchema } from './common/base';
+
+export const KillProcessRouteRequestSchema = KillOrSuspendProcessRequestSchema;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/list_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/list_route.ts
@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+// TODO: fix the odd TS error
+import type { TypeOf } from '@kbn/config-schema';
+import { schema } from '@kbn/config-schema';
+import {
+  RESPONSE_ACTION_API_COMMANDS_NAMES,
+  RESPONSE_ACTION_STATUS,
+  RESPONSE_ACTION_TYPE,
+} from '../../../endpoint/service/response_actions/constants';
+import { ENDPOINT_DEFAULT_PAGE_SIZE } from '../../../endpoint/constants';
+
+const commandsSchema = schema.oneOf(
+  // @ts-expect-error TS2769: No overload matches this call
+  RESPONSE_ACTION_API_COMMANDS_NAMES.map((command) => schema.literal(command))
+);
+
+// TODO: fix the odd TS error
+// @ts-expect-error TS2769: No overload matches this call
+const statusesSchema = schema.oneOf(RESPONSE_ACTION_STATUS.map((status) => schema.literal(status)));
+// @ts-expect-error TS2769: No overload matches this call
+const typesSchema = schema.oneOf(RESPONSE_ACTION_TYPE.map((type) => schema.literal(type)));
+
+export const EndpointActionListRequestSchema = {
+  query: schema.object({
+    agentIds: schema.maybe(
+      schema.oneOf([
+        schema.arrayOf(schema.string({ minLength: 1 }), { minSize: 1 }),
+        schema.string({ minLength: 1 }),
+      ])
+    ),
+    commands: schema.maybe(
+      schema.oneOf([schema.arrayOf(commandsSchema, { minSize: 1 }), commandsSchema])
+    ),
+    page: schema.maybe(schema.number({ defaultValue: 1, min: 1 })),
+    pageSize: schema.maybe(
+      schema.number({ defaultValue: ENDPOINT_DEFAULT_PAGE_SIZE, min: 1, max: 10000 })
+    ),
+    startDate: schema.maybe(schema.string()), // date ISO strings or moment date
+    endDate: schema.maybe(schema.string()), // date ISO strings or moment date
+    statuses: schema.maybe(
+      schema.oneOf([schema.arrayOf(statusesSchema, { minSize: 1, maxSize: 3 }), statusesSchema])
+    ),
+    userIds: schema.maybe(
+      schema.oneOf([
+        schema.arrayOf(schema.string({ minLength: 1 }), { minSize: 1 }),
+        schema.string({ minLength: 1 }),
+      ])
+    ),
+    withOutputs: schema.maybe(
+      schema.oneOf([
+        schema.arrayOf(schema.string({ minLength: 1 }), {
+          minSize: 1,
+          validate: (actionIds) => {
+            if (actionIds.map((v) => v.trim()).some((v) => !v.length)) {
+              return 'actionIds cannot contain empty strings';
+            }
+          },
+        }),
+        schema.string({
+          minLength: 1,
+          validate: (actionId) => {
+            if (!actionId.trim().length) {
+              return 'actionId cannot be an empty string';
+            }
+          },
+        }),
+      ])
+    ),
+    types: schema.maybe(
+      schema.oneOf([schema.arrayOf(typesSchema, { minSize: 1, maxSize: 2 }), typesSchema])
+    ),
+  }),
+};
+
+export type EndpointActionListRequestQuery = TypeOf<typeof EndpointActionListRequestSchema.query>;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/suspend_process_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/suspend_process_route.ts
@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { KillOrSuspendProcessRequestSchema } from './common/base';
+
+export const SuspendProcessRouteRequestSchema = KillOrSuspendProcessRequestSchema;
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/unisolate_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/unisolate_route.ts
@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { NoParametersRequestSchema } from './common/base';
+
+export const UnisolateRouteRequestSchema = NoParametersRequestSchema;
--- a/x-pack/plugins/security_solution/common/api/endpoint/index.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/index.ts
@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './actions/audit_log_route';
+export * from './actions/action_status_route';
+export * from './actions/details_route';
+export * from './actions/file_download_route';
+export * from './actions/file_info_route';
+export * from './actions/file_upload_route';
+export * from './actions/list_route';
+export * from './actions/isolate_route';
+export * from './actions/unisolate_route';
+export * from './actions/kill_process_route';
+export * from './actions/suspend_process_route';
+export * from './actions/get_processes_route';
+export * from './actions/get_file_route';
+export * from './actions/execute_route';
+export * from './actions/common/base';
+export * from './actions/common/response_actions';
+
+export * from './metadata/list_metadata_route';
+export * from './metadata/get_metadata_route';
+
+export * from './policy/get_policy_response_route';
+export * from './policy/get_agent_policy_summary_route';
+
+export * from './suggestions/get_suggestions_route';
--- a/x-pack/plugins/security_solution/common/api/endpoint/metadata/get_metadata_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/metadata/get_metadata_route.ts
@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+export const GetMetadataRequestSchema = {
+  params: schema.object({ id: schema.string() }),
+};
--- a/x-pack/plugins/security_solution/common/api/endpoint/metadata/list_metadata_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/metadata/list_metadata_route.ts
@ -7,8 +7,8 @@

 import type { TypeOf } from '@kbn/config-schema';
 import { schema } from '@kbn/config-schema';
-import { ENDPOINT_DEFAULT_PAGE, ENDPOINT_DEFAULT_PAGE_SIZE } from '../constants';
-import { HostStatus } from '../types';
+import { ENDPOINT_DEFAULT_PAGE, ENDPOINT_DEFAULT_PAGE_SIZE } from '../../../endpoint/constants';
+import { HostStatus } from '../../../endpoint/types';

 export const GetMetadataListRequestSchema = {
  query: schema.object(
--- a/x-pack/plugins/security_solution/common/api/endpoint/policy/get_agent_policy_summary_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/policy/get_agent_policy_summary_route.ts
@ -7,12 +7,6 @@

 import { schema } from '@kbn/config-schema';

