From 579c7803a12756dc7c80fe3c85f83f82c17135f2 Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Tue, 10 Jun 2025 12:57:10 +0200 Subject: [PATCH 01/12] stage --- docs/_docset.yml | 2 +- docs/elasticsearch-openapi.json | 3571 +++++++++++++---- docs/kibana-openapi.json | 1 + src/Elastic.ApiExplorer/OpenApiGenerator.cs | 133 +- src/Elastic.ApiExplorer/OpenApiReader.cs | 1 + .../Elastic.ApiExplorer.Tests/ReaderTests.cs | 16 + 6 files changed, 2901 insertions(+), 823 deletions(-) create mode 100644 docs/kibana-openapi.json diff --git a/docs/_docset.yml b/docs/_docset.yml index cc528910e..5ead4f70a 100644 --- a/docs/_docset.yml +++ b/docs/_docset.yml @@ -17,7 +17,7 @@ subs: features: primary-nav: false -api: elasticsearch-openapi.json +api: kibana-openapi.json toc: - file: index.md diff --git a/docs/elasticsearch-openapi.json b/docs/elasticsearch-openapi.json index 0410cd1fe..125fb12e5 100644 --- a/docs/elasticsearch-openapi.json +++ b/docs/elasticsearch-openapi.json @@ -78,7 +78,9 @@ } } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "get", + "x-namespace": "async_search" }, "delete": { "tags": [ @@ -112,7 +114,9 @@ } } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "delete", + "x-namespace": "async_search" } }, "/_async_search/status/{id}": { @@ -175,7 +179,9 @@ } } }, - "x-state": "Added in 7.11.0" + "x-state": "Added in 7.11.0", + "x-api-name" : "status", + "x-namespace": "async_search" } }, "/_async_search": { @@ -325,7 +331,9 @@ "$ref": "#/components/responses/async_search.submit-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "submit", + "x-namespace": "async_search" } }, "/{index}/_async_search": { @@ -478,7 +486,9 @@ "$ref": "#/components/responses/async_search.submit-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "submit", + "x-namespace": "async_search" } }, "/_autoscaling/policy/{name}": { @@ -534,7 +544,9 @@ } } }, - "x-state": "Added in 7.11.0" + "x-state": "Added in 7.11.0", + "x-api-name" : "get_autoscaling_policy", + "x-namespace": "autoscaling" }, "put": { "tags": [ @@ -618,7 +630,9 @@ } } }, - "x-state": "Added in 7.11.0" + "x-state": "Added in 7.11.0", + "x-api-name" : "put_autoscaling_policy", + "x-namespace": "autoscaling" }, "delete": { "tags": [ @@ -682,7 +696,9 @@ } } }, - "x-state": "Added in 7.11.0" + "x-state": "Added in 7.11.0", + "x-api-name" : "delete_autoscaling_policy", + "x-namespace": "autoscaling" } }, "/_autoscaling/capacity": { @@ -738,7 +754,9 @@ } } }, - "x-state": "Added in 7.11.0" + "x-state": "Added in 7.11.0", + "x-api-name" : "get_autoscaling_capacity", + "x-namespace": "autoscaling" } }, "/_bulk": { @@ -794,7 +812,8 @@ "200": { "$ref": "#/components/responses/bulk-200" } - } + }, + "x-api-name": "bulk" }, "post": { "tags": [ @@ -848,7 +867,8 @@ "200": { "$ref": "#/components/responses/bulk-200" } - } + }, + "x-api-name": "bulk" } }, "/{index}/_bulk": { @@ -907,7 +927,8 @@ "200": { "$ref": "#/components/responses/bulk-200" } - } + }, + "x-api-name": "bulk" }, "post": { "tags": [ @@ -964,7 +985,8 @@ "200": { "$ref": "#/components/responses/bulk-200" } - } + }, + "x-api-name": "bulk" } }, "/_cat/aliases": { @@ -993,7 +1015,9 @@ "200": { "$ref": "#/components/responses/cat.aliases-200" } - } + }, + "x-api-name" : "aliases", + "x-namespace": "cat" } }, "/_cat/aliases/{name}": { @@ -1025,7 +1049,9 @@ "200": { "$ref": "#/components/responses/cat.aliases-200" } - } + }, + "x-api-name" : "aliases", + "x-namespace": "cat" } }, "/_cat/allocation": { @@ -1057,7 +1083,9 @@ "200": { "$ref": "#/components/responses/cat.allocation-200" } - } + }, + "x-api-name" : "allocation", + "x-namespace": "cat" } }, "/_cat/allocation/{node_id}": { @@ -1092,7 +1120,9 @@ "200": { "$ref": "#/components/responses/cat.allocation-200" } - } + }, + "x-api-name" : "allocation", + "x-namespace": "cat" } }, "/_cat/component_templates": { @@ -1122,7 +1152,9 @@ "$ref": "#/components/responses/cat.component_templates-200" } }, - "x-state": "Added in 5.1.0" + "x-state": "Added in 5.1.0", + "x-api-name" : "component_templates", + "x-namespace": "cat" } }, "/_cat/component_templates/{name}": { @@ -1155,7 +1187,9 @@ "$ref": "#/components/responses/cat.component_templates-200" } }, - "x-state": "Added in 5.1.0" + "x-state": "Added in 5.1.0", + "x-api-name" : "component_templates", + "x-namespace": "cat" } }, "/_cat/count": { @@ -1178,7 +1212,9 @@ "200": { "$ref": "#/components/responses/cat.count-200" } - } + }, + "x-api-name" : "count", + "x-namespace": "cat" } }, "/_cat/count/{index}": { @@ -1204,7 +1240,9 @@ "200": { "$ref": "#/components/responses/cat.count-200" } - } + }, + "x-api-name" : "count", + "x-namespace": "cat" } }, "/_cat/fielddata": { @@ -1233,7 +1271,9 @@ "200": { "$ref": "#/components/responses/cat.fielddata-200" } - } + }, + "x-api-name" : "fielddata", + "x-namespace": "cat" } }, "/_cat/fielddata/{fields}": { @@ -1265,7 +1305,9 @@ "200": { "$ref": "#/components/responses/cat.fielddata-200" } - } + }, + "x-api-name" : "fielddata", + "x-namespace": "cat" } }, "/_cat/health": { @@ -1338,7 +1380,9 @@ } } } - } + }, + "x-api-name" : "health", + "x-namespace": "cat" } }, "/_cat": { @@ -1360,7 +1404,9 @@ } } } - } + }, + "x-api-name" : "help", + "x-namespace": "cat" } }, "/_cat/indices": { @@ -1404,7 +1450,9 @@ "200": { "$ref": "#/components/responses/cat.indices-200" } - } + }, + "x-api-name" : "indices", + "x-namespace": "cat" } }, "/_cat/indices/{index}": { @@ -1451,7 +1499,9 @@ "200": { "$ref": "#/components/responses/cat.indices-200" } - } + }, + "x-api-name" : "indices", + "x-namespace": "cat" } }, "/_cat/master": { @@ -1524,7 +1574,9 @@ } } } - } + }, + "x-api-name" : "master", + "x-namespace": "cat" } }, "/_cat/ml/data_frame/analytics": { @@ -1557,7 +1609,9 @@ "$ref": "#/components/responses/cat.ml_data_frame_analytics-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "ml_data_frame_analytics", + "x-namespace": "cat" } }, "/_cat/ml/data_frame/analytics/{id}": { @@ -1593,7 +1647,9 @@ "$ref": "#/components/responses/cat.ml_data_frame_analytics-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "ml_data_frame_analytics", + "x-namespace": "cat" } }, "/_cat/ml/datafeeds": { @@ -1623,7 +1679,9 @@ "$ref": "#/components/responses/cat.ml_datafeeds-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "ml_datafeeds", + "x-namespace": "cat" } }, "/_cat/ml/datafeeds/{datafeed_id}": { @@ -1656,7 +1714,9 @@ "$ref": "#/components/responses/cat.ml_datafeeds-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "ml_datafeeds", + "x-namespace": "cat" } }, "/_cat/ml/anomaly_detectors": { @@ -1689,7 +1749,9 @@ "$ref": "#/components/responses/cat.ml_jobs-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "ml_jobs", + "x-namespace": "cat" } }, "/_cat/ml/anomaly_detectors/{job_id}": { @@ -1725,7 +1787,9 @@ "$ref": "#/components/responses/cat.ml_jobs-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "ml_jobs", + "x-namespace": "cat" } }, "/_cat/ml/trained_models": { @@ -1764,7 +1828,9 @@ "$ref": "#/components/responses/cat.ml_trained_models-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "ml_trained_models", + "x-namespace": "cat" } }, "/_cat/ml/trained_models/{model_id}": { @@ -1806,7 +1872,9 @@ "$ref": "#/components/responses/cat.ml_trained_models-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "ml_trained_models", + "x-namespace": "cat" } }, "/_cat/nodeattrs": { @@ -1885,7 +1953,9 @@ } } } - } + }, + "x-api-name" : "nodeattrs", + "x-namespace": "cat" } }, "/_cat/nodes": { @@ -2001,7 +2071,9 @@ } } } - } + }, + "x-api-name" : "nodes", + "x-namespace": "cat" } }, "/_cat/pending_tasks": { @@ -2084,7 +2156,9 @@ } } } - } + }, + "x-api-name" : "pending_tasks", + "x-namespace": "cat" } }, "/_cat/plugins": { @@ -2167,7 +2241,9 @@ } } } - } + }, + "x-api-name" : "plugins", + "x-namespace": "cat" } }, "/_cat/recovery": { @@ -2205,7 +2281,9 @@ "200": { "$ref": "#/components/responses/cat.recovery-200" } - } + }, + "x-api-name" : "recovery", + "x-namespace": "cat" } }, "/_cat/recovery/{index}": { @@ -2246,7 +2324,9 @@ "200": { "$ref": "#/components/responses/cat.recovery-200" } - } + }, + "x-api-name" : "recovery", + "x-namespace": "cat" } }, "/_cat/repositories": { @@ -2320,7 +2400,9 @@ } } }, - "x-state": "Added in 2.1.0" + "x-state": "Added in 2.1.0", + "x-api-name" : "repositories", + "x-namespace": "cat" } }, "/_cat/segments": { @@ -2352,7 +2434,9 @@ "200": { "$ref": "#/components/responses/cat.segments-200" } - } + }, + "x-api-name" : "segments", + "x-namespace": "cat" } }, "/_cat/segments/{index}": { @@ -2387,7 +2471,9 @@ "200": { "$ref": "#/components/responses/cat.segments-200" } - } + }, + "x-api-name" : "segments", + "x-namespace": "cat" } }, "/_cat/shards": { @@ -2419,7 +2505,9 @@ "200": { "$ref": "#/components/responses/cat.shards-200" } - } + }, + "x-api-name" : "shards", + "x-namespace": "cat" } }, "/_cat/shards/{index}": { @@ -2454,7 +2542,9 @@ "200": { "$ref": "#/components/responses/cat.shards-200" } - } + }, + "x-api-name" : "shards", + "x-namespace": "cat" } }, "/_cat/snapshots": { @@ -2487,7 +2577,9 @@ "$ref": "#/components/responses/cat.snapshots-200" } }, - "x-state": "Added in 2.1.0" + "x-state": "Added in 2.1.0", + "x-api-name" : "snapshots", + "x-namespace": "cat" } }, "/_cat/snapshots/{repository}": { @@ -2523,7 +2615,9 @@ "$ref": "#/components/responses/cat.snapshots-200" } }, - "x-state": "Added in 2.1.0" + "x-state": "Added in 2.1.0", + "x-api-name" : "snapshots", + "x-namespace": "cat" } }, "/_cat/tasks": { @@ -2653,7 +2747,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "tasks", + "x-namespace": "cat" } }, "/_cat/templates": { @@ -2683,7 +2779,9 @@ "$ref": "#/components/responses/cat.templates-200" } }, - "x-state": "Added in 5.2.0" + "x-state": "Added in 5.2.0", + "x-api-name" : "templates", + "x-namespace": "cat" } }, "/_cat/templates/{name}": { @@ -2716,7 +2814,9 @@ "$ref": "#/components/responses/cat.templates-200" } }, - "x-state": "Added in 5.2.0" + "x-state": "Added in 5.2.0", + "x-api-name" : "templates", + "x-namespace": "cat" } }, "/_cat/thread_pool": { @@ -2748,7 +2848,9 @@ "200": { "$ref": "#/components/responses/cat.thread_pool-200" } - } + }, + "x-api-name" : "thread_pool", + "x-namespace": "cat" } }, "/_cat/thread_pool/{thread_pool_patterns}": { @@ -2783,7 +2885,9 @@ "200": { "$ref": "#/components/responses/cat.thread_pool-200" } - } + }, + "x-api-name" : "thread_pool", + "x-namespace": "cat" } }, "/_cat/transforms": { @@ -2819,7 +2923,9 @@ "$ref": "#/components/responses/cat.transforms-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "transforms", + "x-namespace": "cat" } }, "/_cat/transforms/{transform_id}": { @@ -2858,7 +2964,9 @@ "$ref": "#/components/responses/cat.transforms-200" } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "transforms", + "x-namespace": "cat" } }, "/_ccr/auto_follow/{name}": { @@ -2885,7 +2993,9 @@ "$ref": "#/components/responses/ccr.get_auto_follow_pattern-200" } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "get_auto_follow_pattern", + "x-namespace": "ccr" }, "put": { "tags": [ @@ -3014,7 +3124,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "put_auto_follow_pattern", + "x-namespace": "ccr" }, "delete": { "tags": [ @@ -3067,7 +3179,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "delete_auto_follow_pattern", + "x-namespace": "ccr" } }, "/{index}/_ccr/follow": { @@ -3216,7 +3330,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "follow", + "x-namespace": "ccr" } }, "/{index}/_ccr/info": { @@ -3288,7 +3404,9 @@ } } }, - "x-state": "Added in 6.7.0" + "x-state": "Added in 6.7.0", + "x-api-name" : "follow_info", + "x-namespace": "ccr" } }, "/{index}/_ccr/stats": { @@ -3355,7 +3473,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "follow_stats", + "x-namespace": "ccr" } }, "/{index}/_ccr/forget_follower": { @@ -3448,7 +3568,9 @@ } } }, - "x-state": "Added in 6.7.0" + "x-state": "Added in 6.7.0", + "x-api-name" : "forget_follower", + "x-namespace": "ccr" } }, "/_ccr/auto_follow": { @@ -3472,7 +3594,9 @@ "$ref": "#/components/responses/ccr.get_auto_follow_pattern-200" } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "get_auto_follow_pattern", + "x-namespace": "ccr" } }, "/_ccr/auto_follow/{name}/pause": { @@ -3527,7 +3651,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "pause_auto_follow_pattern", + "x-namespace": "ccr" } }, "/{index}/_ccr/pause_follow": { @@ -3579,7 +3705,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "pause_follow", + "x-namespace": "ccr" } }, "/_ccr/auto_follow/{name}/resume": { @@ -3634,7 +3762,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "resume_auto_follow_pattern", + "x-namespace": "ccr" } }, "/{index}/_ccr/resume_follow": { @@ -3736,7 +3866,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "resume_follow", + "x-namespace": "ccr" } }, "/_ccr/stats": { @@ -3799,7 +3931,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "stats", + "x-namespace": "ccr" } }, "/{index}/_ccr/unfollow": { @@ -3854,7 +3988,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "unfollow", + "x-namespace": "ccr" } }, "/_search/scroll": { @@ -3886,7 +4022,8 @@ "200": { "$ref": "#/components/responses/scroll-200" } - } + }, + "x-api-name": "scroll" }, "post": { "tags": [ @@ -3916,7 +4053,8 @@ "200": { "$ref": "#/components/responses/scroll-200" } - } + }, + "x-api-name": "scroll" }, "delete": { "tags": [ @@ -3935,7 +4073,8 @@ "200": { "$ref": "#/components/responses/clear_scroll-200" } - } + }, + "x-api-name": "clear_scroll" } }, "/_search/scroll/{scroll_id}": { @@ -3970,7 +4109,8 @@ "200": { "$ref": "#/components/responses/scroll-200" } - } + }, + "x-api-name": "scroll" }, "post": { "tags": [ @@ -4003,7 +4143,8 @@ "200": { "$ref": "#/components/responses/scroll-200" } - } + }, + "x-api-name": "scroll" }, "delete": { "tags": [ @@ -4027,7 +4168,8 @@ "200": { "$ref": "#/components/responses/clear_scroll-200" } - } + }, + "x-api-name": "clear_scroll" } }, "/_pit": { @@ -4093,7 +4235,8 @@ } } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name": "close_point_in_time" } }, "/_cluster/allocation/explain": { @@ -4123,7 +4266,9 @@ "$ref": "#/components/responses/cluster.allocation_explain-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "allocation_explain", + "x-namespace": "cluster" }, "post": { "tags": [ @@ -4151,7 +4296,9 @@ "$ref": "#/components/responses/cluster.allocation_explain-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "allocation_explain", + "x-namespace": "cluster" } }, "/_component_template/{name}": { @@ -4184,7 +4331,9 @@ "$ref": "#/components/responses/cluster.get_component_template-200" } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "get_component_template", + "x-namespace": "cluster" }, "put": { "tags": [ @@ -4212,7 +4361,9 @@ "$ref": "#/components/responses/cluster.put_component_template-200" } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "put_component_template", + "x-namespace": "cluster" }, "post": { "tags": [ @@ -4240,7 +4391,9 @@ "$ref": "#/components/responses/cluster.put_component_template-200" } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "put_component_template", + "x-namespace": "cluster" }, "delete": { "tags": [ @@ -4294,7 +4447,9 @@ } } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "delete_component_template", + "x-namespace": "cluster" }, "head": { "tags": [ @@ -4344,7 +4499,9 @@ } } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "exists_component_template", + "x-namespace": "cluster" } }, "/_cluster/voting_config_exclusions": { @@ -4408,7 +4565,9 @@ } } }, - "x-state": "Added in 7.0.0" + "x-state": "Added in 7.0.0", + "x-api-name" : "post_voting_config_exclusions", + "x-namespace": "cluster" }, "delete": { "tags": [ @@ -4450,7 +4609,9 @@ } } }, - "x-state": "Added in 7.0.0" + "x-state": "Added in 7.0.0", + "x-api-name" : "delete_voting_config_exclusions", + "x-namespace": "cluster" } }, "/_component_template": { @@ -4480,7 +4641,9 @@ "$ref": "#/components/responses/cluster.get_component_template-200" } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "get_component_template", + "x-namespace": "cluster" } }, "/_cluster/settings": { @@ -4568,7 +4731,9 @@ } } } - } + }, + "x-api-name" : "get_settings", + "x-namespace": "cluster" }, "put": { "tags": [ @@ -4678,7 +4843,9 @@ } } } - } + }, + "x-api-name" : "put_settings", + "x-namespace": "cluster" } }, "/_cluster/health": { @@ -4729,7 +4896,9 @@ "$ref": "#/components/responses/cluster.health-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "health", + "x-namespace": "cluster" } }, "/_cluster/health/{index}": { @@ -4783,7 +4952,9 @@ "$ref": "#/components/responses/cluster.health-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "health", + "x-namespace": "cluster" } }, "/_info/{target}": { @@ -4842,7 +5013,9 @@ } } }, - "x-state": "Added in 8.9.0" + "x-state": "Added in 8.9.0", + "x-api-name" : "info", + "x-namespace": "cluster" } }, "/_cluster/pending_tasks": { @@ -4897,7 +5070,9 @@ } } } - } + }, + "x-api-name" : "pending_tasks", + "x-namespace": "cluster" } }, "/_remote/info": { @@ -4926,7 +5101,9 @@ } } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "remote_info", + "x-namespace": "cluster" } }, "/_cluster/reroute": { @@ -5053,7 +5230,9 @@ } } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "reroute", + "x-namespace": "cluster" } }, "/_cluster/state": { @@ -5095,7 +5274,9 @@ "$ref": "#/components/responses/cluster.state-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "state", + "x-namespace": "cluster" } }, "/_cluster/state/{metric}": { @@ -5140,7 +5321,9 @@ "$ref": "#/components/responses/cluster.state-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "state", + "x-namespace": "cluster" } }, "/_cluster/state/{metric}/{index}": { @@ -5188,7 +5371,9 @@ "$ref": "#/components/responses/cluster.state-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "state", + "x-namespace": "cluster" } }, "/_cluster/stats": { @@ -5212,7 +5397,9 @@ "$ref": "#/components/responses/cluster.stats-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "stats", + "x-namespace": "cluster" } }, "/_cluster/stats/nodes/{node_id}": { @@ -5239,7 +5426,9 @@ "$ref": "#/components/responses/cluster.stats-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "stats", + "x-namespace": "cluster" } }, "/_connector/{connector_id}/_check_in": { @@ -5288,7 +5477,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "check_in", + "x-namespace": "connector" } }, "/_connector/{connector_id}": { @@ -5334,7 +5525,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "get", + "x-namespace": "connector" }, "put": { "tags": [ @@ -5355,7 +5548,9 @@ "$ref": "#/components/responses/connector.put-200" } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "put", + "x-namespace": "connector" }, "delete": { "tags": [ @@ -5414,7 +5609,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "delete", + "x-namespace": "connector" } }, "/_connector": { @@ -5524,7 +5721,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "list", + "x-namespace": "connector" }, "put": { "tags": [ @@ -5540,7 +5739,9 @@ "$ref": "#/components/responses/connector.put-200" } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "put", + "x-namespace": "connector" }, "post": { "tags": [ @@ -5602,7 +5803,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "post", + "x-namespace": "connector" } }, "/_connector/_sync_job/{connector_sync_job_id}/_cancel": { @@ -5646,7 +5849,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "sync_job_cancel", + "x-namespace": "connector" } }, "/_connector/_sync_job/{connector_sync_job_id}/_check_in": { @@ -5682,7 +5887,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "sync_job_check_in", + "x-namespace": "connector" } }, "/_connector/_sync_job/{connector_sync_job_id}/_claim": { @@ -5741,7 +5948,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "sync_job_claim", + "x-namespace": "connector" } }, "/_connector/_sync_job/{connector_sync_job_id}": { @@ -5776,7 +5985,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "sync_job_get", + "x-namespace": "connector" }, "delete": { "tags": [ @@ -5815,7 +6026,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "sync_job_delete", + "x-namespace": "connector" } }, "/_connector/_sync_job/{connector_sync_job_id}/_error": { @@ -5875,7 +6088,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "sync_job_error", + "x-namespace": "connector" } }, "/_connector/_sync_job": { @@ -5975,7 +6190,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "sync_job_list", + "x-namespace": "connector" }, "post": { "tags": [ @@ -6033,7 +6250,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "sync_job_post", + "x-namespace": "connector" } }, "/_connector/_sync_job/{connector_sync_job_id}/_stats": { @@ -6108,7 +6327,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "sync_job_update_stats", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_filtering/_activate": { @@ -6152,7 +6373,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "update_active_filtering", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_api_key_id": { @@ -6224,7 +6447,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_api_key_id", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_configuration": { @@ -6302,7 +6527,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_configuration", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_error": { @@ -6381,7 +6608,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "update_error", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_features": { @@ -6456,7 +6685,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "update_features", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_filtering": { @@ -6540,7 +6771,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_filtering", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_filtering/_validation": { @@ -6602,7 +6835,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "update_filtering_validation", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_index_name": { @@ -6681,7 +6916,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_index_name", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_name": { @@ -6752,7 +6989,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_name", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_native": { @@ -6813,7 +7052,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_native", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_pipeline": { @@ -6885,7 +7126,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_pipeline", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_scheduling": { @@ -6959,7 +7202,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_scheduling", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_service_type": { @@ -7030,7 +7275,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "update_service_type", + "x-namespace": "connector" } }, "/_connector/{connector_id}/_status": { @@ -7101,7 +7348,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "update_status", + "x-namespace": "connector" } }, "/_count": { @@ -7163,7 +7412,8 @@ "200": { "$ref": "#/components/responses/count-200" } - } + }, + "x-api-name": "count" }, "post": { "tags": [ @@ -7223,7 +7473,8 @@ "200": { "$ref": "#/components/responses/count-200" } - } + }, + "x-api-name": "count" } }, "/{index}/_count": { @@ -7288,7 +7539,8 @@ "200": { "$ref": "#/components/responses/count-200" } - } + }, + "x-api-name": "count" }, "post": { "tags": [ @@ -7351,7 +7603,8 @@ "200": { "$ref": "#/components/responses/count-200" } - } + }, + "x-api-name": "count" } }, "/{index}/_create/{id}": { @@ -7420,7 +7673,8 @@ "$ref": "#/components/responses/create-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name": "create" }, "post": { "tags": [ @@ -7487,7 +7741,8 @@ "$ref": "#/components/responses/create-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name": "create" } }, "/_dangling/{index_uuid}": { @@ -7560,7 +7815,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "import_dangling_index", + "x-namespace": "dangling_indices" }, "delete": { "tags": [ @@ -7625,7 +7882,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "delete_dangling_index", + "x-namespace": "dangling_indices" } }, "/_dangling": { @@ -7664,7 +7923,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "list_dangling_indices", + "x-namespace": "dangling_indices" } }, "/{index}/_doc/{id}": { @@ -7827,7 +8088,8 @@ } } } - } + }, + "x-api-name": "get" }, "put": { "tags": [ @@ -7890,7 +8152,8 @@ "200": { "$ref": "#/components/responses/index-200" } - } + }, + "x-api-name": "index" }, "post": { "tags": [ @@ -7953,7 +8216,8 @@ "200": { "$ref": "#/components/responses/index-200" } - } + }, + "x-api-name": "index" }, "delete": { "tags": [ @@ -8083,7 +8347,8 @@ } } } - } + }, + "x-api-name": "delete" }, "head": { "tags": [ @@ -8223,7 +8488,8 @@ "application/json": {} } } - } + }, + "x-api-name": "exists" } }, "/{index}/_delete_by_query": { @@ -8666,7 +8932,8 @@ } } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name": "delete_by_query" } }, "/_delete_by_query/{task_id}/_rethrottle": { @@ -8712,7 +8979,8 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name": "delete_by_query_rethrottle" } }, "/_scripts/{id}": { @@ -8772,7 +9040,8 @@ } } } - } + }, + "x-api-name": "get_script" }, "put": { "tags": [ @@ -8805,7 +9074,8 @@ "200": { "$ref": "#/components/responses/put_script-200" } - } + }, + "x-api-name": "put_script" }, "post": { "tags": [ @@ -8838,7 +9108,8 @@ "200": { "$ref": "#/components/responses/put_script-200" } - } + }, + "x-api-name": "put_script" }, "delete": { "tags": [ @@ -8891,7 +9162,8 @@ } } } - } + }, + "x-api-name": "delete_script" } }, "/_enrich/policy/{name}": { @@ -8915,7 +9187,9 @@ "$ref": "#/components/responses/enrich.get_policy-200" } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "get_policy", + "x-namespace": "enrich" }, "put": { "tags": [ @@ -8980,7 +9254,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "put_policy", + "x-namespace": "enrich" }, "delete": { "tags": [ @@ -9024,7 +9300,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "delete_policy", + "x-namespace": "enrich" } }, "/_enrich/policy/{name}/_execute": { @@ -9088,7 +9366,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "execute_policy", + "x-namespace": "enrich" } }, "/_enrich/policy": { @@ -9109,7 +9389,9 @@ "$ref": "#/components/responses/enrich.get_policy-200" } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "get_policy", + "x-namespace": "enrich" } }, "/_enrich/_stats": { @@ -9171,7 +9453,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "stats", + "x-namespace": "enrich" } }, "/_eql/search/{id}": { @@ -9227,7 +9511,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "get", + "x-namespace": "eql" }, "delete": { "tags": [ @@ -9261,7 +9547,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "delete", + "x-namespace": "eql" } }, "/_eql/search/status/{id}": { @@ -9331,7 +9619,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "get_status", + "x-namespace": "eql" } }, "/{index}/_eql/search": { @@ -9382,7 +9672,9 @@ "$ref": "#/components/responses/eql.search-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "search", + "x-namespace": "eql" }, "post": { "tags": [ @@ -9431,7 +9723,9 @@ "$ref": "#/components/responses/eql.search-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "search", + "x-namespace": "eql" } }, "/_query/async": { @@ -9591,7 +9885,9 @@ } } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "async_query", + "x-namespace": "esql" } }, "/_query/async/{id}": { @@ -9660,7 +9956,9 @@ } } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "async_query_get", + "x-namespace": "esql" }, "delete": { "tags": [ @@ -9697,7 +9995,9 @@ } } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "async_query_delete", + "x-namespace": "esql" } }, "/_query/async/{id}/stop": { @@ -9746,7 +10046,9 @@ } } }, - "x-state": "Added in 8.18.0" + "x-state": "Added in 8.18.0", + "x-api-name" : "async_query_stop", + "x-namespace": "esql" } }, "/_query/queries/{id}": { @@ -9817,7 +10119,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_query", + "x-namespace": "esql" } }, "/_query/queries": { @@ -9851,7 +10155,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "list_queries", + "x-namespace": "esql" } }, "/_query": { @@ -9978,7 +10284,9 @@ } } } - } + }, + "x-api-name" : "query", + "x-namespace": "esql" } }, "/{index}/_source/{id}": { @@ -10127,7 +10435,8 @@ } } } - } + }, + "x-api-name": "get_source" }, "head": { "tags": [ @@ -10261,7 +10570,8 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name": "exists_source" } }, "/{index}/_explain/{id}": { @@ -10323,7 +10633,8 @@ "200": { "$ref": "#/components/responses/explain-200" } - } + }, + "x-api-name": "explain" }, "post": { "tags": [ @@ -10383,7 +10694,8 @@ "200": { "$ref": "#/components/responses/explain-200" } - } + }, + "x-api-name": "explain" } }, "/_features": { @@ -10438,7 +10750,9 @@ } } }, - "x-state": "Added in 7.12.0" + "x-state": "Added in 7.12.0", + "x-api-name" : "get_features", + "x-namespace": "features" } }, "/_features/_reset": { @@ -10490,7 +10804,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "reset_features", + "x-namespace": "features" } }, "/_field_caps": { @@ -10535,7 +10851,8 @@ "$ref": "#/components/responses/field_caps-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name": "field_caps" }, "post": { "tags": [ @@ -10578,7 +10895,8 @@ "$ref": "#/components/responses/field_caps-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name": "field_caps" } }, "/{index}/_field_caps": { @@ -10626,7 +10944,8 @@ "$ref": "#/components/responses/field_caps-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name": "field_caps" }, "post": { "tags": [ @@ -10672,7 +10991,8 @@ "$ref": "#/components/responses/field_caps-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name": "field_caps" } }, "/{index}/_fleet/global_checkpoints": { @@ -10773,7 +11093,9 @@ } } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "global_checkpoints", + "x-namespace": "fleet" } }, "/_fleet/_fleet_msearch": { @@ -10833,7 +11155,9 @@ "$ref": "#/components/responses/fleet.msearch-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "msearch", + "x-namespace": "fleet" }, "post": { "tags": [ @@ -10891,7 +11215,9 @@ "$ref": "#/components/responses/fleet.msearch-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "msearch", + "x-namespace": "fleet" } }, "/{index}/_fleet/_fleet_msearch": { @@ -10954,7 +11280,9 @@ "$ref": "#/components/responses/fleet.msearch-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "msearch", + "x-namespace": "fleet" }, "post": { "tags": [ @@ -11015,7 +11343,9 @@ "$ref": "#/components/responses/fleet.msearch-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "msearch", + "x-namespace": "fleet" } }, "/{index}/_fleet/_fleet_search": { @@ -11168,7 +11498,9 @@ "$ref": "#/components/responses/fleet.search-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "search", + "x-namespace": "fleet" }, "post": { "tags": [ @@ -11319,7 +11651,9 @@ "$ref": "#/components/responses/fleet.search-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "search", + "x-namespace": "fleet" } }, "/_script_context": { @@ -11352,7 +11686,8 @@ } } } - } + }, + "x-api-name": "get_script_context" } }, "/_script_language": { @@ -11392,7 +11727,8 @@ } } } - } + }, + "x-api-name": "get_script_languages" } }, "/{index}/_graph/explore": { @@ -11424,7 +11760,9 @@ "200": { "$ref": "#/components/responses/graph.explore-200" } - } + }, + "x-api-name" : "explore", + "x-namespace": "graph" }, "post": { "tags": [ @@ -11454,7 +11792,9 @@ "200": { "$ref": "#/components/responses/graph.explore-200" } - } + }, + "x-api-name" : "explore", + "x-namespace": "graph" } }, "/_health_report": { @@ -11481,7 +11821,8 @@ "$ref": "#/components/responses/health_report-200" } }, - "x-state": "Added in 8.7.0" + "x-state": "Added in 8.7.0", + "x-api-name": "health_report" } }, "/_health_report/{feature}": { @@ -11511,7 +11852,8 @@ "$ref": "#/components/responses/health_report-200" } }, - "x-state": "Added in 8.7.0" + "x-state": "Added in 8.7.0", + "x-api-name": "health_report" } }, "/_ilm/policy/{policy}": { @@ -11537,7 +11879,9 @@ "$ref": "#/components/responses/ilm.get_lifecycle-200" } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "get_lifecycle", + "x-namespace": "ilm" }, "put": { "tags": [ @@ -11620,7 +11964,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "put_lifecycle", + "x-namespace": "ilm" }, "delete": { "tags": [ @@ -11680,7 +12026,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "delete_lifecycle", + "x-namespace": "ilm" } }, "/{index}/_ilm/explain": { @@ -11763,7 +12111,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "explain_lifecycle", + "x-namespace": "ilm" } }, "/_ilm/policy": { @@ -11786,7 +12136,9 @@ "$ref": "#/components/responses/ilm.get_lifecycle-200" } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "get_lifecycle", + "x-namespace": "ilm" } }, "/_ilm/status": { @@ -11823,7 +12175,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "get_status", + "x-namespace": "ilm" } }, "/_ilm/migrate_to_data_tiers": { @@ -11949,7 +12303,9 @@ } } }, - "x-state": "Added in 7.14.0" + "x-state": "Added in 7.14.0", + "x-api-name" : "migrate_to_data_tiers", + "x-namespace": "ilm" } }, "/_ilm/move/{index}": { @@ -12024,7 +12380,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "move_to_step", + "x-namespace": "ilm" } }, "/{index}/_ilm/remove": { @@ -12081,7 +12439,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "remove_policy", + "x-namespace": "ilm" } }, "/{index}/_ilm/retry": { @@ -12117,7 +12477,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "retry", + "x-namespace": "ilm" } }, "/_ilm/start": { @@ -12168,7 +12530,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "start", + "x-namespace": "ilm" } }, "/_ilm/stop": { @@ -12219,7 +12583,9 @@ } } }, - "x-state": "Added in 6.6.0" + "x-state": "Added in 6.6.0", + "x-api-name" : "stop", + "x-namespace": "ilm" } }, "/{index}/_doc": { @@ -12281,7 +12647,8 @@ "200": { "$ref": "#/components/responses/index-200" } - } + }, + "x-api-name": "index" } }, "/{index}/_block/{block}": { @@ -12403,7 +12770,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "add_block", + "x-namespace": "indices" } }, "/_analyze": { @@ -12429,7 +12798,9 @@ "200": { "$ref": "#/components/responses/indices.analyze-200" } - } + }, + "x-api-name" : "analyze", + "x-namespace": "indices" }, "post": { "tags": [ @@ -12453,7 +12824,9 @@ "200": { "$ref": "#/components/responses/indices.analyze-200" } - } + }, + "x-api-name" : "analyze", + "x-namespace": "indices" } }, "/{index}/_analyze": { @@ -12482,7 +12855,9 @@ "200": { "$ref": "#/components/responses/indices.analyze-200" } - } + }, + "x-api-name" : "analyze", + "x-namespace": "indices" }, "post": { "tags": [ @@ -12509,7 +12884,9 @@ "200": { "$ref": "#/components/responses/indices.analyze-200" } - } + }, + "x-api-name" : "analyze", + "x-namespace": "indices" } }, "/_migration/reindex/{index}/_cancel": { @@ -12545,7 +12922,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "cancel_migrate_reindex", + "x-namespace": "indices" } }, "/_cache/clear": { @@ -12586,7 +12965,9 @@ "200": { "$ref": "#/components/responses/indices.clear_cache-200" } - } + }, + "x-api-name" : "clear_cache", + "x-namespace": "indices" } }, "/{index}/_cache/clear": { @@ -12630,7 +13011,9 @@ "200": { "$ref": "#/components/responses/indices.clear_cache-200" } - } + }, + "x-api-name" : "clear_cache", + "x-namespace": "indices" } }, "/{index}/_clone/{target}": { @@ -12666,7 +13049,9 @@ "$ref": "#/components/responses/indices.clone-200" } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "clone", + "x-namespace": "indices" }, "post": { "tags": [ @@ -12700,7 +13085,9 @@ "$ref": "#/components/responses/indices.clone-200" } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "clone", + "x-namespace": "indices" } }, "/{index}/_close": { @@ -12820,7 +13207,9 @@ } } } - } + }, + "x-api-name" : "close", + "x-namespace": "indices" } }, "/{index}": { @@ -12938,7 +13327,9 @@ } } } - } + }, + "x-api-name" : "get", + "x-namespace": "indices" }, "put": { "tags": [ @@ -13058,7 +13449,9 @@ } } } - } + }, + "x-api-name" : "create", + "x-namespace": "indices" }, "delete": { "tags": [ @@ -13141,7 +13534,9 @@ } } } - } + }, + "x-api-name" : "delete", + "x-namespace": "indices" }, "head": { "tags": [ @@ -13230,7 +13625,9 @@ "application/json": {} } } - } + }, + "x-api-name" : "exists", + "x-namespace": "indices" } }, "/_data_stream/{name}": { @@ -13263,7 +13660,9 @@ "$ref": "#/components/responses/indices.get_data_stream-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "get_data_stream", + "x-namespace": "indices" }, "put": { "tags": [ @@ -13317,7 +13716,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "create_data_stream", + "x-namespace": "indices" }, "delete": { "tags": [ @@ -13371,7 +13772,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "delete_data_stream", + "x-namespace": "indices" } }, "/_create_from/{source}/{dest}": { @@ -13398,7 +13801,9 @@ "$ref": "#/components/responses/indices.create_from-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "create_from", + "x-namespace": "indices" }, "post": { "tags": [ @@ -13423,7 +13828,9 @@ "$ref": "#/components/responses/indices.create_from-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "create_from", + "x-namespace": "indices" } }, "/_data_stream/_stats": { @@ -13444,7 +13851,9 @@ "$ref": "#/components/responses/indices.data_streams_stats-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "data_streams_stats", + "x-namespace": "indices" } }, "/_data_stream/{name}/_stats": { @@ -13468,7 +13877,9 @@ "$ref": "#/components/responses/indices.data_streams_stats-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "data_streams_stats", + "x-namespace": "indices" } }, "/{index}/_alias/{name}": { @@ -13503,7 +13914,9 @@ "200": { "$ref": "#/components/responses/indices.get_alias-200" } - } + }, + "x-api-name" : "get_alias", + "x-namespace": "indices" }, "put": { "tags": [ @@ -13533,7 +13946,9 @@ "200": { "$ref": "#/components/responses/indices.put_alias-200" } - } + }, + "x-api-name" : "put_alias", + "x-namespace": "indices" }, "post": { "tags": [ @@ -13563,7 +13978,9 @@ "200": { "$ref": "#/components/responses/indices.put_alias-200" } - } + }, + "x-api-name" : "put_alias", + "x-namespace": "indices" }, "delete": { "tags": [ @@ -13590,7 +14007,9 @@ "200": { "$ref": "#/components/responses/indices.delete_alias-200" } - } + }, + "x-api-name" : "delete_alias", + "x-namespace": "indices" }, "head": { "tags": [ @@ -13623,7 +14042,9 @@ "200": { "$ref": "#/components/responses/indices.exists_alias-200" } - } + }, + "x-api-name" : "exists_alias", + "x-namespace": "indices" } }, "/{index}/_aliases/{name}": { @@ -13655,7 +14076,9 @@ "200": { "$ref": "#/components/responses/indices.put_alias-200" } - } + }, + "x-api-name" : "put_alias", + "x-namespace": "indices" }, "post": { "tags": [ @@ -13685,7 +14108,9 @@ "200": { "$ref": "#/components/responses/indices.put_alias-200" } - } + }, + "x-api-name" : "put_alias", + "x-namespace": "indices" }, "delete": { "tags": [ @@ -13712,7 +14137,9 @@ "200": { "$ref": "#/components/responses/indices.delete_alias-200" } - } + }, + "x-api-name" : "delete_alias", + "x-namespace": "indices" } }, "/_data_stream/{name}/_lifecycle": { @@ -13795,7 +14222,9 @@ } } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "get_data_lifecycle", + "x-namespace": "indices" }, "put": { "tags": [ @@ -13897,7 +14326,9 @@ } } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "put_data_lifecycle", + "x-namespace": "indices" }, "delete": { "tags": [ @@ -13967,7 +14398,9 @@ } } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "delete_data_lifecycle", + "x-namespace": "indices" } }, "/_data_stream/{name}/_options": { @@ -14034,7 +14467,9 @@ } } }, - "x-state": "Added in 8.19.0" + "x-state": "Added in 8.19.0", + "x-api-name" : "get_data_stream_options", + "x-namespace": "indices" }, "put": { "tags": [ @@ -14112,7 +14547,9 @@ } } }, - "x-state": "Added in 8.19.0" + "x-state": "Added in 8.19.0", + "x-api-name" : "put_data_stream_options", + "x-namespace": "indices" }, "delete": { "tags": [ @@ -14182,7 +14619,9 @@ } } }, - "x-state": "Added in 8.19.0" + "x-state": "Added in 8.19.0", + "x-api-name" : "delete_data_stream_options", + "x-namespace": "indices" } }, "/_index_template/{name}": { @@ -14215,7 +14654,9 @@ "$ref": "#/components/responses/indices.get_index_template-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "get_index_template", + "x-namespace": "indices" }, "put": { "tags": [ @@ -14246,7 +14687,9 @@ "$ref": "#/components/responses/indices.put_index_template-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "put_index_template", + "x-namespace": "indices" }, "post": { "tags": [ @@ -14277,7 +14720,9 @@ "$ref": "#/components/responses/indices.put_index_template-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "put_index_template", + "x-namespace": "indices" }, "delete": { "tags": [ @@ -14331,7 +14776,9 @@ } } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "delete_index_template", + "x-namespace": "indices" }, "head": { "tags": [ @@ -14390,7 +14837,9 @@ "application/json": {} } } - } + }, + "x-api-name" : "exists_index_template", + "x-namespace": "indices" } }, "/_template/{name}": { @@ -14423,7 +14872,9 @@ "$ref": "#/components/responses/indices.get_template-200" } }, - "deprecated": true + "deprecated": true, + "x-api-name" : "get_template", + "x-namespace": "indices" }, "put": { "tags": [ @@ -14460,7 +14911,9 @@ "$ref": "#/components/responses/indices.put_template-200" } }, - "deprecated": true + "deprecated": true, + "x-api-name" : "put_template", + "x-namespace": "indices" }, "post": { "tags": [ @@ -14497,7 +14950,9 @@ "$ref": "#/components/responses/indices.put_template-200" } }, - "deprecated": true + "deprecated": true, + "x-api-name" : "put_template", + "x-namespace": "indices" }, "delete": { "tags": [ @@ -14551,7 +15006,9 @@ } } }, - "deprecated": true + "deprecated": true, + "x-api-name" : "delete_template", + "x-namespace": "indices" }, "head": { "tags": [ @@ -14613,7 +15070,9 @@ "application/json": {} } } - } + }, + "x-api-name" : "exists_template", + "x-namespace": "indices" } }, "/{index}/_disk_usage": { @@ -14699,7 +15158,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "disk_usage", + "x-namespace": "indices" } }, "/{index}/_downsample/{target_index}": { @@ -14761,7 +15222,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "downsample", + "x-namespace": "indices" } }, "/_alias/{name}": { @@ -14793,7 +15256,9 @@ "200": { "$ref": "#/components/responses/indices.get_alias-200" } - } + }, + "x-api-name" : "get_alias", + "x-namespace": "indices" }, "head": { "tags": [ @@ -14823,7 +15288,9 @@ "200": { "$ref": "#/components/responses/indices.exists_alias-200" } - } + }, + "x-api-name" : "exists_alias", + "x-namespace": "indices" } }, "/{index}/_lifecycle/explain": { @@ -14902,7 +15369,9 @@ } } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "explain_data_lifecycle", + "x-namespace": "indices" } }, "/{index}/_field_usage_stats": { @@ -14984,7 +15453,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "field_usage_stats", + "x-namespace": "indices" } }, "/_flush": { @@ -15016,7 +15487,9 @@ "200": { "$ref": "#/components/responses/indices.flush-200" } - } + }, + "x-api-name" : "flush", + "x-namespace": "indices" }, "post": { "tags": [ @@ -15046,7 +15519,9 @@ "200": { "$ref": "#/components/responses/indices.flush-200" } - } + }, + "x-api-name" : "flush", + "x-namespace": "indices" } }, "/{index}/_flush": { @@ -15081,7 +15556,9 @@ "200": { "$ref": "#/components/responses/indices.flush-200" } - } + }, + "x-api-name" : "flush", + "x-namespace": "indices" }, "post": { "tags": [ @@ -15114,7 +15591,9 @@ "200": { "$ref": "#/components/responses/indices.flush-200" } - } + }, + "x-api-name" : "flush", + "x-namespace": "indices" } }, "/_forcemerge": { @@ -15156,7 +15635,9 @@ "$ref": "#/components/responses/indices.forcemerge-200" } }, - "x-state": "Added in 2.1.0" + "x-state": "Added in 2.1.0", + "x-api-name" : "forcemerge", + "x-namespace": "indices" } }, "/{index}/_forcemerge": { @@ -15201,7 +15682,9 @@ "$ref": "#/components/responses/indices.forcemerge-200" } }, - "x-state": "Added in 2.1.0" + "x-state": "Added in 2.1.0", + "x-api-name" : "forcemerge", + "x-namespace": "indices" } }, "/_alias": { @@ -15230,7 +15713,9 @@ "200": { "$ref": "#/components/responses/indices.get_alias-200" } - } + }, + "x-api-name" : "get_alias", + "x-namespace": "indices" } }, "/{index}/_alias": { @@ -15262,7 +15747,9 @@ "200": { "$ref": "#/components/responses/indices.get_alias-200" } - } + }, + "x-api-name" : "get_alias", + "x-namespace": "indices" } }, "/_lifecycle/stats": { @@ -15314,7 +15801,9 @@ } } }, - "x-state": "Added in 8.12.0" + "x-state": "Added in 8.12.0", + "x-api-name" : "get_data_lifecycle_stats", + "x-namespace": "indices" } }, "/_data_stream": { @@ -15344,7 +15833,9 @@ "$ref": "#/components/responses/indices.get_data_stream-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "get_data_stream", + "x-namespace": "indices" } }, "/_mapping/field/{fields}": { @@ -15376,7 +15867,9 @@ "200": { "$ref": "#/components/responses/indices.get_field_mapping-200" } - } + }, + "x-api-name" : "get_field_mapping", + "x-namespace": "indices" } }, "/{index}/_mapping/field/{fields}": { @@ -15411,7 +15904,9 @@ "200": { "$ref": "#/components/responses/indices.get_field_mapping-200" } - } + }, + "x-api-name" : "get_field_mapping", + "x-namespace": "indices" } }, "/_index_template": { @@ -15441,7 +15936,9 @@ "$ref": "#/components/responses/indices.get_index_template-200" } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "get_index_template", + "x-namespace": "indices" } }, "/_mapping": { @@ -15473,7 +15970,9 @@ "200": { "$ref": "#/components/responses/indices.get_mapping-200" } - } + }, + "x-api-name" : "get_mapping", + "x-namespace": "indices" } }, "/{index}/_mapping": { @@ -15508,7 +16007,9 @@ "200": { "$ref": "#/components/responses/indices.get_mapping-200" } - } + }, + "x-api-name" : "get_mapping", + "x-namespace": "indices" }, "put": { "tags": [ @@ -15550,7 +16051,9 @@ "200": { "$ref": "#/components/responses/indices.put_mapping-200" } - } + }, + "x-api-name" : "put_mapping", + "x-namespace": "indices" }, "post": { "tags": [ @@ -15592,7 +16095,9 @@ "200": { "$ref": "#/components/responses/indices.put_mapping-200" } - } + }, + "x-api-name" : "put_mapping", + "x-namespace": "indices" } }, "/_migration/reindex/{index}/_status": { @@ -15676,7 +16181,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_migrate_reindex_status", + "x-namespace": "indices" } }, "/_settings": { @@ -15714,7 +16221,9 @@ "200": { "$ref": "#/components/responses/indices.get_settings-200" } - } + }, + "x-api-name" : "get_settings", + "x-namespace": "indices" }, "put": { "tags": [ @@ -15759,7 +16268,9 @@ "200": { "$ref": "#/components/responses/indices.put_settings-200" } - } + }, + "x-api-name" : "put_settings", + "x-namespace": "indices" } }, "/{index}/_settings": { @@ -15800,7 +16311,9 @@ "200": { "$ref": "#/components/responses/indices.get_settings-200" } - } + }, + "x-api-name" : "get_settings", + "x-namespace": "indices" }, "put": { "tags": [ @@ -15848,7 +16361,9 @@ "200": { "$ref": "#/components/responses/indices.put_settings-200" } - } + }, + "x-api-name" : "put_settings", + "x-namespace": "indices" } }, "/{index}/_settings/{name}": { @@ -15892,7 +16407,9 @@ "200": { "$ref": "#/components/responses/indices.get_settings-200" } - } + }, + "x-api-name" : "get_settings", + "x-namespace": "indices" } }, "/_settings/{name}": { @@ -15933,7 +16450,9 @@ "200": { "$ref": "#/components/responses/indices.get_settings-200" } - } + }, + "x-api-name" : "get_settings", + "x-namespace": "indices" } }, "/_template": { @@ -15963,7 +16482,9 @@ "$ref": "#/components/responses/indices.get_template-200" } }, - "deprecated": true + "deprecated": true, + "x-api-name" : "get_template", + "x-namespace": "indices" } }, "/_migration/reindex": { @@ -15996,7 +16517,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "migrate_reindex", + "x-namespace": "indices" } }, "/_data_stream/_migrate/{name}": { @@ -16052,7 +16575,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "migrate_to_data_stream", + "x-namespace": "indices" } }, "/_data_stream/_modify": { @@ -16097,7 +16622,9 @@ } } }, - "x-state": "Added in 7.16.0" + "x-state": "Added in 7.16.0", + "x-api-name" : "modify_data_stream", + "x-namespace": "indices" } }, "/{index}/_open": { @@ -16210,7 +16737,9 @@ } } } - } + }, + "x-api-name" : "open", + "x-namespace": "indices" } }, "/_data_stream/_promote/{name}": { @@ -16256,7 +16785,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "promote_data_stream", + "x-namespace": "indices" } }, "/_recovery": { @@ -16279,7 +16810,9 @@ "200": { "$ref": "#/components/responses/indices.recovery-200" } - } + }, + "x-api-name" : "recovery", + "x-namespace": "indices" } }, "/{index}/_recovery": { @@ -16305,7 +16838,9 @@ "200": { "$ref": "#/components/responses/indices.recovery-200" } - } + }, + "x-api-name" : "recovery", + "x-namespace": "indices" } }, "/_refresh": { @@ -16331,7 +16866,9 @@ "200": { "$ref": "#/components/responses/indices.refresh-200" } - } + }, + "x-api-name" : "refresh", + "x-namespace": "indices" }, "post": { "tags": [ @@ -16355,7 +16892,9 @@ "200": { "$ref": "#/components/responses/indices.refresh-200" } - } + }, + "x-api-name" : "refresh", + "x-namespace": "indices" } }, "/{index}/_refresh": { @@ -16384,7 +16923,9 @@ "200": { "$ref": "#/components/responses/indices.refresh-200" } - } + }, + "x-api-name" : "refresh", + "x-namespace": "indices" }, "post": { "tags": [ @@ -16411,7 +16952,9 @@ "200": { "$ref": "#/components/responses/indices.refresh-200" } - } + }, + "x-api-name" : "refresh", + "x-namespace": "indices" } }, "/{index}/_reload_search_analyzers": { @@ -16447,7 +16990,9 @@ "$ref": "#/components/responses/indices.reload_search_analyzers-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "reload_search_analyzers", + "x-namespace": "indices" }, "post": { "tags": [ @@ -16481,7 +17026,9 @@ "$ref": "#/components/responses/indices.reload_search_analyzers-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "reload_search_analyzers", + "x-namespace": "indices" } }, "/_resolve/cluster": { @@ -16514,7 +17061,9 @@ "$ref": "#/components/responses/indices.resolve_cluster-200" } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "resolve_cluster", + "x-namespace": "indices" } }, "/_resolve/cluster/{name}": { @@ -16550,7 +17099,9 @@ "$ref": "#/components/responses/indices.resolve_cluster-200" } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "resolve_cluster", + "x-namespace": "indices" } }, "/_resolve/index/{name}": { @@ -16647,7 +17198,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "resolve_index", + "x-namespace": "indices" } }, "/{alias}/_rollover": { @@ -16686,7 +17239,9 @@ "$ref": "#/components/responses/indices.rollover-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "rollover", + "x-namespace": "indices" } }, "/{alias}/_rollover/{new_index}": { @@ -16728,7 +17283,9 @@ "$ref": "#/components/responses/indices.rollover-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "rollover", + "x-namespace": "indices" } }, "/_segments": { @@ -16754,7 +17311,9 @@ "200": { "$ref": "#/components/responses/indices.segments-200" } - } + }, + "x-api-name" : "segments", + "x-namespace": "indices" } }, "/{index}/_segments": { @@ -16783,7 +17342,9 @@ "200": { "$ref": "#/components/responses/indices.segments-200" } - } + }, + "x-api-name" : "segments", + "x-namespace": "indices" } }, "/_shard_stores": { @@ -16812,7 +17373,9 @@ "200": { "$ref": "#/components/responses/indices.shard_stores-200" } - } + }, + "x-api-name" : "shard_stores", + "x-namespace": "indices" } }, "/{index}/_shard_stores": { @@ -16844,7 +17407,9 @@ "200": { "$ref": "#/components/responses/indices.shard_stores-200" } - } + }, + "x-api-name" : "shard_stores", + "x-namespace": "indices" } }, "/{index}/_shrink/{target}": { @@ -16880,7 +17445,9 @@ "$ref": "#/components/responses/indices.shrink-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "shrink", + "x-namespace": "indices" }, "post": { "tags": [ @@ -16914,7 +17481,9 @@ "$ref": "#/components/responses/indices.shrink-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "shrink", + "x-namespace": "indices" } }, "/_index_template/_simulate_index/{name}": { @@ -17010,7 +17579,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "simulate_index_template", + "x-namespace": "indices" } }, "/_index_template/_simulate": { @@ -17042,7 +17613,9 @@ "200": { "$ref": "#/components/responses/indices.simulate_template-200" } - } + }, + "x-api-name" : "simulate_template", + "x-namespace": "indices" } }, "/_index_template/_simulate/{name}": { @@ -17077,7 +17650,9 @@ "200": { "$ref": "#/components/responses/indices.simulate_template-200" } - } + }, + "x-api-name" : "simulate_template", + "x-namespace": "indices" } }, "/{index}/_split/{target}": { @@ -17113,7 +17688,9 @@ "$ref": "#/components/responses/indices.split-200" } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "split", + "x-namespace": "indices" }, "post": { "tags": [ @@ -17147,7 +17724,9 @@ "$ref": "#/components/responses/indices.split-200" } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "split", + "x-namespace": "indices" } }, "/_stats": { @@ -17192,7 +17771,9 @@ "$ref": "#/components/responses/indices.stats-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "stats", + "x-namespace": "indices" } }, "/_stats/{metric}": { @@ -17240,7 +17821,9 @@ "$ref": "#/components/responses/indices.stats-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "stats", + "x-namespace": "indices" } }, "/{index}/_stats": { @@ -17288,7 +17871,9 @@ "$ref": "#/components/responses/indices.stats-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "stats", + "x-namespace": "indices" } }, "/{index}/_stats/{metric}": { @@ -17339,7 +17924,9 @@ "$ref": "#/components/responses/indices.stats-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "stats", + "x-namespace": "indices" } }, "/_aliases": { @@ -17403,7 +17990,9 @@ } } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "update_aliases", + "x-namespace": "indices" } }, "/_validate/query": { @@ -17460,7 +18049,9 @@ "$ref": "#/components/responses/indices.validate_query-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "validate_query", + "x-namespace": "indices" }, "post": { "tags": [ @@ -17515,7 +18106,9 @@ "$ref": "#/components/responses/indices.validate_query-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "validate_query", + "x-namespace": "indices" } }, "/{index}/_validate/query": { @@ -17575,7 +18168,9 @@ "$ref": "#/components/responses/indices.validate_query-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "validate_query", + "x-namespace": "indices" }, "post": { "tags": [ @@ -17633,7 +18228,9 @@ "$ref": "#/components/responses/indices.validate_query-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "validate_query", + "x-namespace": "indices" } }, "/_inference/chat_completion/{inference_id}/_stream": { @@ -17642,7 +18239,7 @@ "inference" ], "summary": "Perform chat completion inference\n", - "description": "The chat completion inference API enables real-time responses for chat completion tasks by delivering answers incrementally, reducing response times during computation. \nIt only works with the `chat_completion` task type for `openai` and `elastic` inference services.\n\nIMPORTANT: The inference APIs enable you to use certain services, such as built-in machine learning models (ELSER, E5), models uploaded through Eland, Cohere, OpenAI, Azure, Google AI Studio, Google Vertex AI, Anthropic, Watsonx.ai, or Hugging Face.\nFor built-in models and models uploaded through Eland, the inference APIs offer an alternative way to use and manage trained models. However, if you do not plan to use the inference APIs to use these models or if you want to use non-NLP models, use the machine learning trained model APIs.\n\nNOTE: The `chat_completion` task type is only available within the _stream API and only supports streaming.\nThe Chat completion inference API and the Stream inference API differ in their response structure and capabilities.\nThe Chat completion inference API provides more comprehensive customization options through more fields and function calling support.\nIf you use the `openai` service or the `elastic` service, use the Chat completion inference API.", + "description": "The chat completion inference API enables real-time responses for chat completion tasks by delivering answers incrementally, reducing response times during computation.\nIt only works with the `chat_completion` task type for `openai` and `elastic` inference services.\n\nNOTE: The `chat_completion` task type is only available within the _stream API and only supports streaming.\nThe Chat completion inference API and the Stream inference API differ in their response structure and capabilities.\nThe Chat completion inference API provides more comprehensive customization options through more fields and function calling support.\nIf you use the `openai` service or the `elastic` service, use the Chat completion inference API.", "operationId": "inference-chat-completion-unified", "parameters": [ { @@ -17712,7 +18309,9 @@ } } }, - "x-state": "Added in 8.18.0" + "x-state": "Added in 8.18.0", + "x-api-name" : "chat_completion_unified", + "x-namespace": "inference" } }, "/_inference/completion/{inference_id}": { @@ -17802,7 +18401,9 @@ } } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "completion", + "x-namespace": "inference" } }, "/_inference/{inference_id}": { @@ -17822,7 +18423,9 @@ "$ref": "#/components/responses/inference.get-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "get", + "x-namespace": "inference" }, "put": { "tags": [ @@ -17844,7 +18447,9 @@ "$ref": "#/components/responses/inference.put-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "put", + "x-namespace": "inference" }, "post": { "tags": [ @@ -17869,7 +18474,9 @@ "$ref": "#/components/responses/inference.inference-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "inference", + "x-namespace": "inference" }, "delete": { "tags": [ @@ -17893,7 +18500,9 @@ "$ref": "#/components/responses/inference.delete-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "delete", + "x-namespace": "inference" } }, "/_inference/{task_type}/{inference_id}": { @@ -17916,7 +18525,9 @@ "$ref": "#/components/responses/inference.get-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "get", + "x-namespace": "inference" }, "put": { "tags": [ @@ -17941,7 +18552,9 @@ "$ref": "#/components/responses/inference.put-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "put", + "x-namespace": "inference" }, "post": { "tags": [ @@ -17969,7 +18582,9 @@ "$ref": "#/components/responses/inference.inference-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "inference", + "x-namespace": "inference" }, "delete": { "tags": [ @@ -17996,7 +18611,9 @@ "$ref": "#/components/responses/inference.delete-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "delete", + "x-namespace": "inference" } }, "/_inference": { @@ -18011,7 +18628,9 @@ "$ref": "#/components/responses/inference.get-200" } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "get", + "x-namespace": "inference" } }, "/_inference/{task_type}/{alibabacloud_inference_id}": { @@ -18107,7 +18726,9 @@ } } }, - "x-state": "Added in 8.16.0" + "x-state": "Added in 8.16.0", + "x-api-name" : "put_alibabacloud", + "x-namespace": "inference" } }, "/_inference/{task_type}/{amazonbedrock_inference_id}": { @@ -18187,13 +18808,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoAmazonBedrock" } } } } }, - "x-state": "Added in 8.12.0" + "x-state": "Added in 8.12.0", + "x-api-name" : "put_amazonbedrock", + "x-namespace": "inference" } }, "/_inference/{task_type}/{anthropic_inference_id}": { @@ -18267,13 +18890,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoAnthropic" } } } } }, - "x-state": "Added in 8.16.0" + "x-state": "Added in 8.16.0", + "x-api-name" : "put_anthropic", + "x-namespace": "inference" } }, "/_inference/{task_type}/{azureaistudio_inference_id}": { @@ -18353,13 +18978,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoAzureAIStudio" } } } } }, - "x-state": "Added in 8.14.0" + "x-state": "Added in 8.14.0", + "x-api-name" : "put_azureaistudio", + "x-namespace": "inference" } }, "/_inference/{task_type}/{azureopenai_inference_id}": { @@ -18439,13 +19066,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoAzureOpenAI" } } } } }, - "x-state": "Added in 8.14.0" + "x-state": "Added