github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Detection Engine][API Docs] Update request/response examples for value lists APIs (#205957)

Browse source 
# Summary

As part of the effort to add missing content for Security APIs, this PR
introduces a few missing request, response, and parameter examples for
Detection Engine Value Lists APIs.
This commit is contained in:
Yara Tercero 2025-01-23 07:19:45 -08:00 committed by GitHub
parent 6169d98e45
commit e396ac9a14
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
50 changed files with 6145 additions and 712 deletions
Download patch file Download diff file Expand all files Collapse all files

1199
oas_docs/output/kibana.serverless.yaml
View file

File diff suppressed because it is too large Load diff

1199
oas_docs/output/kibana.yaml
View file

File diff suppressed because it is too large Load diff

17
x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml
View file

@ -891,8 +891,23 @@ components:
FindEndpointListItemsFilter:
$ref: '#/components/schemas/NonEmptyString'
ListId:
$ref: '#/components/schemas/NonEmptyString'
description: Value list's identifier.
example: 21b01cfb-058d-44b9-838c-282be16c91cd
format: nonempty
minLength: 1
type: string
ListType:
description: >
Specifies the Elasticsearch data type of excludes the list container
holds. Some common examples:
- `keyword`: Many ECS fields are Elasticsearch keywords
- `ip`: IP addresses
- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR
notation)
enum:
- binary
- boolean

17
x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml
View file

@ -891,8 +891,23 @@ components:
FindEndpointListItemsFilter:
$ref: '#/components/schemas/NonEmptyString'
ListId:
$ref: '#/components/schemas/NonEmptyString'
description: Value list's identifier.
example: 21b01cfb-058d-44b9-838c-282be16c91cd
format: nonempty
minLength: 1
type: string
ListType:
description: >
Specifies the Elasticsearch data type of excludes the list container
holds. Some common examples:
- `keyword`: Many ECS fields are Elasticsearch keywords
- `ip`: IP addresses
- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR
notation)
enum:
- binary
- boolean

17
x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml
View file

@ -3259,8 +3259,23 @@ components:
example: exception-list.attributes.name:%Detection%20List
type: string
ListId:
$ref: '#/components/schemas/NonEmptyString'
description: Value list's identifier.
example: 21b01cfb-058d-44b9-838c-282be16c91cd
format: nonempty
minLength: 1
type: string
ListType:
description: >
Specifies the Elasticsearch data type of excludes the list container
holds. Some common examples:
- `keyword`: Many ECS fields are Elasticsearch keywords
- `ip`: IP addresses
- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR
notation)
enum:
- binary
- boolean

17
x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml
View file

@ -3259,8 +3259,23 @@ components:
example: exception-list.attributes.name:%Detection%20List
type: string
ListId:
$ref: '#/components/schemas/NonEmptyString'
description: Value list's identifier.
example: 21b01cfb-058d-44b9-838c-282be16c91cd
format: nonempty
minLength: 1
type: string
ListType:
description: >
Specifies the Elasticsearch data type of excludes the list container
holds. Some common examples:
- `keyword`: Many ECS fields are Elasticsearch keywords
- `ip`: IP addresses
- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR
notation)
enum:
- binary
- boolean

8
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/create_list/create_list.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Create list API endpoint
* title: Create value list API endpoint
* version: 2023-10-31
*/
@ -21,6 +21,8 @@ import {
ListName,
ListDescription,
ListType,
ListSerializer,
ListDeserializer,
ListMetadata,
} from '../model/list_common.gen';
import { List } from '../model/list_schemas.gen';
@ -31,8 +33,8 @@ export const CreateListRequestBody = z.object({
name: ListName,
description: ListDescription,
type: ListType,
serializer: z.string().optional(),
deserializer: z.string().optional(),
serializer: ListSerializer.optional(),
deserializer: ListDeserializer.optional(),
meta: ListMetadata.optional(),
version: z.number().int().min(1).optional().default(1),
});

130
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/create_list/create_list.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Create list API endpoint
title: Create value list API endpoint
version: '2023-10-31'
paths:
/api/lists:
@ -8,10 +8,10 @@ paths:
x-labels: [serverless, ess]
operationId: CreateList
x-codegen-enabled: true
summary: Create a list
description: Create a new list.
summary: Create a value list
description: Create a new value list.
requestBody:
description: List's properties
description: Value list's properties
required: true
content:
application/json:
@ -27,9 +27,9 @@ paths:
type:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListType'
serializer:
type: string
$ref: '../model/list_common.schema.yaml#/components/schemas/ListSerializer'
deserializer:
type: string
$ref: '../model/list_common.schema.yaml#/components/schemas/ListDeserializer'
meta:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListMetadata'
version:
@ -40,6 +40,34 @@ paths:
- name
- description
- type
examples:
ip:
value:
id: ip_list
name: Simple list with ips
description: This list describes bad internet ips
type: ip
ip_range:
value:
id: ip_range_list
name: Simple list with ip ranges
description: This list has ip ranges
type: ip_range
keyword:
value:
id: keyword_list
name: Simple list with a keyword
description: This list describes bad host names
type: keyword
keyword_custom_format:
value:
id: keyword_custom_format_list
name: Simple list with a keyword using a custom format
description: This parses the first found ipv4 only
serializer: (?<value>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))
deserializer: '{{value}}'
type: keyword
responses:
200:
description: Successful response
@ -47,6 +75,69 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/List'
examples:
ip:
value:
id: ip_list
type: ip
name: Simple list with ips
description: This list describes bad internet ips
immutable: false
'@timestamp': 2025-01-08T04:47:34.273Z
version: 1
_version: WzAsMV0=
tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at: 2025-01-08T04:47:34.273Z
created_by: elastic
updated_at: 2025-01-08T04:47:34.273Z
updated_by: elastic
ip_range:
value:
id: ip_range_list
type: ip_range
name: Simple list with ip ranges
description: This list has ip ranges
immutable: false
'@timestamp': 2025-01-09T18:23:52.241Z
version: 1
_version: WzAsMV0=
tie_breaker_id: 74aebdaf-601f-4940-b351-155728ff7003
created_at: 2025-01-09T18:23:52.241Z
created_by: elastic
updated_at: 2025-01-09T18:23:52.241Z
updated_by: elastic
keyword:
value:
id: keyword_list
type: keyword
name: Simple list with a keyword
description: This list describes bad host names
immutable: false
'@timestamp': 2025-01-09T18:24:55.786Z
version: 1
_version: WzEsMV0=
tie_breaker_id: f7e7dbaa-daf7-4c9a-a3dc-56643923ef68
created_at: 2025-01-09T18:24:55.786Z
created_by: elastic
updated_at: 2025-01-09T18:24:55.786Z
updated_by: elastic
keyword_custom_format:
value:
id: keyword_custom_format_list
type: keyword
name: Simple list with a keyword using a custom format
description: This parses the first found ipv4 only
serializer: '(?<value>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'
deserializer: '{{value}}'
immutable: false
'@timestamp': 2025-01-09T18:25:39.604Z
version: 1
_version: WzIsMV0=
tie_breaker_id: 8247ae63-b780-47b8-9a89-948b643e9ec2
created_at: 2025-01-09T18:25:39.604Z
created_by: elastic
updated_at: 2025-01-09T18:25:39.604Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -55,27 +146,54 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: To create a list, the data stream must exist first. Data stream \".lists-default\" does not exist
status_code: 400
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [POST /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
409:
description: List already exists response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
alreadyExists:
value:
message: 'list id: "keyword_custom_format_list" already exists'
status_code: 409
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

17
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/create_list_index/create_list_index.schema.yaml
View file

@ -35,6 +35,13 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: |
[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]
403:
description: Not enough privileges response
content:
@ -47,9 +54,19 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
alreadyExists:
value:
message: 'data stream: \".lists-default\" and \".items-default\" already exists'
status_code: 409
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

4
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/create_list_item/create_list_item.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Create list item API endpoint
* title: Create value list item API endpoint
* version: 2023-10-31
*/
@ -26,7 +26,7 @@ export const CreateListItemRequestBody = z.object({
value: ListItemValue,
meta: ListItemMetadata.optional(),
/**
* Determines when changes made by the request are made visible to search
* Determines when changes made by the request are made visible to search.
*/
refresh: z.enum(['true', 'false', 'wait_for']).optional(),
});