-export const GetPolicyResponseSchema = {
-  query: schema.object({
-    agentId: schema.string(),
-  }),
-};
-
 export const GetAgentPolicySummaryRequestSchema = {
  query: schema.object({
    package_name: schema.string(),
--- a/x-pack/plugins/security_solution/common/api/endpoint/policy/get_policy_response_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/policy/get_policy_response_route.ts
@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+export const GetPolicyResponseSchema = {
+  query: schema.object({
+    agentId: schema.string(),
+  }),
+};
--- a/x-pack/plugins/security_solution/common/api/endpoint/suggestions/get_suggestions_route.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/suggestions/get_suggestions_route.ts
@ -4,6 +4,7 @@
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
+
 import type { TypeOf } from '@kbn/config-schema';
 import { schema } from '@kbn/config-schema';

--- a/x-pack/plugins/security_solution/common/endpoint/schema/actions.test.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/actions.test.ts
@ -8,16 +8,16 @@
 import { v4 as uuidv4 } from 'uuid';

 import { RESPONSE_ACTION_API_COMMANDS_NAMES } from '../service/response_actions/constants';
-import {
-  EndpointActionListRequestSchema,
-  NoParametersRequestSchema,
-  KillOrSuspendProcessRequestSchema,
-  ExecuteActionRequestSchema,
-  UploadActionRequestSchema,
-} from './actions';
 import { createHapiReadableStreamMock } from '../../../server/endpoint/services/actions/mocks';
 import type { HapiReadableStream } from '../../../server/types';
+import { EndpointActionListRequestSchema, UploadActionRequestSchema } from '../../api/endpoint';
+import {
+  KillOrSuspendProcessRequestSchema,
+  NoParametersRequestSchema,
+} from '../../api/endpoint/actions/common/base';
+import { ExecuteActionRequestSchema } from '../../api/endpoint/actions/execute_route';