in 8.14.0", + "x-api-name" : "put_azureopenai", + "x-namespace": "inference" } }, "/_inference/{task_type}/{cohere_inference_id}": { @@ -18525,13 +19154,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoCohere" } } } } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "put_cohere", + "x-namespace": "inference" } }, "/_inference/{task_type}/{elasticsearch_inference_id}": { @@ -18631,7 +19262,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoElasticsearch" }, "examples": { "PutElasticsearchResponseExample1": { @@ -18643,7 +19274,9 @@ } } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "put_elasticsearch", + "x-namespace": "inference" } }, "/_inference/{task_type}/{elser_inference_id}": { @@ -18720,7 +19353,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoELSER" }, "examples": { "PutElserResponseExample1": { @@ -18733,7 +19366,9 @@ } }, "deprecated": true, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "put_elser", + "x-namespace": "inference" } }, "/_inference/{task_type}/{googleaistudio_inference_id}": { @@ -18805,13 +19440,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoGoogleAIStudio" } } } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "put_googleaistudio", + "x-namespace": "inference" } }, "/_inference/{task_type}/{googlevertexai_inference_id}": { @@ -18891,13 +19528,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoGoogleVertexAI" } } } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "put_googlevertexai", + "x-namespace": "inference" } }, "/_inference/{task_type}/{huggingface_inference_id}": { @@ -18969,13 +19608,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoHuggingFace" } } } } }, - "x-state": "Added in 8.12.0" + "x-state": "Added in 8.12.0", + "x-api-name" : "put_hugging_face", + "x-namespace": "inference" } }, "/_inference/{task_type}/{jinaai_inference_id}": { @@ -19061,7 +19702,9 @@ } } }, - "x-state": "Added in 8.18.0" + "x-state": "Added in 8.18.0", + "x-api-name" : "put_jinaai", + "x-namespace": "inference" } }, "/_inference/{task_type}/{mistral_inference_id}": { @@ -19132,13 +19775,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoMistral" } } } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "put_mistral", + "x-namespace": "inference" } }, "/_inference/{task_type}/{openai_inference_id}": { @@ -19218,13 +19863,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoOpenAI" } } } } }, - "x-state": "Added in 8.12.0" + "x-state": "Added in 8.12.0", + "x-api-name" : "put_openai", + "x-namespace": "inference" } }, "/_inference/{task_type}/{voyageai_inference_id}": { @@ -19304,13 +19951,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoVoyageAI" } } } } }, - "x-state": "Added in 8.19.0" + "x-state": "Added in 8.19.0", + "x-api-name" : "put_voyageai", + "x-namespace": "inference" } }, "/_inference/{task_type}/{watsonx_inference_id}": { @@ -19378,13 +20027,15 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/inference._types.InferenceEndpointInfo" + "$ref": "#/components/schemas/inference._types.InferenceEndpointInfoWatsonx" } } } } }, - "x-state": "Added in 8.16.0" + "x-state": "Added in 8.16.0", + "x-api-name" : "put_watsonx", + "x-namespace": "inference" } }, "/_inference/rerank/{inference_id}": { @@ -19479,7 +20130,9 @@ } } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "rerank", + "x-namespace": "inference" } }, "/_inference/sparse_embedding/{inference_id}": { @@ -19569,7 +20222,9 @@ } } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "sparse_embedding", + "x-namespace": "inference" } }, "/_inference/completion/{inference_id}/_stream": { @@ -19643,7 +20298,9 @@ } } }, - "x-state": "Added in 8.16.0" + "x-state": "Added in 8.16.0", + "x-api-name" : "stream_completion", + "x-namespace": "inference" } }, "/_inference/text_embedding/{inference_id}": { @@ -19733,7 +20390,9 @@ } } }, - "x-state": "Added in 8.11.0" + "x-state": "Added in 8.11.0", + "x-api-name" : "text_embedding", + "x-namespace": "inference" } }, "/_inference/{inference_id}/_update": { @@ -19757,7 +20416,9 @@ "$ref": "#/components/responses/inference.update-200" } }, - "x-state": "Added in 8.17.0" + "x-state": "Added in 8.17.0", + "x-api-name" : "update", + "x-namespace": "inference" } }, "/_inference/{task_type}/{inference_id}/_update": { @@ -19784,7 +20445,9 @@ "$ref": "#/components/responses/inference.update-200" } }, - "x-state": "Added in 8.17.0" + "x-state": "Added in 8.17.0", + "x-api-name" : "update", + "x-namespace": "inference" } }, "/": { @@ -19836,7 +20499,8 @@ } } } - } + }, + "x-api-name": "info" }, "head": { "tags": [ @@ -19852,7 +20516,8 @@ "application/json": {} } } - } + }, + "x-api-name": "ping" } }, "/_ingest/geoip/database/{id}": { @@ -19873,7 +20538,9 @@ "$ref": "#/components/responses/ingest.get_geoip_database-200" } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "get_geoip_database", + "x-namespace": "ingest" }, "put": { "tags": [ @@ -19949,7 +20616,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "put_geoip_database", + "x-namespace": "ingest" }, "delete": { "tags": [ @@ -20003,7 +20672,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "delete_geoip_database", + "x-namespace": "ingest" } }, "/_ingest/ip_location/database/{id}": { @@ -20026,7 +20697,9 @@ "$ref": "#/components/responses/ingest.get_ip_location_database-200" } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "get_ip_location_database", + "x-namespace": "ingest" }, "put": { "tags": [ @@ -20089,7 +20762,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "put_ip_location_database", + "x-namespace": "ingest" }, "delete": { "tags": [ @@ -20142,7 +20817,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "delete_ip_location_database", + "x-namespace": "ingest" } }, "/_ingest/pipeline/{id}": { @@ -20172,7 +20849,9 @@ "$ref": "#/components/responses/ingest.get_pipeline-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "get_pipeline", + "x-namespace": "ingest" }, "put": { "tags": [ @@ -20290,7 +20969,9 @@ } } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "put_pipeline", + "x-namespace": "ingest" }, "delete": { "tags": [ @@ -20347,7 +21028,9 @@ } } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "delete_pipeline", + "x-namespace": "ingest" } }, "/_ingest/geoip/stats": { @@ -20389,7 +21072,9 @@ } } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "geo_ip_stats", + "x-namespace": "ingest" } }, "/_ingest/geoip/database": { @@ -20405,7 +21090,9 @@ "$ref": "#/components/responses/ingest.get_geoip_database-200" } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "get_geoip_database", + "x-namespace": "ingest" } }, "/_ingest/ip_location/database": { @@ -20425,7 +21112,9 @@ "$ref": "#/components/responses/ingest.get_ip_location_database-200" } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "get_ip_location_database", + "x-namespace": "ingest" } }, "/_ingest/pipeline": { @@ -20452,7 +21141,9 @@ "$ref": "#/components/responses/ingest.get_pipeline-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "get_pipeline", + "x-namespace": "ingest" } }, "/_ingest/processor/grok": { @@ -20489,7 +21180,9 @@ } } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "processor_grok", + "x-namespace": "ingest" } }, "/_ingest/pipeline/_simulate": { @@ -20513,7 +21206,9 @@ "$ref": "#/components/responses/ingest.simulate-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "simulate", + "x-namespace": "ingest" }, "post": { "tags": [ @@ -20535,7 +21230,9 @@ "$ref": "#/components/responses/ingest.simulate-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "simulate", + "x-namespace": "ingest" } }, "/_ingest/pipeline/{id}/_simulate": { @@ -20562,7 +21259,9 @@ "$ref": "#/components/responses/ingest.simulate-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "simulate", + "x-namespace": "ingest" }, "post": { "tags": [ @@ -20587,7 +21286,9 @@ "$ref": "#/components/responses/ingest.simulate-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name" : "simulate", + "x-namespace": "ingest" } }, "/_license": { @@ -20645,7 +21346,9 @@ } } } - } + }, + "x-api-name" : "get", + "x-namespace": "license" }, "put": { "tags": [ @@ -20672,7 +21375,9 @@ "200": { "$ref": "#/components/responses/license.post-200" } - } + }, + "x-api-name" : "post", + "x-namespace": "license" }, "post": { "tags": [ @@ -20699,7 +21404,9 @@ "200": { "$ref": "#/components/responses/license.post-200" } - } + }, + "x-api-name" : "post", + "x-namespace": "license" }, "delete": { "tags": [ @@ -20744,7 +21451,9 @@ } } } - } + }, + "x-api-name" : "delete", + "x-namespace": "license" } }, "/_license/basic_status": { @@ -20780,7 +21489,9 @@ } } }, - "x-state": "Added in 6.3.0" + "x-state": "Added in 6.3.0", + "x-api-name" : "get_basic_status", + "x-namespace": "license" } }, "/_license/trial_status": { @@ -20816,7 +21527,9 @@ } } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "get_trial_status", + "x-namespace": "license" } }, "/_license/start_basic": { @@ -20911,7 +21624,9 @@ } } }, - "x-state": "Added in 6.3.0" + "x-state": "Added in 6.3.0", + "x-api-name" : "post_start_basic", + "x-namespace": "license" } }, "/_license/start_trial": { @@ -20989,7 +21704,9 @@ } } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "post_start_trial", + "x-namespace": "license" } }, "/_logstash/pipeline/{id}": { @@ -21013,7 +21730,9 @@ "$ref": "#/components/responses/logstash.get_pipeline-200" } }, - "x-state": "Added in 7.12.0" + "x-state": "Added in 7.12.0", + "x-api-name" : "get_pipeline", + "x-namespace": "logstash" }, "put": { "tags": [ @@ -21063,7 +21782,9 @@ } } }, - "x-state": "Added in 7.12.0" + "x-state": "Added in 7.12.0", + "x-api-name" : "put_pipeline", + "x-namespace": "logstash" }, "delete": { "tags": [ @@ -21096,7 +21817,9 @@ } } }, - "x-state": "Added in 7.12.0" + "x-state": "Added in 7.12.0", + "x-api-name" : "delete_pipeline", + "x-namespace": "logstash" } }, "/_logstash/pipeline": { @@ -21115,7 +21838,9 @@ "$ref": "#/components/responses/logstash.get_pipeline-200" } }, - "x-state": "Added in 7.12.0" + "x-state": "Added in 7.12.0", + "x-api-name" : "get_pipeline", + "x-namespace": "logstash" } }, "/_mget": { @@ -21160,7 +21885,8 @@ "$ref": "#/components/responses/mget-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name": "mget" }, "post": { "tags": [ @@ -21203,7 +21929,8 @@ "$ref": "#/components/responses/mget-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name": "mget" } }, "/{index}/_mget": { @@ -21251,7 +21978,8 @@ "$ref": "#/components/responses/mget-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name": "mget" }, "post": { "tags": [ @@ -21297,7 +22025,8 @@ "$ref": "#/components/responses/mget-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name": "mget" } }, "/_migration/deprecations": { @@ -21313,7 +22042,9 @@ "$ref": "#/components/responses/migration.deprecations-200" } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "deprecations", + "x-namespace": "migration" } }, "/{index}/_migration/deprecations": { @@ -21334,7 +22065,9 @@ "$ref": "#/components/responses/migration.deprecations-200" } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "deprecations", + "x-namespace": "migration" } }, "/_migration/system_features": { @@ -21378,7 +22111,9 @@ } } }, - "x-state": "Added in 7.16.0" + "x-state": "Added in 7.16.0", + "x-api-name" : "get_feature_upgrade_status", + "x-namespace": "migration" }, "post": { "tags": [ @@ -21422,7 +22157,9 @@ } } }, - "x-state": "Added in 7.16.0" + "x-state": "Added in 7.16.0", + "x-api-name" : "post_feature_upgrade", + "x-namespace": "migration" } }, "/_ml/trained_models/{model_id}/deployment/cache/_clear": { @@ -21472,7 +22209,9 @@ } } }, - "x-state": "Added in 8.5.0" + "x-state": "Added in 8.5.0", + "x-api-name" : "clear_trained_model_deployment_cache", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_close": { @@ -21574,7 +22313,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "close_job", + "x-namespace": "ml" } }, "/_ml/calendars/{calendar_id}": { @@ -21603,7 +22344,9 @@ "$ref": "#/components/responses/ml.get_calendars-200" } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "get_calendars", + "x-namespace": "ml" }, "put": { "tags": [ @@ -21674,7 +22417,9 @@ } } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "put_calendar", + "x-namespace": "ml" }, "post": { "tags": [ @@ -21701,7 +22446,9 @@ "$ref": "#/components/responses/ml.get_calendars-200" } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "get_calendars", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -21741,7 +22488,9 @@ } } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "delete_calendar", + "x-namespace": "ml" } }, "/_ml/calendars/{calendar_id}/events/{event_id}": { @@ -21793,7 +22542,9 @@ } } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "delete_calendar_event", + "x-namespace": "ml" } }, "/_ml/calendars/{calendar_id}/jobs/{job_id}": { @@ -21855,7 +22606,9 @@ } } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "put_calendar_job", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -21921,7 +22674,9 @@ } } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "delete_calendar_job", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/{id}": { @@ -21954,7 +22709,9 @@ "$ref": "#/components/responses/ml.get_data_frame_analytics-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "get_data_frame_analytics", + "x-namespace": "ml" }, "put": { "tags": [ @@ -22094,7 +22851,9 @@ } } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "put_data_frame_analytics", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -22153,7 +22912,9 @@ } } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "delete_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/datafeeds/{datafeed_id}": { @@ -22180,7 +22941,9 @@ "$ref": "#/components/responses/ml.get_datafeeds-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_datafeeds", + "x-namespace": "ml" }, "put": { "tags": [ @@ -22383,7 +23146,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "put_datafeed", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -22432,7 +23197,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "delete_datafeed", + "x-namespace": "ml" } }, "/_ml/_delete_expired_data/{job_id}": { @@ -22462,7 +23229,9 @@ "$ref": "#/components/responses/ml.delete_expired_data-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "delete_expired_data", + "x-namespace": "ml" } }, "/_ml/_delete_expired_data": { @@ -22489,7 +23258,9 @@ "$ref": "#/components/responses/ml.delete_expired_data-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "delete_expired_data", + "x-namespace": "ml" } }, "/_ml/filters/{filter_id}": { @@ -22516,7 +23287,9 @@ "$ref": "#/components/responses/ml.get_filters-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_filters", + "x-namespace": "ml" }, "put": { "tags": [ @@ -22592,7 +23365,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "put_filter", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -22632,7 +23407,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "delete_filter", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_forecast": { @@ -22731,7 +23508,9 @@ } } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "forecast", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -22756,7 +23535,9 @@ "$ref": "#/components/responses/ml.delete_forecast-200" } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "delete_forecast", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_forecast/{forecast_id}": { @@ -22786,7 +23567,9 @@ "$ref": "#/components/responses/ml.delete_forecast-200" } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "delete_forecast", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}": { @@ -22813,7 +23596,9 @@ "$ref": "#/components/responses/ml.get_jobs-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_jobs", + "x-namespace": "ml" }, "put": { "tags": [ @@ -23051,7 +23836,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "put_job", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -23127,7 +23914,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "delete_job", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/model_snapshots/{snapshot_id}": { @@ -23171,7 +23960,9 @@ "$ref": "#/components/responses/ml.get_model_snapshots-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_model_snapshots", + "x-namespace": "ml" }, "post": { "tags": [ @@ -23213,7 +24004,9 @@ "$ref": "#/components/responses/ml.get_model_snapshots-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_model_snapshots", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -23264,7 +24057,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "delete_model_snapshot", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}": { @@ -23305,7 +24100,9 @@ "$ref": "#/components/responses/ml.get_trained_models-200" } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "get_trained_models", + "x-namespace": "ml" }, "put": { "tags": [ @@ -23413,7 +24210,9 @@ } } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "put_trained_model", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -23473,7 +24272,9 @@ } } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "delete_trained_model", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}/model_aliases/{model_alias}": { @@ -23530,7 +24331,9 @@ } } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "put_trained_model_alias", + "x-namespace": "ml" }, "delete": { "tags": [ @@ -23581,7 +24384,9 @@ } } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "delete_trained_model_alias", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/_estimate_model_memory": { @@ -23653,7 +24458,9 @@ } } }, - "x-state": "Added in 7.7.0" + "x-state": "Added in 7.7.0", + "x-api-name" : "estimate_model_memory", + "x-namespace": "ml" } }, "/_ml/data_frame/_evaluate": { @@ -23756,7 +24563,9 @@ } } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "evaluate_data_frame", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/_explain": { @@ -23775,7 +24584,9 @@ "$ref": "#/components/responses/ml.explain_data_frame_analytics-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "explain_data_frame_analytics", + "x-namespace": "ml" }, "post": { "tags": [ @@ -23792,7 +24603,9 @@ "$ref": "#/components/responses/ml.explain_data_frame_analytics-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "explain_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/{id}/_explain": { @@ -23816,7 +24629,9 @@ "$ref": "#/components/responses/ml.explain_data_frame_analytics-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "explain_data_frame_analytics", + "x-namespace": "ml" }, "post": { "tags": [ @@ -23838,7 +24653,9 @@ "$ref": "#/components/responses/ml.explain_data_frame_analytics-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "explain_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_flush": { @@ -23964,7 +24781,9 @@ } }, "deprecated": true, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "flush_job", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/results/buckets/{timestamp}": { @@ -24018,7 +24837,9 @@ "$ref": "#/components/responses/ml.get_buckets-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_buckets", + "x-namespace": "ml" }, "post": { "tags": [ @@ -24070,7 +24891,9 @@ "$ref": "#/components/responses/ml.get_buckets-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_buckets", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/results/buckets": { @@ -24121,7 +24944,9 @@ "$ref": "#/components/responses/ml.get_buckets-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_buckets", + "x-namespace": "ml" }, "post": { "tags": [ @@ -24170,7 +24995,9 @@ "$ref": "#/components/responses/ml.get_buckets-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_buckets", + "x-namespace": "ml" } }, "/_ml/calendars/{calendar_id}/events": { @@ -24270,7 +25097,9 @@ } } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "get_calendar_events", + "x-namespace": "ml" }, "post": { "tags": [ @@ -24336,7 +25165,9 @@ } } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "post_calendar_events", + "x-namespace": "ml" } }, "/_ml/calendars": { @@ -24362,7 +25193,9 @@ "$ref": "#/components/responses/ml.get_calendars-200" } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "get_calendars", + "x-namespace": "ml" }, "post": { "tags": [ @@ -24386,7 +25219,9 @@ "$ref": "#/components/responses/ml.get_calendars-200" } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "get_calendars", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/results/categories/{category_id}": { @@ -24421,7 +25256,9 @@ "$ref": "#/components/responses/ml.get_categories-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_categories", + "x-namespace": "ml" }, "post": { "tags": [ @@ -24454,7 +25291,9 @@ "$ref": "#/components/responses/ml.get_categories-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_categories", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/results/categories": { @@ -24486,7 +25325,9 @@ "$ref": "#/components/responses/ml.get_categories-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_categories", + "x-namespace": "ml" }, "post": { "tags": [ @@ -24516,7 +25357,9 @@ "$ref": "#/components/responses/ml.get_categories-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_categories", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics": { @@ -24546,7 +25389,9 @@ "$ref": "#/components/responses/ml.get_data_frame_analytics-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "get_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/_stats": { @@ -24575,7 +25420,9 @@ "$ref": "#/components/responses/ml.get_data_frame_analytics_stats-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "get_data_frame_analytics_stats", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/{id}/_stats": { @@ -24607,7 +25454,9 @@ "$ref": "#/components/responses/ml.get_data_frame_analytics_stats-200" } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "get_data_frame_analytics_stats", + "x-namespace": "ml" } }, "/_ml/datafeeds/{datafeed_id}/_stats": { @@ -24631,7 +25480,9 @@ "$ref": "#/components/responses/ml.get_datafeed_stats-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_datafeed_stats", + "x-namespace": "ml" } }, "/_ml/datafeeds/_stats": { @@ -24652,7 +25503,9 @@ "$ref": "#/components/responses/ml.get_datafeed_stats-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_datafeed_stats", + "x-namespace": "ml" } }, "/_ml/datafeeds": { @@ -24676,7 +25529,9 @@ "$ref": "#/components/responses/ml.get_datafeeds-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_datafeeds", + "x-namespace": "ml" } }, "/_ml/filters": { @@ -24700,7 +25555,9 @@ "$ref": "#/components/responses/ml.get_filters-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_filters", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/results/influencers": { @@ -24748,7 +25605,9 @@ "$ref": "#/components/responses/ml.get_influencers-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_influencers", + "x-namespace": "ml" }, "post": { "tags": [ @@ -24794,7 +25653,9 @@ "$ref": "#/components/responses/ml.get_influencers-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_influencers", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/_stats": { @@ -24814,7 +25675,9 @@ "$ref": "#/components/responses/ml.get_job_stats-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_job_stats", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_stats": { @@ -24837,7 +25700,9 @@ "$ref": "#/components/responses/ml.get_job_stats-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_job_stats", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors": { @@ -24861,7 +25726,9 @@ "$ref": "#/components/responses/ml.get_jobs-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_jobs", + "x-namespace": "ml" } }, "/_ml/memory/_stats": { @@ -24885,7 +25752,9 @@ "$ref": "#/components/responses/ml.get_memory_stats-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "get_memory_stats", + "x-namespace": "ml" } }, "/_ml/memory/{node_id}/_stats": { @@ -24912,7 +25781,9 @@ "$ref": "#/components/responses/ml.get_memory_stats-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "get_memory_stats", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/model_snapshots/{snapshot_id}/_upgrade/_stats": { @@ -24983,7 +25854,9 @@ } } }, - "x-state": "Added in 