105
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/create_list_item/create_list_item.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Create list item API endpoint
title: Create value list item API endpoint
version: '2023-10-31'
paths:
/api/lists/items:
@ -8,15 +8,15 @@ paths:
x-labels: [serverless, ess]
operationId: CreateListItem
x-codegen-enabled: true
summary: Create a list item
summary: Create a value list item
description: |
Create a list item and associate it with the specified list.
Create a value list item and associate it with the specified value list.
All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.
All value list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.
> info
> Before creating a list item, you must create a list.
requestBody:
description: List item's properties
description: Value list item's properties
required: true
content:
application/json:
@ -37,10 +37,24 @@ paths:
- 'true'
- 'false'
- wait_for
description: Determines when changes made by the request are made visible to search
description: Determines when changes made by the request are made visible to search.
example: wait_for
required:
- list_id
- value
examples:
ip:
value:
list_id: ip_list
value: 127.0.0.1
ip_range:
value:
list_id: ip_range_list
value: 192.168.0.0/16
keyword:
value:
list_id: keyword_list
value: zeek
responses:
200:
description: Successful response
@ -48,6 +62,46 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/ListItem'
examples:
ip:
value:
id: 21b01cfb-058d-44b9-838c-282be16c91cc
type: ip
list_id: ip_list
value: 127.0.0.1
'@timestamp': 2025-01-08T04:59:06.154Z
_version: WzAsMV0=
tie_breaker_id: b57c762c-3036-465c-9bfb-7bfb5e6e515a
created_at: 2025-01-08T04:59:06.154Z
created_by: elastic
updated_at: 2025-01-08T04:59:06.154Z
updated_by: elastic
ip_range:
value:
id: ip_range_item
type: ip_range
list_id: ip_range_list
value: 192.168.0.0/16
'@timestamp': 2025-01-09T18:33:08.202Z
_version: WzEsMV0=
tie_breaker_id: ea1b4189-efda-4637-b8f9-74655a5ebb61
created_at: 2025-01-09T18:33:08.202Z
created_by: elastic
updated_at: 2025-01-09T18:33:08.202Z
updated_by: elastic
keyword:
value:
id: 7f24737d-1da8-4626-a568-33070591bb4e
type: keyword
list_id: keyword_list
value: zeek
'@timestamp': 2025-01-09T18:34:29.422Z
_version: WzIsMV0=
tie_breaker_id: 2108ced2-5e5d-401e-a88e-4dd69fc5fa27
created_at: 2025-01-09T18:34:29.422Z
created_by: elastic
updated_at: 2025-01-09T18:34:29.422Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -56,27 +110,66 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400
error: Bad Request
message: 'uri [/api/lists/items] with method [post] exists but is not available with the current configuration'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [POST /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
404:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
listNotFound:
value:
message: 'list id: \"ip_list\" does not exist'
status_code: 404
409:
description: List item already exists response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
alreadyExists:
value:
message: 'list item id: \"ip_item\" already exists'
status_code: 409
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

11
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/delete_list/delete_list.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Delete list API endpoint
* title: Delete value list API endpoint
* version: 2023-10-31
*/
@ -22,11 +22,14 @@ import { List } from '../model/list_schemas.gen';
export type DeleteListRequestQuery = z.infer<typeof DeleteListRequestQuery>;
export const DeleteListRequestQuery = z.object({
/**
* List's `id` value
*/
id: ListId,
/**
* Determines whether exception items referencing this value list should be deleted.
*/
deleteReferences: BooleanFromString.optional().default(false),
/**
* Determines whether to delete value list without performing any additional checks of where this list may be utilized.
*/
ignoreReferences: BooleanFromString.optional().default(false),
});
export type DeleteListRequestQueryInput = z.input<typeof DeleteListRequestQuery>;

55
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/delete_list/delete_list.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Delete list API endpoint
title: Delete value list API endpoint
version: '2023-10-31'
paths:
/api/lists:
@ -8,16 +8,15 @@ paths:
x-labels: [serverless, ess]
operationId: DeleteList
x-codegen-enabled: true
summary: Delete a list
summary: Delete a value list
description: |
Delete a list using the list ID.
Delete a value list using the list ID.
> info
> When you delete a list, all of its list items are also deleted.
parameters:
- name: id
in: query
required: true
description: List's `id` value
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListId'
- name: deleteReferences
@ -26,12 +25,16 @@ paths:
schema:
type: boolean
default: false
example: false
description: Determines whether exception items referencing this value list should be deleted.
- name: ignoreReferences
in: query
required: false
schema:
type: boolean
default: false
example: false
description: Determines whether to delete value list without performing any additional checks of where this list may be utilized.
responses:
200:
description: Successful response
@ -39,6 +42,22 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/List'
examples:
ipList:
value:
id: 21b01cfb-058d-44b9-838c-282be16c91cd
type: ip
name: Bad ips
description: List of bad internet ips.
immutable: false
'@timestamp': 2025-01-08T04:47:34.273Z
version: 3
_version: WzIsMV0=
tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at: 2025-01-08T04:47:34.273Z
created_by: elastic
updated_at: 2025-01-08T05:39:39.292Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -47,27 +66,55 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400
error: Bad Request
message: '[request query]: id: Required'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [DELETE /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
404:
description: List not found response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: 'list id: \"ip_list\" was not found'
status_code: 404
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

2
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/delete_list_index/delete_list_index.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Delete list DS API endpoint
* title: Delete value list DS API endpoint
* version: 2023-10-31
*/

15
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/delete_list_index/delete_list_index.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Delete list DS API endpoint
title: Delete value list DS API endpoint
version: '2023-10-31'
paths:
/api/lists/index:
@ -8,7 +8,7 @@ paths:
x-labels: [serverless, ess]
operationId: DeleteListIndex
x-codegen-enabled: true
summary: Delete list data streams
summary: Delete value list data streams
description: Delete the `.lists` and `.items` data streams.
responses:
200:
@ -35,6 +35,12 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
@ -53,3 +59,8 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

14
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/delete_list_item/delete_list_item.gen.ts
View file

@ -10,31 +10,31 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Delete list item API endpoint
* title: Delete value list item API endpoint
* version: 2023-10-31
*/
import { z } from '@kbn/zod';
import { ListId } from '../model/list_common.gen';
import { ListItemId, ListId } from '../model/list_common.gen';
import { ListItem } from '../model/list_schemas.gen';
export type DeleteListItemRequestQuery = z.infer<typeof DeleteListItemRequestQuery>;
export const DeleteListItemRequestQuery = z.object({
/**
* Required if `list_id` and `value` are not specified
* Value list item's identifier. Required if `list_id` and `value` are not specified.
*/
id: ListId.optional(),
id: ListItemId.optional(),
/**
* Required if `id` is not specified
* Value list's identifier. Required if `id` is not specified.
*/
list_id: ListId.optional(),
/**
* Required if `id` is not specified
* The value used to evaluate exceptions. Required if `id` is not specified.
*/
value: z.string().optional(),
/**
* Determines when changes made by the request are made visible to search
* Determines when changes made by the request are made visible to search.
*/
refresh: z.enum(['true', 'false', 'wait_for']).optional().default('false'),
});

59
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/delete_list_item/delete_list_item.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Delete list item API endpoint
title: Delete value list item API endpoint
version: '2023-10-31'
paths:
/api/lists/items:
@ -8,35 +8,37 @@ paths:
x-labels: [serverless, ess]
operationId: DeleteListItem
x-codegen-enabled: true
summary: Delete a list item
description: Delete a list item using its `id`, or its `list_id` and `value` fields.
summary: Delete a value list item
description: Delete a value list item using its `id`, or its `list_id` and `value` fields.
parameters:
- name: id
in: query
required: false
description: Required if `list_id` and `value` are not specified
description: Value list item's identifier. Required if `list_id` and `value` are not specified.
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListId'
$ref: '../model/list_common.schema.yaml#/components/schemas/ListItemId'
- name: list_id
in: query
required: false
description: Required if `id` is not specified
description: Value list's identifier. Required if `id` is not specified.
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListId'
- name: value
in: query
required: false
description: Required if `id` is not specified
description: The value used to evaluate exceptions. Required if `id` is not specified.
schema:
type: string
example: 255.255.255.255
- name: refresh
in: query
required: false
description: Determines when changes made by the request are made visible to search
description: Determines when changes made by the request are made visible to search.
schema:
type: string
enum: ['true', 'false', 'wait_for']
default: 'false'
example: false
responses:
200:
description: Successful response
@ -48,6 +50,20 @@ paths:
- type: array
items:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/ListItem'
examples:
ip:
value:
id: pd1WRJQBs4HAK3VQeHFI
type: ip
list_id: ip_list
value: 255.255.255.255
'@timestamp': 2025-01-08T05:15:05.159Z
_version: WzIwLDFd
tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3
created_at: 2025-01-08T05:15:05.159Z
created_by: elastic
updated_at: 2025-01-08T05:44:14.009Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -56,27 +72,54 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
message: 'Either \"list_id\" or \"id\" needs to be defined in the request'
status_code: 400
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [DELETE /api/lists/items?id=pd1WRJQBs4HAK3VQeHFI] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
404:
description: List item not found response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: 'list item with id: \"pd1WRJQBs4HAK3VQeHFI\" not found'
status_code: 404
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