+// NOTE: Even though schemas are kept in common/api/endpoint - we keep tests here, because common/api should import from outside
 describe('actions schemas', () => {
  describe('Endpoint action list API Schema', () => {
    it('should work without any query keys ', () => {
--- a/x-pack/plugins/security_solution/common/endpoint/schema/actions.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/actions.ts
@ -1,249 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { TypeOf } from '@kbn/config-schema';
-import { schema } from '@kbn/config-schema';
-import { ENDPOINT_DEFAULT_PAGE_SIZE } from '../constants';
-import {
-  RESPONSE_ACTION_API_COMMANDS_NAMES,
-  RESPONSE_ACTION_STATUS,
-  RESPONSE_ACTION_TYPE,
-} from '../service/response_actions/constants';
-
-const BaseActionRequestSchema = {
-  /** A list of endpoint IDs whose hosts will be isolated (Fleet Agent IDs will be retrieved for these) */
-  endpoint_ids: schema.arrayOf(schema.string({ minLength: 1 }), {
-    minSize: 1,
-    validate: (endpointIds) => {
-      if (endpointIds.map((v) => v.trim()).some((v) => !v.length)) {
-        return 'endpoint_ids cannot contain empty strings';
-      }
-    },
-  }),
-  /** If defined, any case associated with the given IDs will be updated */
-  alert_ids: schema.maybe(
-    schema.arrayOf(schema.string({ minLength: 1 }), {
-      minSize: 1,
-      validate: (alertIds) => {
-        if (alertIds.map((v) => v.trim()).some((v) => !v.length)) {
-          return 'alert_ids cannot contain empty strings';
-        }
-      },
-    })
-  ),
-  /** Case IDs to be updated */
-  case_ids: schema.maybe(
-    schema.arrayOf(schema.string({ minLength: 1 }), {
-      minSize: 1,
-      validate: (caseIds) => {
-        if (caseIds.map((v) => v.trim()).some((v) => !v.length)) {
-          return 'case_ids cannot contain empty strings';
-        }
-      },
-    })
-  ),
-  comment: schema.maybe(schema.string()),
-  parameters: schema.maybe(schema.object({})),
-};
-
-export const NoParametersRequestSchema = {
-  body: schema.object({ ...BaseActionRequestSchema }),
-};
-
-export type BaseActionRequestBody = TypeOf<typeof NoParametersRequestSchema.body>;
-
-export const KillOrSuspendProcessRequestSchema = {
-  body: schema.object({
-    ...BaseActionRequestSchema,
-    parameters: schema.oneOf([
-      schema.object({ pid: schema.number({ min: 1 }) }),
-      schema.object({ entity_id: schema.string({ minLength: 1 }) }),
-    ]),
-  }),
-};
-
-export const EndpointActionLogRequestSchema = {
-  query: schema.object({
-    page: schema.number({ defaultValue: 1, min: 1 }),
-    page_size: schema.number({ defaultValue: 10, min: 1, max: 100 }),
-    start_date: schema.string(),
-    end_date: schema.string(),
-  }),
-  params: schema.object({
-    agent_id: schema.string(),
-  }),
-};
-
-export type EndpointActionLogRequestParams = TypeOf<typeof EndpointActionLogRequestSchema.params>;
-export type EndpointActionLogRequestQuery = TypeOf<typeof EndpointActionLogRequestSchema.query>;
-
-export const ActionStatusRequestSchema = {
-  query: schema.object({
-    agent_ids: schema.oneOf([
-      schema.arrayOf(schema.string({ minLength: 1 }), { minSize: 1, maxSize: 50 }),
-      schema.string({ minLength: 1 }),
-    ]),
-  }),
-};
-
-export const ActionDetailsRequestSchema = {
-  params: schema.object({
-    action_id: schema.string(),
-  }),
-};
-
-// TODO: fix the odd TS error
-const commandsSchema = schema.oneOf(
-  // @ts-expect-error TS2769: No overload matches this call
-  RESPONSE_ACTION_API_COMMANDS_NAMES.map((command) => schema.literal(command))
-);
-
-// TODO: fix the odd TS error
-// @ts-expect-error TS2769: No overload matches this call
-const statusesSchema = schema.oneOf(RESPONSE_ACTION_STATUS.map((status) => schema.literal(status)));
-// @ts-expect-error TS2769: No overload matches this call
-const typesSchema = schema.oneOf(RESPONSE_ACTION_TYPE.map((type) => schema.literal(type)));
-
-export const EndpointActionListRequestSchema = {
-  query: schema.object({
-    agentIds: schema.maybe(
-      schema.oneOf([
-        schema.arrayOf(schema.string({ minLength: 1 }), { minSize: 1 }),
-        schema.string({ minLength: 1 }),
-      ])
-    ),
-    commands: schema.maybe(
-      schema.oneOf([schema.arrayOf(commandsSchema, { minSize: 1 }), commandsSchema])
-    ),
-    page: schema.maybe(schema.number({ defaultValue: 1, min: 1 })),
-    pageSize: schema.maybe(
-      schema.number({ defaultValue: ENDPOINT_DEFAULT_PAGE_SIZE, min: 1, max: 10000 })
-    ),
-    startDate: schema.maybe(schema.string()), // date ISO strings or moment date
-    endDate: schema.maybe(schema.string()), // date ISO strings or moment date
-    statuses: schema.maybe(
-      schema.oneOf([schema.arrayOf(statusesSchema, { minSize: 1, maxSize: 3 }), statusesSchema])
-    ),
-    userIds: schema.maybe(
-      schema.oneOf([
-        schema.arrayOf(schema.string({ minLength: 1 }), { minSize: 1 }),
-        schema.string({ minLength: 1 }),
-      ])
-    ),
-    withOutputs: schema.maybe(
-      schema.oneOf([
-        schema.arrayOf(schema.string({ minLength: 1 }), {
-          minSize: 1,
-          validate: (actionIds) => {
-            if (actionIds.map((v) => v.trim()).some((v) => !v.length)) {
-              return 'actionIds cannot contain empty strings';
-            }
-          },
-        }),
-        schema.string({
-          minLength: 1,
-          validate: (actionId) => {
-            if (!actionId.trim().length) {
-              return 'actionId cannot be an empty string';
-            }
-          },
-        }),
-      ])
-    ),
-    types: schema.maybe(
-      schema.oneOf([schema.arrayOf(typesSchema, { minSize: 1, maxSize: 2 }), typesSchema])
-    ),
-  }),
-};
-
-export type EndpointActionListRequestQuery = TypeOf<typeof EndpointActionListRequestSchema.query>;
-
-export const EndpointActionGetFileSchema = {
-  body: schema.object({
-    ...BaseActionRequestSchema,
-
-    parameters: schema.object({
-      path: schema.string({ minLength: 1 }),
-    }),
-  }),
-};
-
-export type ResponseActionGetFileRequestBody = TypeOf<typeof EndpointActionGetFileSchema.body>;
-
-/** Schema that validates the file download API */
-export const EndpointActionFileDownloadSchema = {
-  params: schema.object({
-    action_id: schema.string({ minLength: 1 }),
-    file_id: schema.string({ minLength: 1 }),
-  }),
-};
-
-export type EndpointActionFileDownloadParams = TypeOf<
-  typeof EndpointActionFileDownloadSchema.params
->;
-
-/** Schema that validates the file info API */
-export const EndpointActionFileInfoSchema = {
-  params: schema.object({
-    action_id: schema.string({ minLength: 1 }),
-    file_id: schema.string({ minLength: 1 }),
-  }),
-};
-
-export type EndpointActionFileInfoParams = TypeOf<typeof EndpointActionFileInfoSchema.params>;
-
-export const ExecuteActionRequestSchema = {
-  body: schema.object({
-    ...BaseActionRequestSchema,
-    parameters: schema.object({
-      command: schema.string({
-        minLength: 1,
-        validate: (value) => {
-          if (!value.trim().length) {
-            return 'command cannot be an empty string';
-          }
-        },
-      }),
-      /**
-       * The max timeout value before the command is killed. Number represents milliseconds
-       */
-      timeout: schema.maybe(schema.number({ min: 1 })),
-    }),
-  }),
-};
-
-export type ExecuteActionRequestBody = TypeOf<typeof ExecuteActionRequestSchema.body>;
-
-export const ResponseActionBodySchema = schema.oneOf([
-  NoParametersRequestSchema.body,
-  KillOrSuspendProcessRequestSchema.body,
-  EndpointActionGetFileSchema.body,
-  ExecuteActionRequestSchema.body,
-]);
-
-export const UploadActionRequestSchema = {
-  body: schema.object({
-    ...BaseActionRequestSchema,
-
-    parameters: schema.object({
-      overwrite: schema.maybe(schema.boolean({ defaultValue: false })),
-    }),
-
-    file: schema.stream(),
-  }),
-};
-
-/** Type used by the server's API for `upload` action */
-export type UploadActionApiRequestBody = TypeOf<typeof UploadActionRequestSchema.body>;
-
-/**
- * Type used on the UI side. The `file` definition is different on the UI side, thus the
- * need for a separate type.
- */
-export type UploadActionUIRequestBody = Omit<UploadActionApiRequestBody, 'file'> & {
-  file: File;
-};
--- a/x-pack/plugins/security_solution/common/endpoint/schema/metadata.test.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/metadata.test.ts
@ -7,8 +7,9 @@

 import { ENDPOINT_DEFAULT_PAGE, ENDPOINT_DEFAULT_PAGE_SIZE } from '../constants';
 import { HostStatus } from '../types';
-import { GetMetadataListRequestSchema } from './metadata';
+import { GetMetadataListRequestSchema } from '../../api/endpoint';

+// NOTE: Even though schemas are kept in common/api/endpoint - we keep tests here, because common/api should import from outside
 describe('endpoint metadata schema', () => {
  describe('GetMetadataListRequestSchemaV2', () => {
    const query = GetMetadataListRequestSchema.query;
--- a/x-pack/plugins/security_solution/common/endpoint/types/actions.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/actions.ts
@ -8,13 +8,12 @@
 import type { TypeOf } from '@kbn/config-schema';
 import type { EcsError } from '@kbn/ecs';
 import type { FileJSON, BaseFileMetadata, FileCompression } from '@kbn/files-plugin/common';
+import type { ResponseActionBodySchema, UploadActionApiRequestBody } from '../../api/endpoint';
+import type { ActionStatusRequestSchema } from '../../api/endpoint/actions/action_status_route';
 import type {
-  ActionStatusRequestSchema,
-  NoParametersRequestSchema,
-  ResponseActionBodySchema,
  KillOrSuspendProcessRequestSchema,
-  UploadActionApiRequestBody,
-} from '../schema/actions';
+  NoParametersRequestSchema,
+} from '../../api/endpoint/actions/common/base';
 import type {
  ResponseActionStatus,
  ResponseActionsApiCommandNames,
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/execute_action.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/execute_action.tsx
@ -9,7 +9,7 @@ import React, { memo, useMemo } from 'react';

 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import type { ExecuteActionRequestBody } from '../../../../../common/endpoint/schema/actions';
+import type { ExecuteActionRequestBody } from '../../../../../common/api/endpoint';
 import { useConsoleActionSubmitter } from '../hooks/use_console_action_submitter';
 import type { ResponseActionExecuteOutputContent } from '../../../../../common/endpoint/types';
 import { useSendExecuteEndpoint } from '../../../hooks/response_actions/use_send_execute_endpoint_request';
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/get_file_action.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/get_file_action.tsx
@ -9,7 +9,7 @@ import React, { memo, useMemo } from 'react';
 import { i18n } from '@kbn/i18n';
 import { useUserPrivileges } from '../../../../common/components/user_privileges';
 import { useSendGetFileRequest } from '../../../hooks/response_actions/use_send_get_file_request';
-import type { ResponseActionGetFileRequestBody } from '../../../../../common/endpoint/schema/actions';
+import type { ResponseActionGetFileRequestBody } from '../../../../../common/api/endpoint';
 import { useConsoleActionSubmitter } from '../hooks/use_console_action_submitter';
 import type { ActionRequestComponentProps } from '../types';
 import { ResponseActionFileDownloadLink } from '../../response_action_file_download_link';
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/upload_action.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/upload_action.tsx
@ -11,7 +11,7 @@ import type {
  ResponseActionUploadOutputContent,
 } from '../../../../../common/endpoint/types';
 import { EndpointUploadActionResult } from '../../endpoint_upload_action_result';
-import type { UploadActionUIRequestBody } from '../../../../../common/endpoint/schema/actions';
+import type { UploadActionUIRequestBody } from '../../../../../common/api/endpoint';
 import { useConsoleActionSubmitter } from '../hooks/use_console_action_submitter';
 import { useSendUploadEndpointRequest } from '../../../hooks/response_actions/use_send_upload_endpoint_request';
 import type { ActionRequestComponentProps } from '../types';
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/hooks/use_console_action_submitter.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/hooks/use_console_action_submitter.tsx
@ -10,8 +10,8 @@ import type { UseMutationResult } from '@tanstack/react-query';
 import type { IHttpFetchError } from '@kbn/core-http-browser';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { useIsMounted } from '@kbn/securitysolution-hook-utils';
+import type { BaseActionRequestBody } from '../../../../../common/api/endpoint/actions/common/base';
 import { useTestIdGenerator } from '../../../hooks/use_test_id_generator';
-import type { BaseActionRequestBody } from '../../../../../common/endpoint/schema/actions';
 import { ActionSuccess } from '../components/action_success';
 import { ActionError } from '../components/action_error';
 import { FormattedError } from '../../formatted_error';
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/actions_log_table.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/actions_log_table.tsx
@ -28,7 +28,7 @@ import { SecurityPageName } from '../../../../../common/constants';
 import { getRuleDetailsUrl } from '../../../../common/components/link_to';
 import { SecuritySolutionLinkAnchor } from '../../../../common/components/links';
 import type { ActionListApiResponse } from '../../../../../common/endpoint/types';
-import type { EndpointActionListRequestQuery } from '../../../../../common/endpoint/schema/actions';
+import type { EndpointActionListRequestQuery } from '../../../../../common/api/endpoint';
 import { FormattedDate } from '../../../../common/components/formatted_date';
 import { TABLE_COLUMN_NAMES, UX_MESSAGES, ARIA_LABELS } from '../translations';
 import { getActionStatus, getUiCommand } from './hooks';
--- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/response_actions_log.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/response_actions_log.tsx
@ -17,7 +17,7 @@ import type {
 } from '../../../../common/endpoint/service/response_actions/constants';

 import type { ActionListApiResponse } from '../../../../common/endpoint/types';
-import type { EndpointActionListRequestQuery } from '../../../../common/endpoint/schema/actions';
+import type { EndpointActionListRequestQuery } from '../../../../common/api/endpoint';
 import { ManagementEmptyStateWrapper } from '../management_empty_state_wrapper';
 import { useGetEndpointActionList } from '../../hooks';
 import { UX_MESSAGES } from './translations';
--- a/x-pack/plugins/security_solution/public/management/hooks/response_actions/use_get_endpoint_action_list.ts
+++ b/x-pack/plugins/security_solution/public/management/hooks/response_actions/use_get_endpoint_action_list.ts
@ -8,7 +8,7 @@
 import type { UseQueryOptions, UseQueryResult } from '@tanstack/react-query';
 import type { IHttpFetchError } from '@kbn/core-http-browser';
 import { useQuery } from '@tanstack/react-query';
-import type { EndpointActionListRequestQuery } from '../../../../common/endpoint/schema/actions';
+import type { EndpointActionListRequestQuery } from '../../../../common/api/endpoint';
 import { useHttp } from '../../../common/lib/kibana';
 import { BASE_ENDPOINT_ACTION_ROUTE } from '../../../../common/endpoint/constants';
 import type { ActionListApiResponse } from '../../../../common/endpoint/types';
--- a/x-pack/plugins/security_solution/public/management/hooks/response_actions/use_send_execute_endpoint_request.ts
+++ b/x-pack/plugins/security_solution/public/management/hooks/response_actions/use_send_execute_endpoint_request.ts
@ -11,7 +11,7 @@ import { useMutation } from '@tanstack/react-query';
 import { KibanaServices } from '../../../common/lib/kibana';
 import { EXECUTE_ROUTE } from '../../../../common/endpoint/constants';
 import type { ResponseActionApiResponse } from '../../../../common/endpoint/types';
-import type { ExecuteActionRequestBody } from '../../../../common/endpoint/schema/actions';
+import type { ExecuteActionRequestBody } from '../../../../common/api/endpoint';

 export const useSendExecuteEndpoint = (
  options?: UseMutationOptions<ResponseActionApiResponse, IHttpFetchError, ExecuteActionRequestBody>
--- a/x-pack/plugins/security_solution/public/management/hooks/response_actions/use_send_get_file_request.ts
+++ b/x-pack/plugins/security_solution/public/management/hooks/response_actions/use_send_get_file_request.ts
@ -9,7 +9,7 @@ import type { UseMutationOptions, UseMutationResult } from '@tanstack/react-quer
 import type { IHttpFetchError } from '@kbn/core-http-browser';
 import { useMutation } from '@tanstack/react-query';
 import type { ResponseActionApiResponse } from '../../../../common/endpoint/types';
-import type { ResponseActionGetFileRequestBody } from '../../../../common/endpoint/schema/actions';
+import type { ResponseActionGetFileRequestBody } from '../../../../common/api/endpoint';
 import { KibanaServices } from '../../../common/lib/kibana';
 import { GET_FILE_ROUTE } from '../../../../common/endpoint/constants';