4
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/export_list_items/export_list_items.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Export list items API endpoint
* title: Export value list items API endpoint
* version: 2023-10-31
*/
@ -21,7 +21,7 @@ import { ListId } from '../model/list_common.gen';
export type ExportListItemsRequestQuery = z.infer<typeof ExportListItemsRequestQuery>;
export const ExportListItemsRequestQuery = z.object({
/**
* List's id to export
* Value list's `id` to export.
*/
list_id: ListId,
});

40
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/export_list_items/export_list_items.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Export list items API endpoint
title: Export value list items API endpoint
version: '2023-10-31'
paths:
/api/lists/items/_export:
@ -8,13 +8,13 @@ paths:
x-labels: [serverless, ess]
operationId: ExportListItems
x-codegen-enabled: true
summary: Export list items
description: Export list item values from the specified list.
summary: Export value list items
description: Export list item values from the specified value list.
parameters:
- name: list_id
in: query
required: true
description: List's id to export
description: Value list's `id` to export.
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListId'
responses:
@ -26,6 +26,16 @@ paths:
type: string
format: binary
description: A `.txt` file containing list items from the specified list
example: |
127.0.0.1
127.0.0.2
127.0.0.3
127.0.0.4
127.0.0.5
127.0.0.6
127.0.0.7
127.0.0.8
127.0.0.9
400:
description: Invalid input data response
content:
@ -34,18 +44,35 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400
error: 'Bad Request","message":"[request query]: list_id: Required'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [POST /api/lists/items/_export?list_id=ips.txt] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]'
404:
description: List not found response
content:
@ -58,3 +85,8 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

24
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/find_list_items/find_list_items.gen.ts
View file

@ -15,45 +15,39 @@
*/
import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { NonEmptyString } from '@kbn/openapi-common/schemas/primitives.gen';
import { ListId } from '../model/list_common.gen';
import { ListItem } from '../model/list_schemas.gen';
/**
* Returns the items that come after the last item returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all items are sorted and returned correctly.
*/
export type FindListItemsCursor = z.infer<typeof FindListItemsCursor>;
export const FindListItemsCursor = NonEmptyString;
export const FindListItemsCursor = z.string().min(1).superRefine(isNonEmptyString);
export type FindListItemsFilter = z.infer<typeof FindListItemsFilter>;
export const FindListItemsFilter = z.string();
export type FindListItemsRequestQuery = z.infer<typeof FindListItemsRequestQuery>;
export const FindListItemsRequestQuery = z.object({
/**
* List's id
*/
list_id: ListId,
/**
* The page number to return
* The page number to return.
*/
page: z.coerce.number().int().optional(),
/**
* The number of list items to return per page
* The number of list items to return per page.
*/
per_page: z.coerce.number().int().optional(),
/**
* Determines which field is used to sort the results
* Determines which field is used to sort the results.
*/
sort_field: NonEmptyString.optional(),
sort_field: z.string().min(1).superRefine(isNonEmptyString).optional(),
/**
* Determines the sort order, which can be `desc` or `asc`
*/
sort_order: z.enum(['desc', 'asc']).optional(),
/**
* Returns the list that come after the last list returned in the previous call
(use the cursor value returned in the previous call). This parameter uses
the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
*/
cursor: FindListItemsCursor.optional(),
/**
* Filters the returned results according to the value of the specified field,

72
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/find_list_items/find_list_items.schema.yaml
View file

@ -8,33 +8,37 @@ paths:
x-labels: [serverless, ess]
operationId: FindListItems
x-codegen-enabled: true
summary: Get list items
description: Get all list items in the specified list.
summary: Get value list items
description: Get all value list items in the specified list.
parameters:
- name: list_id
in: query
required: true
description: List's id
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListId'
- name: page
in: query
required: false
description: The page number to return
description: The page number to return.
schema:
type: integer
example: 1
- name: per_page
in: query
required: false
description: The number of list items to return per page
description: The number of list items to return per page.
schema:
type: integer
example: 20
- name: sort_field
in: query
required: false
description: Determines which field is used to sort the results
description: Determines which field is used to sort the results.
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
example: value
- name: sort_order
in: query
required: false
@ -42,13 +46,10 @@ paths:
schema:
type: string
enum: [desc, asc]
example: asc
- name: cursor
in: query
required: false
description: |
Returns the list that come after the last list returned in the previous call
(use the cursor value returned in the previous call). This parameter uses
the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
schema:
$ref: '#/components/schemas/FindListItemsCursor'
- name: filter
@ -88,6 +89,25 @@ paths:
- per_page
- total
- cursor
examples:
ip:
value:
data:
- id: 21b01cfb-058d-44b9-838c-282be16c91cc
type: ip
list_id: ip_list
value: 127.0.0.1
'@timestamp': 2025-01-08T04:59:06.154Z
_version: WzAsMV0=
tie_breaker_id: b57c762c-3036-465c-9bfb-7bfb5e6e515a
created_at: 2025-01-08T04:59:06.154Z
created_by: elastic
updated_at: 2025-01-08T04:59:06.154Z
updated_by: elastic
page: 1
per_page: 20
total: 1
cursor: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d
400:
description: Invalid input data response
content:
@ -96,29 +116,57 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400,
error: Bad Request,
message: '[request query]: list_id: Required'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [GET /api/lists/items/_find?list_id=ip_list&page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]'
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500
components:
schemas:
FindListItemsCursor:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
description: 'Returns the items that come after the last item returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all items are sorted and returned correctly.'
example: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d
FindListItemsFilter:
type: string
example: 'value:127.0.0.1'

23
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/find_lists/find_lists.gen.ts
View file

@ -10,17 +10,17 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Find lists API endpoint
* title: Find value lists API endpoint
* version: 2023-10-31
*/
import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { NonEmptyString } from '@kbn/openapi-common/schemas/primitives.gen';
import { List } from '../model/list_schemas.gen';
export type FindListsCursor = z.infer<typeof FindListsCursor>;
export const FindListsCursor = NonEmptyString;
export const FindListsCursor = z.string().min(1).superRefine(isNonEmptyString);
export type FindListsFilter = z.infer<typeof FindListsFilter>;
export const FindListsFilter = z.string();
@ -28,27 +28,24 @@ export const FindListsFilter = z.string();
export type FindListsRequestQuery = z.infer<typeof FindListsRequestQuery>;
export const FindListsRequestQuery = z.object({
/**
* The page number to return
* The page number to return.
*/
page: z.coerce.number().int().optional(),
/**
* The number of lists to return per page
* The number of value lists to return per page.
*/
per_page: z.coerce.number().int().optional(),
/**
* Determines which field is used to sort the results
* Determines which field is used to sort the results.
*/
sort_field: NonEmptyString.optional(),
sort_field: z.string().min(1).superRefine(isNonEmptyString).optional(),
/**
* Determines the sort order, which can be `desc` or `asc`
*/
sort_order: z.enum(['desc', 'asc']).optional(),
/**
* Returns the list that come after the last list returned in the previous call
(use the cursor value returned in the previous call). This parameter uses
the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
*/
/**
* Returns the lists that come after the last lists returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
*/
cursor: FindListsCursor.optional(),
/**
* Filters the returned results according to the value of the specified field,