--- a/x-pack/plugins/security_solution/public/management/hooks/response_actions/use_send_upload_endpoint_request.ts
+++ b/x-pack/plugins/security_solution/public/management/hooks/response_actions/use_send_upload_endpoint_request.ts
@ -11,7 +11,7 @@ import type { IHttpFetchError } from '@kbn/core-http-browser';
 import type { ResponseActionApiResponse } from '../../../../common/endpoint/types';
 import { useHttp } from '../../../common/lib/kibana';
 import { UPLOAD_ROUTE } from '../../../../common/endpoint/constants';
-import type { UploadActionUIRequestBody } from '../../../../common/endpoint/schema/actions';
+import type { UploadActionUIRequestBody } from '../../../../common/api/endpoint';

 export const useSendUploadEndpointRequest = (
  options?: UseMutationOptions<
--- a/x-pack/plugins/security_solution/public/management/pages/event_filters/service/api_client.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/event_filters/service/api_client.ts
@ -12,7 +12,7 @@ import type {
  UpdateExceptionListItemSchema,
 } from '@kbn/securitysolution-io-ts-list-types';
 import { removeIdFromExceptionItemsEntries } from '@kbn/securitysolution-list-hooks';
-import type { EndpointSuggestionsBody } from '../../../../../common/endpoint/schema/suggestions';
+import type { EndpointSuggestionsBody } from '../../../../../common/api/endpoint';
 import { SUGGESTIONS_ROUTE } from '../../../../../common/endpoint/constants';
 import { resolvePathVariables } from '../../../../common/utils/resolve_path_variables';
 import { ExceptionsListApiClient } from '../../../services/exceptions_list/exceptions_list_api_client';
--- a/x-pack/plugins/security_solution/scripts/endpoint/agent_emulator/services/endpoint_response_actions.ts
+++ b/x-pack/plugins/security_solution/scripts/endpoint/agent_emulator/services/endpoint_response_actions.ts
@ -8,7 +8,7 @@
 import type { KbnClient } from '@kbn/test';
 import { BASE_ENDPOINT_ACTION_ROUTE } from '../../../../common/endpoint/constants';
 import type { ActionListApiResponse } from '../../../../common/endpoint/types';
-import type { EndpointActionListRequestQuery } from '../../../../common/endpoint/schema/actions';
+import type { EndpointActionListRequestQuery } from '../../../../common/api/endpoint';

 export const fetchEndpointActionList = async (
  kbn: KbnClient,
--- a/x-pack/plugins/security_solution/scripts/endpoint/common/endpoint_metadata_services.ts
+++ b/x-pack/plugins/security_solution/scripts/endpoint/common/endpoint_metadata_services.ts
@ -10,7 +10,7 @@ import type { KbnClient } from '@kbn/test';
 import type { WriteResponseBase } from '@elastic/elasticsearch/lib/api/types';
 import { clone, merge } from 'lodash';
 import type { DeepPartial } from 'utility-types';
-import type { GetMetadataListRequestQuery } from '../../../common/endpoint/schema/metadata';
+import type { GetMetadataListRequestQuery } from '../../../common/api/endpoint';
 import { resolvePathVariables } from '../../../public/common/utils/resolve_path_variables';
 import {
  HOST_METADATA_GET_ROUTE,
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.test.ts
@ -13,11 +13,6 @@ import {
  httpServiceMock,
  savedObjectsClientMock,
 } from '@kbn/core/server/mocks';
-import type {
-  EndpointActionLogRequestParams,
-  EndpointActionLogRequestQuery,
-} from '../../../../common/endpoint/schema/actions';
-import { EndpointActionLogRequestSchema } from '../../../../common/endpoint/schema/actions';
 import { ENDPOINT_ACTION_LOG_ROUTE } from '../../../../common/endpoint/constants';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 import {
@ -39,6 +34,11 @@ import type {
 } from '../../../../common/endpoint/types';
 import { FleetActionGenerator } from '../../../../common/endpoint/data_generators/fleet_action_generator';
 import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator';
+import type {
+  EndpointActionLogRequestParams,
+  EndpointActionLogRequestQuery,
+} from '../../../../common/api/endpoint';
+import { EndpointActionLogRequestSchema } from '../../../../common/api/endpoint';

 describe('Action Log API', () => {
  describe('schema', () => {
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts
@ -5,8 +5,8 @@
 * 2.0.
 */

+import { EndpointActionLogRequestSchema } from '../../../../common/api/endpoint';
 import { ENDPOINT_ACTION_LOG_ROUTE } from '../../../../common/endpoint/constants';
-import { EndpointActionLogRequestSchema } from '../../../../common/endpoint/schema/actions';
 import { auditLogRequestHandler } from './audit_log_handler';

 import type { SecuritySolutionPluginRouter } from '../../../types';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log_handler.ts
@ -9,7 +9,7 @@ import type { RequestHandler } from '@kbn/core/server';
 import type {
  EndpointActionLogRequestParams,
  EndpointActionLogRequestQuery,
-} from '../../../../common/endpoint/schema/actions';
+} from '../../../../common/api/endpoint';
 import { getAuditLogResponse } from '../../services';
 import type { SecuritySolutionRequestHandlerContext } from '../../../types';
 import type { EndpointAppContext } from '../../types';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/details.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/details.test.ts
@ -18,8 +18,8 @@ import { applyActionsEsSearchMock } from '../../services/actions/mocks';
 import { requestContextMock } from '../../../lib/detection_engine/routes/__mocks__';
 import { getActionDetailsRequestHandler } from './details';
 import { NotFoundError } from '../../errors';
-import type { ActionDetailsRequestSchema } from '../../../../common/endpoint/schema/actions';
 import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator';
+import type { ActionDetailsRequestSchema } from '../../../../common/api/endpoint';

 describe('when calling the Action Details route handler', () => {
  let mockScopedEsClient: ScopedClusterClientMock;
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/details.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/details.ts
@ -7,13 +7,13 @@

 import type { RequestHandler } from '@kbn/core/server';
 import type { TypeOf } from '@kbn/config-schema';
+import { ActionDetailsRequestSchema } from '../../../../common/api/endpoint';
 import type {
  SecuritySolutionPluginRouter,
  SecuritySolutionRequestHandlerContext,
 } from '../../../types';
 import type { EndpointAppContext } from '../../types';
 import { ACTION_DETAILS_ROUTE } from '../../../../common/endpoint/constants';
-import { ActionDetailsRequestSchema } from '../../../../common/endpoint/schema/actions';
 import { withEndpointAuthz } from '../with_endpoint_authz';
 import { getActionDetailsById } from '../../services';
 import { errorHandler } from '../error_handler';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.test.ts
@ -11,13 +11,13 @@ import {
 } from './file_download_handler';
 import type { HttpApiTestSetupMock } from '../../mocks';
 import { createHttpApiTestSetupMock } from '../../mocks';
-import type { EndpointActionFileDownloadParams } from '../../../../common/endpoint/schema/actions';
 import { validateActionId as _validateActionId } from '../../services';
 import { EndpointAuthorizationError, NotFoundError } from '../../errors';
 import { CustomHttpRequestError } from '../../../utils/custom_http_request_error';
 import { ACTION_AGENT_FILE_DOWNLOAD_ROUTE } from '../../../../common/endpoint/constants';
 import { getEndpointAuthzInitialStateMock } from '../../../../common/endpoint/service/authz/mocks';
 import type { FleetFromHostFileClientInterface } from '@kbn/fleet-plugin/server';
+import type { EndpointActionFileDownloadParams } from '../../../../common/api/endpoint';

 jest.mock('../../services');

--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts
@ -6,12 +6,12 @@
 */

 import type { RequestHandler } from '@kbn/core/server';
+import type { EndpointActionFileDownloadParams } from '../../../../common/api/endpoint';
+import { EndpointActionFileDownloadSchema } from '../../../../common/api/endpoint';
 import { CustomHttpRequestError } from '../../../utils/custom_http_request_error';
 import { validateActionId } from '../../services';
 import { errorHandler } from '../error_handler';
 import { ACTION_AGENT_FILE_DOWNLOAD_ROUTE } from '../../../../common/endpoint/constants';
-import type { EndpointActionFileDownloadParams } from '../../../../common/endpoint/schema/actions';
-import { EndpointActionFileDownloadSchema } from '../../../../common/endpoint/schema/actions';
 import { withEndpointAuthz } from '../with_endpoint_authz';
 import type { EndpointAppContext } from '../../types';
 import type {
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.test.ts
@ -8,7 +8,7 @@
 import { validateActionId as _validateActionId } from '../../services';
 import type { HttpApiTestSetupMock } from '../../mocks';
 import { createHttpApiTestSetupMock } from '../../mocks';
-import type { EndpointActionFileDownloadParams } from '../../../../common/endpoint/schema/actions';
+import type { EndpointActionFileDownloadParams } from '../../../../common/api/endpoint';
 import { getActionFileInfoRouteHandler, registerActionFileInfoRoute } from './file_info_handler';
 import { ACTION_AGENT_FILE_INFO_ROUTE } from '../../../../common/endpoint/constants';
 import { EndpointAuthorizationError, NotFoundError } from '../../errors';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts
@ -6,16 +6,16 @@
 */

 import type { RequestHandler } from '@kbn/core/server';
+import type { EndpointActionFileInfoParams } from '../../../../common/api/endpoint';
+import { EndpointActionFileInfoSchema } from '../../../../common/api/endpoint';
 import { CustomHttpRequestError } from '../../../utils/custom_http_request_error';
 import { validateActionId } from '../../services';
 import { ACTION_AGENT_FILE_INFO_ROUTE } from '../../../../common/endpoint/constants';
 import type { EndpointAppContext } from '../../types';
-import type { EndpointActionFileInfoParams } from '../../../../common/endpoint/schema/actions';
 import type {
  SecuritySolutionRequestHandlerContext,
  SecuritySolutionPluginRouter,
 } from '../../../types';
-import { EndpointActionFileInfoSchema } from '../../../../common/endpoint/schema/actions';
 import { withEndpointAuthz } from '../with_endpoint_authz';
 import { errorHandler } from '../error_handler';
 import type { ActionFileInfoApiResponse } from '../../../../common/endpoint/types';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_upload_handler.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_upload_handler.test.ts
@ -7,7 +7,7 @@

 import type { HttpApiTestSetupMock } from '../../mocks';
 import { createHttpApiTestSetupMock } from '../../mocks';
-import type { UploadActionApiRequestBody } from '../../../../common/endpoint/schema/actions';
+import type { UploadActionApiRequestBody } from '../../../../common/api/endpoint';
 import type { getActionFileUploadHandler } from './file_upload_handler';
 import { registerActionFileUploadRoute } from './file_upload_handler';
 import { UPLOAD_ROUTE } from '../../../../common/endpoint/constants';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_upload_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_upload_handler.ts
@ -6,6 +6,8 @@
 */

 import type { RequestHandler } from '@kbn/core/server';
+import type { UploadActionApiRequestBody } from '../../../../common/api/endpoint';
+import { UploadActionRequestSchema } from '../../../../common/api/endpoint';
 import type { ResponseActionsApiCommandNames } from '../../../../common/endpoint/service/response_actions/constants';
 import type {
  ResponseActionUploadParameters,
@ -13,10 +15,6 @@ import type {
  HostMetadata,
 } from '../../../../common/endpoint/types';
 import { UPLOAD_ROUTE } from '../../../../common/endpoint/constants';
-import {
-  type UploadActionApiRequestBody,
-  UploadActionRequestSchema,
-} from '../../../../common/endpoint/schema/actions';
 import { withEndpointAuthz } from '../with_endpoint_authz';
 import type {
  SecuritySolutionPluginRouter,
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/list.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/list.test.ts
@ -7,7 +7,7 @@

 import type { SecuritySolutionRequestHandlerContextMock } from '../../../lib/detection_engine/routes/__mocks__/request_context';
 import type { AwaitedProperties } from '@kbn/utility-types';
-import type { EndpointActionListRequestQuery } from '../../../../common/endpoint/schema/actions';
+import type { EndpointActionListRequestQuery } from '../../../../common/api/endpoint';
 import type { EndpointAuthz } from '../../../../common/endpoint/types/authz';
 import type { License } from '@kbn/licensing-plugin/common/license';
 import {
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts
@ -11,8 +11,8 @@
 * 2.0.
 */