78
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/find_lists/find_lists.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Find lists API endpoint
title: Find value lists API endpoint
version: '2023-10-31'
paths:
/api/lists/_find:
@ -8,27 +8,32 @@ paths:
x-labels: [serverless, ess]
operationId: FindLists
x-codegen-enabled: true
summary: Get lists
description: Get a paginated subset of lists. By default, the first page is returned, with 20 results per page.
summary: Get value lists
description: Get a paginated subset of value lists. By default, the first page is returned, with 20 results per page.
parameters:
- name: page
in: query
required: false
description: The page number to return
description: The page number to return.
schema:
type: integer
example: 1
- name: per_page
in: query
required: false
description: The number of lists to return per page
description: The number of value lists to return per page.
schema:
type: integer
example: 20
- name: sort_field
in: query
required: false
description: Determines which field is used to sort the results
description: Determines which field is used to sort the results.
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
example: name
- name: sort_order
in: query
required: false
@ -36,13 +41,11 @@ paths:
schema:
type: string
enum: [desc, asc]
example: asc
- name: cursor
in: query
required: false
description: |
Returns the list that come after the last list returned in the previous call
(use the cursor value returned in the previous call). This parameter uses
the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
description: 'Returns the lists that come after the last lists returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.'
schema:
$ref: '#/components/schemas/FindListsCursor'
- name: filter
@ -82,6 +85,30 @@ paths:
- per_page
- total
- cursor
examples:
ipList:
value:
data:
- id: ip_list
type: ip
name: Simple list with an ip
description: This list describes bad internet ip
immutable: false
'@timestamp': |
2025-01-08T04:47:34.273Z
version: 1
_version: WzAsMV0=
tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at: |
2025-01-08T04:47:34.273Z
created_by: elastic
updated_at: |
2025-01-08T04:47:34.273Z
updated_by: elastic
page: 1
per_page: 20
total: 1
cursor: WzIwLFsiZjU1MDgxODgtYjFlOS00ZTZlLTk2NjItZDAzOWE3ZDg5ODk5Il1d
400:
description: Invalid input data response
content:
@ -90,29 +117,56 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400
error: Bad Request
message: '[request query]: page: Expected number, received nan'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [GET /api/lists/_find?page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]'
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500
components:
schemas:
FindListsCursor:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
example: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d
FindListsFilter:
type: string
example: 'value:127.0.0.1'

21
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/import_list_items/import_list_items.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Import list items API endpoint
* title: Import value list items API endpoint
* version: 2023-10-31
*/
@ -31,14 +31,29 @@ Required when importing to an existing list.
/**
* Type of the importing list.
Required when importing a new list that is `list_id` is not specified.
Required when importing a new list whose list `id` is not specified.
*/
type: ListType.optional(),
/**
* Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups:
- `(?<value>.+)` - Single value item types, such as ip, long, date, keyword, and text.
- `(?<gte>.+)-(?<lte>.+)|(?<value>.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.
*/
serializer: z.string().optional(),
/**
* Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions:
- `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`.
- `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.
- `{{{gte}}},{{{lte}}}` - Date range values.
*/
deserializer: z.string().optional(),
/**
* Determines when changes made by the request are made visible to search
* Determines when changes made by the request are made visible to search.
*/
refresh: z.enum(['true', 'false', 'wait_for']).optional(),
});

77
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/import_list_items/import_list_items.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Import list items API endpoint
title: Import value list items API endpoint
version: '2023-10-31'
paths:
/api/lists/items/_import:
@ -8,9 +8,9 @@ paths:
x-labels: [serverless, ess]
operationId: ImportListItems
x-codegen-enabled: true
summary: Import list items
summary: Import value list items
description: |
Import list items from a TXT or CSV file. The maximum file size is 9 million bytes.
Import value list items from a TXT or CSV file. The maximum file size is 9 million bytes.
You can import items to a new or existing list.
requestBody:
@ -23,7 +23,17 @@ paths:
file:
type: string
format: binary
description: A `.txt` or `.csv` file containing newline separated list items
description: A `.txt` or `.csv` file containing newline separated list items.
example: |
127.0.0.1
127.0.0.2
127.0.0.3
127.0.0.4
127.0.0.5
127.0.0.6
127.0.0.7
127.0.0.8
127.0.0.9
parameters:
- name: list_id
in: query
@ -40,26 +50,43 @@ paths:
description: |
Type of the importing list.
Required when importing a new list that is `list_id` is not specified.
Required when importing a new list whose list `id` is not specified.
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListType'
examples:
ip:
value: ip
- name: serializer
in: query
required: false
description: |
Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups:
- `(?<value>.+)` - Single value item types, such as ip, long, date, keyword, and text.
- `(?<gte>.+)-(?<lte>.+)|(?<value>.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.
schema:
type: string
example: (?<value>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))
- name: deserializer
in: query
required: false
description: |
Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions:
- `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`.
- `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.
- `{{{gte}}},{{{lte}}}` - Date range values.
schema:
type: string
example: '{{value}}'
- name: refresh
in: query
required: false
description: Determines when changes made by the request are made visible to search
description: Determines when changes made by the request are made visible to search.
schema:
type: string
enum: ['true', 'false', 'wait_for']
example: true
responses:
200:
description: Successful response
@ -67,6 +94,22 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/List'
examples:
ip:
value:
id: ip_list
type: ip
name: Simple list with an ip
description: This list describes bad internet ip
immutable: false
'@timestamp': 2025-01-08T04:47:34.273Z
version: 1
_version: WzAsMV0=
tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at: 2025-01-08T04:47:34.273Z
created_by: elastic
updated_at: 2025-01-08T04:47:34.273Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -75,18 +118,35 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
message: 'Either type or list_id need to be defined in the query'
status_code: 400
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [POST /api/lists/items/_import?list_id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
409:
description: List with specified list_id does not exist response
content:
@ -99,3 +159,8 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

83
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/model/list_common.gen.ts
View file

@ -10,17 +10,27 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Common List Attributes
* title: Common Value List Attributes
* version: not applicable
*/
import { z } from '@kbn/zod';
import { isNonEmptyString } from '@kbn/zod-helpers';
import { NonEmptyString } from '@kbn/openapi-common/schemas/primitives.gen';
/**
* Value list's identifier.
*/
export type ListId = z.infer<typeof ListId>;
export const ListId = NonEmptyString;
export const ListId = z.string().min(1).superRefine(isNonEmptyString);
/**
* Specifies the Elasticsearch data type of excludes the list container holds. Some common examples:
- `keyword`: Many ECS fields are Elasticsearch keywords
- `ip`: IP addresses
- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation)
*/
export type ListType = z.infer<typeof ListType>;
export const ListType = z.enum([
'binary',
@ -50,23 +60,78 @@ export const ListType = z.enum([
export type ListTypeEnum = typeof ListType.enum;
export const ListTypeEnum = ListType.enum;
/**
* Value list's name.
*/
export type ListName = z.infer<typeof ListName>;
export const ListName = NonEmptyString;
export const ListName = z.string().min(1).superRefine(isNonEmptyString);
/**
* Describes the value list.
*/
export type ListDescription = z.infer<typeof ListDescription>;
export const ListDescription = NonEmptyString;
export const ListDescription = z.string().min(1).superRefine(isNonEmptyString);
/**
* Placeholder for metadata about the value list.
*/
export type ListMetadata = z.infer<typeof ListMetadata>;
export const ListMetadata = z.object({}).catchall(z.unknown());
/**
* Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups:
- `(?<value>.+)` - Single value item types, such as ip, long, date, keyword, and text.
- `(?<gte>.+)-(?<lte>.+)|(?<value>.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.
*/
export type ListSerializer = z.infer<typeof ListSerializer>;
export const ListSerializer = z.string();
/**
* Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions:
- `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`.
- `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.
- `{{{gte}}},{{{lte}}}` - Date range values.
*/
export type ListDeserializer = z.infer<typeof ListDeserializer>;
export const ListDeserializer = z.string();
/**
* The document version number.
*/
export type ListVersion = z.infer<typeof ListVersion>;
export const ListVersion = z.number().int().min(1);
/**
* The version id, normally returned by the API when the document is retrieved. Use it ensure updates are done against the latest version.
*/
export type ListVersionId = z.infer<typeof ListVersionId>;
export const ListVersionId = z.string();
/**
* Value list item's identifier.
*/
export type ListItemId = z.infer<typeof ListItemId>;
export const ListItemId = NonEmptyString;
export const ListItemId = z.string().min(1).superRefine(isNonEmptyString);
/**
* The value used to evaluate exceptions.
*/
export type ListItemValue = z.infer<typeof ListItemValue>;
export const ListItemValue = NonEmptyString;
export const ListItemValue = z.string().min(1).superRefine(isNonEmptyString);
/**
* Describes the value list item.
*/
export type ListItemDescription = z.infer<typeof ListItemDescription>;
export const ListItemDescription = NonEmptyString;
export const ListItemDescription = z.string().min(1).superRefine(isNonEmptyString);
/**
* Placeholder for metadata about the value list item.
*/
export type ListItemMetadata = z.infer<typeof ListItemMetadata>;
export const ListItemMetadata = z.object({}).catchall(z.unknown());