+import { EndpointActionListRequestSchema } from '../../../../common/api/endpoint';
 import { BASE_ENDPOINT_ACTION_ROUTE } from '../../../../common/endpoint/constants';
-import { EndpointActionListRequestSchema } from '../../../../common/endpoint/schema/actions';
 import { actionListHandler } from './list_handler';

 import type { SecuritySolutionPluginRouter } from '../../../types';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/list_handler.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/list_handler.test.ts
@ -13,7 +13,7 @@ import {
  httpServiceMock,
  savedObjectsClientMock,
 } from '@kbn/core/server/mocks';
-import type { EndpointActionListRequestQuery } from '../../../../common/endpoint/schema/actions';
+import type { EndpointActionListRequestQuery } from '../../../../common/api/endpoint';
 import { BASE_ENDPOINT_ACTION_ROUTE } from '../../../../common/endpoint/constants';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 import {
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/list_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/list_handler.ts
@ -12,8 +12,8 @@
 */

 import type { RequestHandler } from '@kbn/core/server';
+import type { EndpointActionListRequestQuery } from '../../../../common/api/endpoint';
 import { ENDPOINT_ACTIONS_INDEX } from '../../../../common/endpoint/constants';
-import type { EndpointActionListRequestQuery } from '../../../../common/endpoint/schema/actions';
 import { getActionList, getActionListByStatus } from '../../services';
 import type { SecuritySolutionRequestHandlerContext } from '../../../types';
 import type { EndpointAppContext } from '../../types';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
@ -7,13 +7,20 @@
 import type { RequestHandler } from '@kbn/core/server';
 import type { TypeOf } from '@kbn/config-schema';

-import {
+import type {
+  ResponseActionBodySchema,
  NoParametersRequestSchema,
-  KillOrSuspendProcessRequestSchema,
-  EndpointActionGetFileSchema,
+} from '../../../../common/api/endpoint';
+import {
  ExecuteActionRequestSchema,
-  type ResponseActionBodySchema,
-} from '../../../../common/endpoint/schema/actions';
+  EndpointActionGetFileSchema,
+  IsolateRouteRequestSchema,
+  KillProcessRouteRequestSchema,
+  SuspendProcessRouteRequestSchema,
+  UnisolateRouteRequestSchema,
+  GetProcessesRouteRequestSchema,
+} from '../../../../common/api/endpoint';
+
 import {
  ISOLATE_HOST_ROUTE_V2,
  UNISOLATE_HOST_ROUTE_V2,
@ -61,7 +68,7 @@ export function registerResponseActionRoutes(
      {
        version: '2023-10-31',
        validate: {
-          request: NoParametersRequestSchema,
+          request: IsolateRouteRequestSchema,
        },
      },
      withEndpointAuthz({ all: ['canIsolateHost'] }, logger, redirectHandler(ISOLATE_HOST_ROUTE_V2))
@ -80,7 +87,7 @@ export function registerResponseActionRoutes(
      {
        version: '2023-10-31',
        validate: {
-          request: NoParametersRequestSchema,
+          request: UnisolateRouteRequestSchema,
        },
      },
      withEndpointAuthz(
@ -100,7 +107,7 @@ export function registerResponseActionRoutes(
      {
        version: '2023-10-31',
        validate: {
-          request: NoParametersRequestSchema,
+          request: IsolateRouteRequestSchema,
        },
      },
      withEndpointAuthz(
@ -120,7 +127,7 @@ export function registerResponseActionRoutes(
      {
        version: '2023-10-31',
        validate: {
-          request: NoParametersRequestSchema,
+          request: UnisolateRouteRequestSchema,
        },
      },
      withEndpointAuthz(
@ -140,7 +147,7 @@ export function registerResponseActionRoutes(
      {
        version: '2023-10-31',
        validate: {
-          request: KillOrSuspendProcessRequestSchema,
+          request: KillProcessRouteRequestSchema,
        },
      },
      withEndpointAuthz(
@ -163,7 +170,7 @@ export function registerResponseActionRoutes(
      {
        version: '2023-10-31',
        validate: {
-          request: KillOrSuspendProcessRequestSchema,
+          request: SuspendProcessRouteRequestSchema,
        },
      },
      withEndpointAuthz(
@ -186,7 +193,7 @@ export function registerResponseActionRoutes(
      {
        version: '2023-10-31',
        validate: {
-          request: NoParametersRequestSchema,
+          request: GetProcessesRouteRequestSchema,
        },
      },
      withEndpointAuthz(
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.test.ts
@ -14,7 +14,6 @@ import {
  httpServiceMock,
  savedObjectsClientMock,
 } from '@kbn/core/server/mocks';
-import { ActionStatusRequestSchema } from '../../../../common/endpoint/schema/actions';
 import {
  ACTION_STATUS_ROUTE,
  ENDPOINT_ACTION_RESPONSES_INDEX_PATTERN,
@ -36,6 +35,7 @@ import type {
  LogsEndpointActionResponse,
 } from '../../../../common/endpoint/types';
 import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator';
+import { ActionStatusRequestSchema } from '../../../../common/api/endpoint';

 describe('Endpoint Pending Action Summary API', () => {
  let endpointAppContextService: EndpointAppContextService;
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts
@ -7,7 +7,7 @@

 import type { RequestHandler } from '@kbn/core/server';
 import type { TypeOf } from '@kbn/config-schema';
-import { ActionStatusRequestSchema } from '../../../../common/endpoint/schema/actions';
+import { ActionStatusRequestSchema } from '../../../../common/api/endpoint';
 import { ACTION_STATUS_ROUTE } from '../../../../common/endpoint/constants';
 import type {
  SecuritySolutionPluginRouter,
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts
@ -12,8 +12,10 @@ import { errorHandler } from '../error_handler';
 import type { SecuritySolutionRequestHandlerContext } from '../../../types';

 import type { EndpointAppContext } from '../../types';
-import type { GetMetadataRequestSchema } from '.';
-import type { GetMetadataListRequestQuery } from '../../../../common/endpoint/schema/metadata';
+import type {
+  GetMetadataListRequestQuery,
+  GetMetadataRequestSchema,
+} from '../../../../common/api/endpoint';
 import {
  ENDPOINT_DEFAULT_PAGE,
  ENDPOINT_DEFAULT_PAGE_SIZE,
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
@ -7,6 +7,10 @@

 import { schema } from '@kbn/config-schema';

+import {
+  GetMetadataListRequestSchema,
+  GetMetadataRequestSchema,
+} from '../../../../common/api/endpoint';
 import { HostStatus } from '../../../../common/endpoint/types';
 import type { EndpointAppContext } from '../../types';
 import {
@ -21,7 +25,6 @@ import {
  HOST_METADATA_LIST_ROUTE,
  METADATA_TRANSFORMS_STATUS_ROUTE,
 } from '../../../../common/endpoint/constants';
-import { GetMetadataListRequestSchema } from '../../../../common/endpoint/schema/metadata';
 import { withEndpointAuthz } from '../with_endpoint_authz';

 /* Filters that can be applied to the endpoint fetch route */
@ -40,10 +43,6 @@ export const endpointFilters = schema.object({
  ),
 });

-export const GetMetadataRequestSchema = {
-  params: schema.object({ id: schema.string() }),
-};
-
 export function registerEndpointRoutes(
  router: SecuritySolutionPluginRouter,
  endpointAppContext: EndpointAppContext
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts
@ -16,7 +16,7 @@ import {
  METADATA_UNITED_INDEX,
 } from '../../../../common/endpoint/constants';
 import { buildStatusesKuery } from './support/agent_status';
-import type { GetMetadataListRequestQuery } from '../../../../common/endpoint/schema/metadata';
+import type { GetMetadataListRequestQuery } from '../../../../common/api/endpoint';

 /**
 * 00000000-0000-0000-0000-000000000000 is initial Elastic Agent id sent by Endpoint before policy is configured
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
@ -11,7 +11,7 @@ import { policyIndexPattern } from '../../../../common/endpoint/constants';
 import type {
  GetPolicyResponseSchema,
  GetAgentPolicySummaryRequestSchema,
-} from '../../../../common/endpoint/schema/policy';
+} from '../../../../common/api/endpoint';
 import type { EndpointAppContext } from '../../types';
 import { getAgentPolicySummary, getPolicyResponseByAgentId } from './service';
 import type { GetAgentSummaryResponse } from '../../../../common/endpoint/types';
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts
@ -6,11 +6,11 @@
 */

 import type { IRouter } from '@kbn/core/server';
-import type { EndpointAppContext } from '../../types';
 import {
  GetPolicyResponseSchema,
  GetAgentPolicySummaryRequestSchema,
-} from '../../../../common/endpoint/schema/policy';
+} from '../../../../common/api/endpoint';
+import type { EndpointAppContext } from '../../types';
 import { getHostPolicyResponseHandler, getAgentPolicySummaryHandler } from './handlers';
 import {
  AGENT_POLICY_SUMMARY_ROUTE,
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts
@ -5,7 +5,7 @@
 * 2.0.
 */

-import { GetPolicyResponseSchema } from '../../../../common/endpoint/schema/policy';
+import { GetPolicyResponseSchema } from '../../../../common/api/endpoint';
 import { getESQueryPolicyResponseByAgentID } from './service';

 describe('test policy handlers schema', () => {
--- a/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.test.ts
@ -31,7 +31,7 @@ import {
 import type { EndpointAuthz } from '../../../../common/endpoint/types/authz';
 import { applyActionsEsSearchMock } from '../../services/actions/mocks';
 import { requestContextMock } from '../../../lib/detection_engine/routes/__mocks__';
-import type { EndpointSuggestionsSchema } from '../../../../common/endpoint/schema/suggestions';
+import type { EndpointSuggestionsSchema } from '../../../../common/api/endpoint';
 import {
  getEndpointSuggestionsRequestHandler,
  registerEndpointSuggestionsRoutes,
--- a/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts
@ -16,7 +16,7 @@ import { EXCEPTIONABLE_ENDPOINT_EVENT_FIELDS } from '../../../../common/endpoint
 import {
  type EndpointSuggestionsBody,
  EndpointSuggestionsSchema,
-} from '../../../../common/endpoint/schema/suggestions';
+} from '../../../../common/api/endpoint';
 import type {
  SecuritySolutionPluginRouter,
  SecuritySolutionRequestHandlerContext,
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/create/types.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/create/types.ts
@ -8,7 +8,7 @@
 import type { AuthenticationServiceStart } from '@kbn/security-plugin/server';
 import type { LicenseType } from '@kbn/licensing-plugin/server';
 import type { TypeOf } from '@kbn/config-schema';
-import type { ResponseActionBodySchema } from '../../../../../common/endpoint/schema/actions';
+import type { ResponseActionBodySchema } from '../../../../../common/api/endpoint';
 import type {
  ActionDetails,
  EndpointActionDataParameterTypes,
--- a/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/services/metadata/endpoint_metadata_service.ts
@ -50,7 +50,7 @@ import {
 } from '../../utils';
 import { createInternalReadonlySoClient } from '../../utils/create_internal_readonly_so_client';
 import { getAllEndpointPackagePolicies } from '../../routes/metadata/support/endpoint_package_policies';
-import type { GetMetadataListRequestQuery } from '../../../../common/endpoint/schema/metadata';
+import type { GetMetadataListRequestQuery } from '../../../../common/api/endpoint';
 import { EndpointError } from '../../../../common/endpoint/errors';
 import type { EndpointFleetServicesInterface } from '../fleet/endpoint_fleet_services_factory';