75
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/model/list_common.schema.yaml
View file

@ -1,12 +1,16 @@
openapi: 3.0.0
info:
title: Common List Attributes
title: Common Value List Attributes
version: 'not applicable'
paths: {}
components:
schemas:
ListId:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
description: Value list's identifier.
example: 21b01cfb-058d-44b9-838c-282be16c91cd
ListType:
type: string
@ -34,26 +38,83 @@ components:
- shape
- short
- text
description: |
Specifies the Elasticsearch data type of excludes the list container holds. Some common examples:
- `keyword`: Many ECS fields are Elasticsearch keywords
- `ip`: IP addresses
- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation)
ListName:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
description: Value list's name.
example: 'List of bad IPs'
ListDescription:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
description: Describes the value list.
ListMetadata:
type: object
additionalProperties: true
description: Placeholder for metadata about the value list.
ListSerializer:
type: string
description: |
Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups:
- `(?<value>.+)` - Single value item types, such as ip, long, date, keyword, and text.
- `(?<gte>.+)-(?<lte>.+)|(?<value>.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.
example: (?<value>((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))
ListDeserializer:
type: string
description: |
Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions:
- `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`.
- `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.
- `{{{gte}}},{{{lte}}}` - Date range values.
example: '{{value}}'
ListVersion:
type: integer
minimum: 1
description: The document version number.
example: 1
ListVersionId:
type: string
description: |
The version id, normally returned by the API when the document is retrieved. Use it ensure updates are done against the latest version.
example: WzIsMV0=
ListItemId:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
description: Value list item's identifier.
example: 54b01cfb-058d-44b9-838c-282be16c91cd
ListItemValue:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
description: The value used to evaluate exceptions.
ListItemDescription:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString'
type: string
minLength: 1
format: nonempty
description: Describes the value list item.
example: Value list description.
ListItemMetadata:
type: object
additionalProperties: true
description: Placeholder for metadata about the value list item.

48
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/model/list_schemas.gen.ts
View file

@ -21,7 +21,11 @@ import {
ListType,
ListName,
ListDescription,
ListSerializer,
ListDeserializer,
ListMetadata,
ListVersion,
ListVersionId,
ListItemId,
ListItemValue,
ListItemMetadata,
@ -33,17 +37,32 @@ export const List = z.object({
type: ListType,
name: ListName,
description: ListDescription,
serializer: z.string().optional(),
deserializer: z.string().optional(),
serializer: ListSerializer.optional(),
deserializer: ListDeserializer.optional(),
immutable: z.boolean(),
meta: ListMetadata.optional(),
'@timestamp': z.string().datetime().optional(),
version: z.number().int().min(1),
_version: z.string().optional(),
version: ListVersion,
_version: ListVersionId.optional(),
/**
* Field used in search to ensure all containers are sorted and returned correctly.
*/
tie_breaker_id: z.string(),
/**
* Autogenerated date of object creation.
*/
created_at: z.string().datetime(),
/**
* Autogenerated value - user that created object.
*/
created_by: z.string(),
/**
* Autogenerated date of last object update.
*/
updated_at: z.string().datetime(),
/**
* Autogenerated value - user that last updated object.
*/
updated_by: z.string(),
});
@ -53,14 +72,29 @@ export const ListItem = z.object({
type: ListType,
list_id: ListId,
value: ListItemValue,
serializer: z.string().optional(),
deserializer: z.string().optional(),
serializer: ListSerializer.optional(),
deserializer: ListDeserializer.optional(),
meta: ListItemMetadata.optional(),
'@timestamp': z.string().datetime().optional(),
_version: z.string().optional(),
_version: ListVersionId.optional(),
/**
* Field used in search to ensure all containers are sorted and returned correctly.
*/
tie_breaker_id: z.string(),
/**
* Autogenerated date of object creation.
*/
created_at: z.string().datetime(),
/**
* Autogenerated value - user that created object.
*/
created_by: z.string(),
/**
* Autogenerated date of last object update.
*/
updated_at: z.string().datetime(),
/**
* Autogenerated value - user that last updated object.
*/
updated_by: z.string(),
});

37
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/model/list_schemas.schema.yaml
View file

@ -17,9 +17,9 @@ components:
description:
$ref: './list_common.schema.yaml#/components/schemas/ListDescription'
serializer:
type: string
$ref: './list_common.schema.yaml#/components/schemas/ListSerializer'
deserializer:
type: string
$ref: './list_common.schema.yaml#/components/schemas/ListDeserializer'
immutable:
type: boolean
meta:
@ -27,23 +27,33 @@ components:
'@timestamp':
type: string
format: date-time
example: 2025-01-08T04:47:34.273Z
version:
type: integer
minimum: 1
$ref: './list_common.schema.yaml#/components/schemas/ListVersion'
_version:
type: string
$ref: './list_common.schema.yaml#/components/schemas/ListVersionId'
tie_breaker_id:
type: string
description: Field used in search to ensure all containers are sorted and returned correctly.
example: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at:
type: string
format: date-time
description: Autogenerated date of object creation.
example: 2025-01-08T04:47:34.273Z
created_by:
type: string
description: Autogenerated value - user that created object.
example: elastic
updated_at:
type: string
format: date-time
description: Autogenerated date of last object update.
example: 2025-01-08T04:47:34.273Z
updated_by:
type: string
description: Autogenerated value - user that last updated object.
example: elastic
required:
- id
- type
@ -69,28 +79,39 @@ components:
value:
$ref: './list_common.schema.yaml#/components/schemas/ListItemValue'
serializer:
type: string
$ref: './list_common.schema.yaml#/components/schemas/ListSerializer'
deserializer:
type: string
$ref: './list_common.schema.yaml#/components/schemas/ListDeserializer'
meta:
$ref: './list_common.schema.yaml#/components/schemas/ListItemMetadata'
'@timestamp':
type: string
format: date-time
example: 2025-01-08T04:47:34.273Z
_version:
type: string
$ref: './list_common.schema.yaml#/components/schemas/ListVersionId'
tie_breaker_id:
type: string
description: Field used in search to ensure all containers are sorted and returned correctly.
example: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at:
type: string
format: date-time
description: Autogenerated date of object creation.
example: 2025-01-08T04:47:34.273Z
created_by:
type: string
description: Autogenerated value - user that created object.
example: elastic
updated_at:
type: string
format: date-time
description: Autogenerated date of last object update.
example: 2025-01-08T04:47:34.273Z
updated_by:
type: string
description: Autogenerated value - user that last updated object.
example: elastic
required:
- id
- type

15
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/patch_list/patch_list.gen.ts
View file

@ -10,13 +10,20 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Patch list API endpoint
* title: Patch value list API endpoint
* version: 2023-10-31
*/
import { z } from '@kbn/zod';
import { ListId, ListName, ListDescription, ListMetadata } from '../model/list_common.gen';
import {
ListId,
ListName,
ListDescription,
ListMetadata,
ListVersion,
ListVersionId,
} from '../model/list_common.gen';
import { List } from '../model/list_schemas.gen';
export type PatchListRequestBody = z.infer<typeof PatchListRequestBody>;
@ -25,8 +32,8 @@ export const PatchListRequestBody = z.object({
name: ListName.optional(),
description: ListDescription.optional(),
meta: ListMetadata.optional(),
version: z.number().int().min(1).optional(),
_version: z.string().optional(),
version: ListVersion.optional(),
_version: ListVersionId.optional(),
});
export type PatchListRequestBodyInput = z.input<typeof PatchListRequestBody>;

60
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/patch_list/patch_list.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Patch list API endpoint
title: Patch value list API endpoint
version: '2023-10-31'
paths:
/api/lists:
@ -8,10 +8,10 @@ paths:
x-labels: [serverless, ess]
operationId: PatchList
x-codegen-enabled: true
summary: Patch a list
description: Update specific fields of an existing list using the list ID.
summary: Patch a value list
description: Update specific fields of an existing list using the list `id`.
requestBody:
description: List's properties
description: Value list's properties
required: true
content:
application/json:
@ -27,12 +27,14 @@ paths:
meta:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListMetadata'
version:
type: integer
minimum: 1
$ref: '../model/list_common.schema.yaml#/components/schemas/ListVersion'
_version:
type: string
$ref: '../model/list_common.schema.yaml#/components/schemas/ListVersionId'
required:
- id
example:
id: ip_list
name: Bad ips list - UPDATED
responses:
200:
description: Successful response
@ -40,6 +42,22 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/List'
examples:
ip:
value:
id: ip_list
type: ip
name: Bad ips list - UPDATED
description: This list describes bad internet ips
immutable: false
'@timestamp': 2025-01-08T04:47:34.273Z
version: 2
_version: WzEsMV0=
tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at: 2025-01-08T04:47:34.273Z
created_by: elastic
updated_at: 2025-01-08T05:21:53.843Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -48,27 +66,55 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400
error: Bad Request
message: '[request body]: name: Expected string, received number'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [PATCH /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
404:
description: List not found response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: 'list id: \"foo\" not found'
status_code: 404
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

13
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/patch_list_item/patch_list_item.gen.ts
View file

@ -10,13 +10,18 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Patch list item API endpoint
* title: Patch value list item API endpoint
* version: 2023-10-31
*/
import { z } from '@kbn/zod';
import { ListItemId, ListItemValue, ListItemMetadata } from '../model/list_common.gen';
import {
ListItemId,
ListItemValue,
ListItemMetadata,
ListVersionId,
} from '../model/list_common.gen';
import { ListItem } from '../model/list_schemas.gen';
export type PatchListItemRequestBody = z.infer<typeof PatchListItemRequestBody>;
@ -24,9 +29,9 @@ export const PatchListItemRequestBody = z.object({
id: ListItemId,
value: ListItemValue.optional(),
meta: ListItemMetadata.optional(),
_version: z.string().optional(),
_version: ListVersionId.optional(),
/**
* Determines when changes made by the request are made visible to search
* Determines when changes made by the request are made visible to search.
*/
refresh: z.enum(['true', 'false', 'wait_for']).optional(),
});

56
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/patch_list_item/patch_list_item.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Patch list item API endpoint
title: Patch value list item API endpoint
version: '2023-10-31'
paths:
/api/lists/items:
@ -8,10 +8,10 @@ paths:
x-labels: [serverless, ess]
operationId: PatchListItem
x-codegen-enabled: true
summary: Patch a list item
description: Update specific fields of an existing list item using the list item ID.
summary: Patch a value list item
description: Update specific fields of an existing value list item using the item `id`.
requestBody:
description: List item's properties
description: Value list item's properties
required: true
content:
application/json:
@ -25,16 +25,19 @@ paths:
meta:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListItemMetadata'
_version:
type: string
$ref: '../model/list_common.schema.yaml#/components/schemas/ListVersionId'
refresh:
type: string
enum:
- 'true'
- 'false'
- wait_for
description: Determines when changes made by the request are made visible to search
description: Determines when changes made by the request are made visible to search.
required:
- id
example:
id: pd1WRJQBs4HAK3VQeHFI
value: 255.255.255.255
responses:
200:
description: Successful response
@ -42,6 +45,20 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/ListItem'
examples:
ipItem:
value:
id: pd1WRJQBs4HAK3VQeHFI
type: ip
list_id: ip_list
value: '255.255.255.255'
'@timestamp': 2025-01-08T05:15:05.159Z
_version: WzE5LDFd
tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3
created_at: 2025-01-08T05:15:05.159Z
created_by: elastic
updated_at: 2025-01-08T05:23:37.602Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -50,27 +67,54 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
message: '{"took":15,"timed_out":false,"total":1,"updated":0,"deleted":0,"batches":1,"version_conflicts":0,"noops":0,"retries":{"bulk":0,"search":0},"throttled_millis":0,"requests_per_second":-1,"throttled_until_millis":0,"failures":[{"index":".ds-.items-default-2025.01.09-000001","id":"ip_item","cause":{"type":"document_parsing_exception","reason":"[1:107] failed to parse field [ip] of type [ip] in document with id ip_item. Preview of fields value: 2","caused_by":{"type":"illegal_argument_exception","reason":"2 is not an IP string literal."}},"status":400}]}'
status_code: 400
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
404:
description: List item not found response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: 'list item id: \"foo\" not found'
status_code: 404
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

30
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/quickstart_client.gen.ts
View file

@ -76,7 +76,7 @@ export class Client {
this.log = options.log;
}
/**
* Create a new list.
* Create a new value list.
*/
async createList(props: CreateListProps) {
this.log.info(`${new Date().toISOString()} Calling API CreateList`);
@ -107,9 +107,9 @@ export class Client {
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Create a list item and associate it with the specified list.
* Create a value list item and associate it with the specified value list.
All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.
All value list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.
> info
> Before creating a list item, you must create a list.
@ -128,7 +128,7 @@ All list items in the same list must be the same type. For example, each list it
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Delete a list using the list ID.
* Delete a value list using the list ID.
> info
> When you delete a list, all of its list items are also deleted.
@ -163,7 +163,7 @@ All list items in the same list must be the same type. For example, each list it
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Delete a list item using its `id`, or its `list_id` and `value` fields.
* Delete a value list item using its `id`, or its `list_id` and `value` fields.
*/
async deleteListItem(props: DeleteListItemProps) {
this.log.info(`${new Date().toISOString()} Calling API DeleteListItem`);
@ -180,7 +180,7 @@ All list items in the same list must be the same type. For example, each list it
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Export list item values from the specified list.
* Export list item values from the specified value list.
*/
async exportListItems(props: ExportListItemsProps) {
this.log.info(`${new Date().toISOString()} Calling API ExportListItems`);
@ -197,7 +197,7 @@ All list items in the same list must be the same type. For example, each list it
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Get all list items in the specified list.
* Get all value list items in the specified list.
*/
async findListItems(props: FindListItemsProps) {
this.log.info(`${new Date().toISOString()} Calling API FindListItems`);
@ -214,7 +214,7 @@ All list items in the same list must be the same type. For example, each list it
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Get a paginated subset of lists. By default, the first page is returned, with 20 results per page.
* Get a paginated subset of value lists. By default, the first page is returned, with 20 results per page.
*/
async findLists(props: FindListsProps) {
this.log.info(`${new Date().toISOString()} Calling API FindLists`);
@ -231,7 +231,7 @@ All list items in the same list must be the same type. For example, each list it
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Import list items from a TXT or CSV file. The maximum file size is 9 million bytes.
* Import value list items from a TXT or CSV file. The maximum file size is 9 million bytes.
You can import items to a new or existing list.
@ -251,7 +251,7 @@ You can import items to a new or existing list.
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Update specific fields of an existing list using the list ID.
* Update specific fields of an existing list using the list `id`.
*/
async patchList(props: PatchListProps) {
this.log.info(`${new Date().toISOString()} Calling API PatchList`);
@ -267,7 +267,7 @@ You can import items to a new or existing list.
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Update specific fields of an existing list item using the list item ID.
* Update specific fields of an existing value list item using the item `id`.
*/
async patchListItem(props: PatchListItemProps) {
this.log.info(`${new Date().toISOString()} Calling API PatchListItem`);
@ -283,7 +283,7 @@ You can import items to a new or existing list.
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Get the details of a list using the list ID.
* Get the details of a value list using the list ID.
*/
async readList(props: ReadListProps) {
this.log.info(`${new Date().toISOString()} Calling API ReadList`);
@ -315,7 +315,7 @@ You can import items to a new or existing list.
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Get the details of a list item.
* Get the details of a value list item.
*/
async readListItem(props: ReadListItemProps) {
this.log.info(`${new Date().toISOString()} Calling API ReadListItem`);
@ -344,7 +344,7 @@ You can import items to a new or existing list.
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted.
* Update a value list using the list `id`. The original list is replaced, and all unspecified fields are deleted.
> info
> You cannot modify the `id` value.
@ -363,7 +363,7 @@ You can import items to a new or existing list.
.catch(catchAxiosErrorFormatAndThrow);
}
/**
* Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.
* Update a value list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.
> info
> You cannot modify the `id` value.

5
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/read_list/read_list.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Read list API endpoint
* title: Read value list API endpoint
* version: 2023-10-31
*/
@ -21,9 +21,6 @@ import { List } from '../model/list_schemas.gen';
export type ReadListRequestQuery = z.infer<typeof ReadListRequestQuery>;
export const ReadListRequestQuery = z.object({
/**
* List's `id` value
*/
id: ListId,
});
export type ReadListRequestQueryInput = z.input<typeof ReadListRequestQuery>;

51
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/read_list/read_list.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Read list API endpoint
title: Read value list API endpoint
version: '2023-10-31'
paths:
/api/lists:
@ -8,13 +8,12 @@ paths:
x-labels: [serverless, ess]
operationId: ReadList
x-codegen-enabled: true
summary: Get list details
description: Get the details of a list using the list ID.
summary: Get value list details
description: Get the details of a value list using the list ID.
parameters:
- name: id
in: query
required: true
description: List's `id` value
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListId'
responses:
@ -24,6 +23,22 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/List'
examples:
ip:
value:
id: ip_list
type: ip
name: My bad ips
description: This list describes bad internet ip
immutable: false
'@timestamp': 2025-01-08T04:47:34.273Z
version: 1
_version: WzEsMV0=
tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at: 2025-01-08T04:47:34.273Z
created_by: elastic
updated_at: 2025-01-08T05:21:53.843Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -32,27 +47,55 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400
error: Bad Request
message: '[request query]: id: Required'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]"
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [GET /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]'
404:
description: List not found response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: 'list id: \"foo\" not found'
status_code: 404
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

2
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/read_list_index/read_list_index.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Read list DS existence status API endpoint
* title: Read value list DS existence status API endpoint
* version: 2023-10-31
*/

15
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/read_list_index/read_list_index.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Read list DS existence status API endpoint
title: Read value list DS existence status API endpoint
version: '2023-10-31'
paths:
/api/lists/index:
@ -8,7 +8,7 @@ paths:
x-labels: [serverless, ess]
operationId: ReadListIndex
x-codegen-enabled: true
summary: Get status of list data streams
summary: Get status of value list data streams
description: Verify that `.lists` and `.items` data streams exist.
responses:
200:
@ -37,6 +37,12 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
@ -55,3 +61,8 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

8
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/read_list_item/read_list_item.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Read list item API endpoint
* title: Read value list item API endpoint
* version: 2023-10-31
*/
@ -22,15 +22,15 @@ import { ListItem } from '../model/list_schemas.gen';
export type ReadListItemRequestQuery = z.infer<typeof ReadListItemRequestQuery>;
export const ReadListItemRequestQuery = z.object({
/**
* Required if `list_id` and `value` are not specified
* Value list item identifier. Required if `list_id` and `value` are not specified.
*/
id: ListId.optional(),
/**
* Required if `id` is not specified
* Value list item list's `id` identfier. Required if `id` is not specified.
*/
list_id: ListId.optional(),
/**
* Required if `id` is not specified
* The value used to evaluate exceptions. Required if `id` is not specified.
*/
value: z.string().optional(),
});

54
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/read_list_item/read_list_item.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Read list item API endpoint
title: Read value list item API endpoint
version: '2023-10-31'
paths:
/api/lists/items:
@ -8,27 +8,28 @@ paths:
x-labels: [serverless, ess]
operationId: ReadListItem
x-codegen-enabled: true
summary: Get a list item
description: Get the details of a list item.
summary: Get a value list item
description: Get the details of a value list item.
parameters:
- name: id
in: query
required: false
description: Required if `list_id` and `value` are not specified
description: Value list item identifier. Required if `list_id` and `value` are not specified.
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListId'
- name: list_id
in: query
required: false
description: Required if `id` is not specified
description: Value list item list's `id` identfier. Required if `id` is not specified.
schema:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListId'
- name: value
in: query
required: false
description: Required if `id` is not specified
description: The value used to evaluate exceptions. Required if `id` is not specified.
schema:
type: string
example: 127.0.0.2
responses:
200:
description: Successful response
@ -40,6 +41,20 @@ paths:
- type: array
items:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/ListItem'
examples:
ip:
value:
id: qN1XRJQBs4HAK3VQs3Gc
type: ip
list_id: ip_list
value: 127.0.0.2
'@timestamp': 2025-01-08T05:16:25.882Z
_version: WzExLDFd
tie_breaker_id: a9a34c02-a385-436e-86a0-02a3942f3537
created_at: 2025-01-08T05:16:25.882Z
created_by: elastic
updated_at: 2025-01-08T05:16:25.882Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -48,27 +63,54 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
message: 'Either \"list_id\" or \"id\" needs to be defined in the request'
status_code: 400
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [GET /api/lists/items?id=qN1XRJQBs4HAK3VQs3Gc] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]'
404:
description: List item not found response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: 'list item id: \"foo\" not found'
status_code: 404
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

2
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/read_list_privileges/read_list_privileges.gen.ts
View file

@ -10,7 +10,7 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Read list privileges API endpoint
* title: Read value list privileges API endpoint
* version: 2023-10-31
*/

89
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/read_list_privileges/read_list_privileges.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Read list privileges API endpoint
title: Read value list privileges API endpoint
version: '2023-10-31'
paths:
/api/lists/privileges:
@ -8,7 +8,7 @@ paths:
x-labels: [serverless, ess]
operationId: ReadListPrivileges
x-codegen-enabled: true
summary: Get list privileges
summary: Get value list privileges
responses:
200:
description: Successful response
@ -27,6 +27,74 @@ paths:
- lists
- listItems
- is_authenticated
examples:
privileges:
value:
listItems:
username: elastic
has_all_requested: true
cluster:
all: true
monitor_ml: true
manage_transform: true
manage_index_templates: true
monitor_transform: true
manage_ml: true
monitor: true
manage_pipeline: true
manage_api_key: true
manage_security: true
manage_own_api_key: true
manage: true
index:
.items-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
application: {}
lists:
username: elastic
has_all_requested: true
cluster:
all: true
monitor_ml: true
manage_transform: true
manage_index_templates: true
monitor_transform: true
manage_ml: true
monitor: true
manage_pipeline: true
manage_api_key: true
manage_security: true
manage_own_api_key: true
manage: true
index:
.lists-default:
all: true
create: true
create_doc: true
create_index: true
delete: true
delete_index: true
index: true
maintenance: true
manage: true
monitor: true
read: true
view_index_metadata: true
write: true
application: {}
is_authenticated: true
400:
description: Invalid input data response
content:
@ -41,18 +109,35 @@ paths:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [GET /api/lists/privileges] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]'
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500
components:
schemas:

15
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/update_list/update_list.gen.ts
View file

@ -10,13 +10,20 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Update list API endpoint
* title: Update value list API endpoint
* version: 2023-10-31
*/
import { z } from '@kbn/zod';
import { ListId, ListName, ListDescription, ListMetadata } from '../model/list_common.gen';
import {
ListId,
ListName,
ListDescription,
ListMetadata,
ListVersion,
ListVersionId,
} from '../model/list_common.gen';
import { List } from '../model/list_schemas.gen';
export type UpdateListRequestBody = z.infer<typeof UpdateListRequestBody>;
@ -25,8 +32,8 @@ export const UpdateListRequestBody = z.object({
name: ListName,
description: ListDescription,
meta: ListMetadata.optional(),
version: z.number().int().min(1).optional(),
_version: z.string().optional(),
version: ListVersion.optional(),
_version: ListVersionId.optional(),
});
export type UpdateListRequestBodyInput = z.input<typeof UpdateListRequestBody>;

61
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/update_list/update_list.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Update list API endpoint
title: Update value list API endpoint
version: '2023-10-31'
paths:
/api/lists:
@ -8,13 +8,13 @@ paths:
x-labels: [serverless, ess]
operationId: UpdateList
x-codegen-enabled: true
summary: Update a list
summary: Update a value list
description: |
Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted.
Update a value list using the list `id`. The original list is replaced, and all unspecified fields are deleted.
> info
> You cannot modify the `id` value.
requestBody:
description: List's properties
description: Value list's properties
required: true
content:
application/json:
@ -30,14 +30,17 @@ paths:
meta:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListMetadata'
version:
type: integer
minimum: 1
$ref: '../model/list_common.schema.yaml#/components/schemas/ListVersion'
_version:
type: string
$ref: '../model/list_common.schema.yaml#/components/schemas/ListVersionId'
required:
- id
- name
- description
example:
id: ip_list
name: Bad ips - updated
description: Latest list of bad ips
responses:
200:
description: Successful response
@ -45,6 +48,22 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/List'
examples:
ip:
value:
id: ip_list
type: ip
name: Bad ips - updated
description: Latest list of bad ips
immutable: false
'@timestamp': 2025-01-08T04:47:34.273Z
version: 3
_version: WzIsMV0=
tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899
created_at: 2025-01-08T04:47:34.273Z
created_by: elastic
updated_at: 2025-01-08T05:39:39.292Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -53,27 +72,55 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400
error: Bad Request
message: '[request body]: id: Expected string, received number'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [PUT /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
404:
description: List not found response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: 'list id: \"foo\" not found'
status_code: 404
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

11
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/update_list_item/update_list_item.gen.ts
View file

@ -10,13 +10,18 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Update list item API endpoint
* title: Update value list item API endpoint
* version: 2023-10-31
*/
import { z } from '@kbn/zod';
import { ListItemId, ListItemValue, ListItemMetadata } from '../model/list_common.gen';
import {
ListItemId,
ListItemValue,
ListItemMetadata,
ListVersionId,
} from '../model/list_common.gen';
import { ListItem } from '../model/list_schemas.gen';
export type UpdateListItemRequestBody = z.infer<typeof UpdateListItemRequestBody>;
@ -24,7 +29,7 @@ export const UpdateListItemRequestBody = z.object({
id: ListItemId,
value: ListItemValue,
meta: ListItemMetadata.optional(),
_version: z.string().optional(),
_version: ListVersionId.optional(),
});
export type UpdateListItemRequestBodyInput = z.input<typeof UpdateListItemRequestBody>;

55
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/api/update_list_item/update_list_item.schema.yaml
View file

@ -1,6 +1,6 @@
openapi: 3.0.0
info:
title: Update list item API endpoint
title: Update value list item API endpoint
version: '2023-10-31'
paths:
/api/lists/items:
@ -8,13 +8,13 @@ paths:
x-labels: [serverless, ess]
operationId: UpdateListItem
x-codegen-enabled: true
summary: Update a list item
summary: Update a value list item
description: |
Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.
Update a value list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.
> info
> You cannot modify the `id` value.
requestBody:
description: List item's properties
description: Value list item's properties
required: true
content:
application/json:
@ -28,10 +28,13 @@ paths:
meta:
$ref: '../model/list_common.schema.yaml#/components/schemas/ListItemMetadata'
_version:
type: string
$ref: '../model/list_common.schema.yaml#/components/schemas/ListVersionId'
required:
- id
- value
example:
id: ip_item
value: 255.255.255.255
responses:
200:
description: Successful response
@ -39,6 +42,20 @@ paths:
application/json:
schema:
$ref: '../model/list_schemas.schema.yaml#/components/schemas/ListItem'
examples:
ip:
value:
id: pd1WRJQBs4HAK3VQeHFI
type: ip
list_id: ip_list
value: 255.255.255.255
'@timestamp': 2025-01-08T05:15:05.159Z
_version: WzIwLDFd
tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3
created_at: 2025-01-08T05:15:05.159Z
created_by: elastic
updated_at: 2025-01-08T05:44:14.009Z
updated_by: elastic
400:
description: Invalid input data response
content:
@ -47,27 +64,55 @@ paths:
oneOf:
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
- $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
badRequest:
value:
statusCode: 400
error: Bad Request
message: '[request body]: id: Expected string, received number'
401:
description: Unsuccessful authentication response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
unauthorized:
value:
statusCode: 401
error: Unauthorized
message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]'
403:
description: Not enough privileges response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
examples:
forbidden:
value:
statusCode: 403
error: Forbidden
message: 'API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]'
404:
description: List item not found response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
notFound:
value:
message: 'list item id: \"foo\" not found'
status_code: 404
500:
description: Internal server error response
content:
application/json:
schema:
$ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
examples:
serverError:
value:
message: Internal Server Error
status_code: 500

1408
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml
View file

File diff suppressed because it is too large Load diff

1408
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml
View file

File diff suppressed because it is too large Load diff

1
x-pack/solutions/security/packages/kbn-securitysolution-lists-common/tsconfig.json
View file

@ -8,7 +8,6 @@
"include": ["**/*.ts"],
"kbn_references": [
"@kbn/zod-helpers",
"@kbn/openapi-common",
"@kbn/test",
"@kbn/tooling-log",
"@kbn/core-http-common",

30
x-pack/test/api_integration/services/security_solution_lists_api.gen.ts
View file

@ -41,7 +41,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext)
return {
/**
* Create a new list.
* Create a new value list.
*/
createList(props: CreateListProps, kibanaSpace: string = 'default') {
return supertest
@ -62,9 +62,9 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext)
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Create a list item and associate it with the specified list.
* Create a value list item and associate it with the specified value list.
All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.
All value list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.
> info
> Before creating a list item, you must create a list.
@ -78,7 +78,7 @@ All list items in the same list must be the same type. For example, each list it
.send(props.body as object);
},
/**
* Delete a list using the list ID.
* Delete a value list using the list ID.
> info
> When you delete a list, all of its list items are also deleted.
@ -102,7 +102,7 @@ All list items in the same list must be the same type. For example, each list it
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Delete a list item using its `id`, or its `list_id` and `value` fields.
* Delete a value list item using its `id`, or its `list_id` and `value` fields.
*/
deleteListItem(props: DeleteListItemProps, kibanaSpace: string = 'default') {
return supertest
@ -113,7 +113,7 @@ All list items in the same list must be the same type. For example, each list it
.query(props.query);
},
/**
* Export list item values from the specified list.
* Export list item values from the specified value list.
*/
exportListItems(props: ExportListItemsProps, kibanaSpace: string = 'default') {
return supertest
@ -124,7 +124,7 @@ All list items in the same list must be the same type. For example, each list it
.query(props.query);
},
/**
* Get all list items in the specified list.
* Get all value list items in the specified list.
*/
findListItems(props: FindListItemsProps, kibanaSpace: string = 'default') {
return supertest
@ -135,7 +135,7 @@ All list items in the same list must be the same type. For example, each list it
.query(props.query);
},
/**
* Get a paginated subset of lists. By default, the first page is returned, with 20 results per page.
* Get a paginated subset of value lists. By default, the first page is returned, with 20 results per page.
*/
findLists(props: FindListsProps, kibanaSpace: string = 'default') {
return supertest
@ -146,7 +146,7 @@ All list items in the same list must be the same type. For example, each list it
.query(props.query);
},
/**
* Import list items from a TXT or CSV file. The maximum file size is 9 million bytes.
* Import value list items from a TXT or CSV file. The maximum file size is 9 million bytes.
You can import items to a new or existing list.
@ -160,7 +160,7 @@ You can import items to a new or existing list.
.query(props.query);
},
/**
* Update specific fields of an existing list using the list ID.
* Update specific fields of an existing list using the list `id`.
*/
patchList(props: PatchListProps, kibanaSpace: string = 'default') {
return supertest
@ -171,7 +171,7 @@ You can import items to a new or existing list.
.send(props.body as object);
},
/**
* Update specific fields of an existing list item using the list item ID.
* Update specific fields of an existing value list item using the item `id`.
*/
patchListItem(props: PatchListItemProps, kibanaSpace: string = 'default') {
return supertest
@ -182,7 +182,7 @@ You can import items to a new or existing list.
.send(props.body as object);
},
/**
* Get the details of a list using the list ID.
* Get the details of a value list using the list ID.
*/
readList(props: ReadListProps, kibanaSpace: string = 'default') {
return supertest
@ -203,7 +203,7 @@ You can import items to a new or existing list.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Get the details of a list item.
* Get the details of a value list item.
*/
readListItem(props: ReadListItemProps, kibanaSpace: string = 'default') {
return supertest
@ -221,7 +221,7 @@ You can import items to a new or existing list.
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
/**
* Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted.
* Update a value list using the list `id`. The original list is replaced, and all unspecified fields are deleted.
> info
> You cannot modify the `id` value.
@ -235,7 +235,7 @@ You can import items to a new or existing list.
.send(props.body as object);
},
/**
* Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.
* Update a value list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.
> info
> You cannot modify the `id` value.