7.16.0" + "x-state": "Added in 7.16.0", + "x-api-name" : "get_model_snapshot_upgrade_stats", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/model_snapshots": { @@ -25024,7 +25897,9 @@ "$ref": "#/components/responses/ml.get_model_snapshots-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_model_snapshots", + "x-namespace": "ml" }, "post": { "tags": [ @@ -25063,7 +25938,9 @@ "$ref": "#/components/responses/ml.get_model_snapshots-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_model_snapshots", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/results/overall_buckets": { @@ -25108,7 +25985,9 @@ "$ref": "#/components/responses/ml.get_overall_buckets-200" } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "get_overall_buckets", + "x-namespace": "ml" }, "post": { "tags": [ @@ -25151,7 +26030,9 @@ "$ref": "#/components/responses/ml.get_overall_buckets-200" } }, - "x-state": "Added in 6.1.0" + "x-state": "Added in 6.1.0", + "x-api-name" : "get_overall_buckets", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/results/records": { @@ -25199,7 +26080,9 @@ "$ref": "#/components/responses/ml.get_records-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_records", + "x-namespace": "ml" }, "post": { "tags": [ @@ -25245,7 +26128,9 @@ "$ref": "#/components/responses/ml.get_records-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "get_records", + "x-namespace": "ml" } }, "/_ml/trained_models": { @@ -25283,7 +26168,9 @@ "$ref": "#/components/responses/ml.get_trained_models-200" } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "get_trained_models", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}/_stats": { @@ -25313,7 +26200,9 @@ "$ref": "#/components/responses/ml.get_trained_models_stats-200" } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "get_trained_models_stats", + "x-namespace": "ml" } }, "/_ml/trained_models/_stats": { @@ -25340,7 +26229,9 @@ "$ref": "#/components/responses/ml.get_trained_models_stats-200" } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "get_trained_models_stats", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}/_infer": { @@ -25424,7 +26315,9 @@ } } }, - "x-state": "Added in 8.3.0" + "x-state": "Added in 8.3.0", + "x-api-name" : "infer_trained_model", + "x-namespace": "ml" } }, "/_ml/info": { @@ -25467,7 +26360,9 @@ } } }, - "x-state": "Added in 6.3.0" + "x-state": "Added in 6.3.0", + "x-api-name" : "info", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_open": { @@ -25551,7 +26446,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "open_job", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_data": { @@ -25691,7 +26588,9 @@ } }, "deprecated": true, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "post_data", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/_preview": { @@ -25710,7 +26609,9 @@ "$ref": "#/components/responses/ml.preview_data_frame_analytics-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "preview_data_frame_analytics", + "x-namespace": "ml" }, "post": { "tags": [ @@ -25727,7 +26628,9 @@ "$ref": "#/components/responses/ml.preview_data_frame_analytics-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "preview_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/{id}/_preview": { @@ -25751,7 +26654,9 @@ "$ref": "#/components/responses/ml.preview_data_frame_analytics-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "preview_data_frame_analytics", + "x-namespace": "ml" }, "post": { "tags": [ @@ -25773,7 +26678,9 @@ "$ref": "#/components/responses/ml.preview_data_frame_analytics-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "preview_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/datafeeds/{datafeed_id}/_preview": { @@ -25803,7 +26710,9 @@ "$ref": "#/components/responses/ml.preview_datafeed-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "preview_datafeed", + "x-namespace": "ml" }, "post": { "tags": [ @@ -25831,7 +26740,9 @@ "$ref": "#/components/responses/ml.preview_datafeed-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "preview_datafeed", + "x-namespace": "ml" } }, "/_ml/datafeeds/_preview": { @@ -25858,7 +26769,9 @@ "$ref": "#/components/responses/ml.preview_datafeed-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "preview_datafeed", + "x-namespace": "ml" }, "post": { "tags": [ @@ -25883,7 +26796,9 @@ "$ref": "#/components/responses/ml.preview_datafeed-200" } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "preview_datafeed", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}/definition/{part}": { @@ -25958,7 +26873,9 @@ } } }, - "x-state": "Added in 8.0.0" + "x-state": "Added in 8.0.0", + "x-api-name" : "put_trained_model_definition_part", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}/vocabulary": { @@ -26030,7 +26947,9 @@ } } }, - "x-state": "Added in 8.0.0" + "x-state": "Added in 8.0.0", + "x-api-name" : "put_trained_model_vocabulary", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_reset": { @@ -26086,7 +27005,9 @@ } } }, - "x-state": "Added in 7.14.0" + "x-state": "Added in 7.14.0", + "x-api-name" : "reset_job", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/model_snapshots/{snapshot_id}/_revert": { @@ -26166,7 +27087,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "revert_model_snapshot", + "x-namespace": "ml" } }, "/_ml/set_upgrade_mode": { @@ -26211,7 +27134,9 @@ } } }, - "x-state": "Added in 6.7.0" + "x-state": "Added in 6.7.0", + "x-api-name" : "set_upgrade_mode", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/{id}/_start": { @@ -26269,7 +27194,9 @@ } } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "start_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/datafeeds/{datafeed_id}/_start": { @@ -26368,7 +27295,9 @@ } } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "start_datafeed", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}/deployment/_start": { @@ -26506,7 +27435,9 @@ } } }, - "x-state": "Added in 8.0.0" + "x-state": "Added in 8.0.0", + "x-api-name" : "start_trained_model_deployment", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/{id}/_stop": { @@ -26580,7 +27511,9 @@ } } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "stop_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/datafeeds/{datafeed_id}/_stop": { @@ -26676,7 +27609,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "stop_datafeed", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}/deployment/_stop": { @@ -26739,7 +27674,9 @@ } } }, - "x-state": "Added in 8.0.0" + "x-state": "Added in 8.0.0", + "x-api-name" : "stop_trained_model_deployment", + "x-namespace": "ml" } }, "/_ml/data_frame/analytics/{id}/_update": { @@ -26851,7 +27788,9 @@ } } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "update_data_frame_analytics", + "x-namespace": "ml" } }, "/_ml/datafeeds/{datafeed_id}/_update": { @@ -27057,7 +27996,9 @@ } } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "update_datafeed", + "x-namespace": "ml" } }, "/_ml/filters/{filter_id}/_update": { @@ -27142,7 +28083,9 @@ } } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "update_filter", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/_update": { @@ -27340,7 +28283,9 @@ } } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "update_job", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/model_snapshots/{snapshot_id}/_update": { @@ -27419,7 +28364,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "update_model_snapshot", + "x-namespace": "ml" } }, "/_ml/trained_models/{model_id}/deployment/_update": { @@ -27491,7 +28438,9 @@ } }, "x-beta": true, - "x-state": "Added in 8.6.0" + "x-state": "Added in 8.6.0", + "x-api-name" : "update_trained_model_deployment", + "x-namespace": "ml" } }, "/_ml/anomaly_detectors/{job_id}/model_snapshots/{snapshot_id}/_upgrade": { @@ -27571,7 +28520,9 @@ } } }, - "x-state": "Added in 5.4.0" + "x-state": "Added in 5.4.0", + "x-api-name" : "upgrade_job_snapshot", + "x-namespace": "ml" } }, "/_msearch": { @@ -27631,7 +28582,8 @@ "$ref": "#/components/responses/msearch-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name": "msearch" }, "post": { "tags": [ @@ -27689,7 +28641,8 @@ "$ref": "#/components/responses/msearch-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name": "msearch" } }, "/{index}/_msearch": { @@ -27752,7 +28705,8 @@ "$ref": "#/components/responses/msearch-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name": "msearch" }, "post": { "tags": [ @@ -27813,7 +28767,8 @@ "$ref": "#/components/responses/msearch-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name": "msearch" } }, "/_msearch/template": { @@ -27852,7 +28807,8 @@ "$ref": "#/components/responses/msearch_template-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name": "msearch_template" }, "post": { "tags": [ @@ -27889,7 +28845,8 @@ "$ref": "#/components/responses/msearch_template-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name": "msearch_template" } }, "/{index}/_msearch/template": { @@ -27931,7 +28888,8 @@ "$ref": "#/components/responses/msearch_template-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name": "msearch_template" }, "post": { "tags": [ @@ -27971,7 +28929,8 @@ "$ref": "#/components/responses/msearch_template-200" } }, - "x-state": "Added in 5.0.0" + "x-state": "Added in 5.0.0", + "x-api-name": "msearch_template" } }, "/_mtermvectors": { @@ -28027,7 +28986,8 @@ "200": { "$ref": "#/components/responses/mtermvectors-200" } - } + }, + "x-api-name": "mtermvectors" }, "post": { "tags": [ @@ -28081,7 +29041,8 @@ "200": { "$ref": "#/components/responses/mtermvectors-200" } - } + }, + "x-api-name": "mtermvectors" } }, "/{index}/_mtermvectors": { @@ -28140,7 +29101,8 @@ "200": { "$ref": "#/components/responses/mtermvectors-200" } - } + }, + "x-api-name": "mtermvectors" }, "post": { "tags": [ @@ -28197,7 +29159,8 @@ "200": { "$ref": "#/components/responses/mtermvectors-200" } - } + }, + "x-api-name": "mtermvectors" } }, "/_nodes/{node_id}/_repositories_metering/{max_archive_version}": { @@ -28244,7 +29207,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "clear_repositories_metering_archive", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/_repositories_metering": { @@ -28280,7 +29245,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_repositories_metering_info", + "x-namespace": "nodes" } }, "/_nodes/hot_threads": { @@ -28318,7 +29285,9 @@ "200": { "$ref": "#/components/responses/nodes.hot_threads-200" } - } + }, + "x-api-name" : "hot_threads", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/hot_threads": { @@ -28359,7 +29328,9 @@ "200": { "$ref": "#/components/responses/nodes.hot_threads-200" } - } + }, + "x-api-name" : "hot_threads", + "x-namespace": "nodes" } }, "/_nodes": { @@ -28383,7 +29354,9 @@ "$ref": "#/components/responses/nodes.info-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "info", + "x-namespace": "nodes" } }, "/_nodes/{node_id}": { @@ -28410,7 +29383,9 @@ "$ref": "#/components/responses/nodes.info-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "info", + "x-namespace": "nodes" } }, "/_nodes/{metric}": { @@ -28437,7 +29412,9 @@ "$ref": "#/components/responses/nodes.info-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "info", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/{metric}": { @@ -28467,7 +29444,9 @@ "$ref": "#/components/responses/nodes.info-200" } }, - "x-state": "Added in 1.3.0" + "x-state": "Added in 1.3.0", + "x-api-name" : "info", + "x-namespace": "nodes" } }, "/_nodes/reload_secure_settings": { @@ -28491,7 +29470,9 @@ "$ref": "#/components/responses/nodes.reload_secure_settings-200" } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "reload_secure_settings", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/reload_secure_settings": { @@ -28518,7 +29499,9 @@ "$ref": "#/components/responses/nodes.reload_secure_settings-200" } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "reload_secure_settings", + "x-namespace": "nodes" } }, "/_nodes/stats": { @@ -28562,7 +29545,9 @@ "200": { "$ref": "#/components/responses/nodes.stats-200" } - } + }, + "x-api-name" : "stats", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/stats": { @@ -28609,7 +29594,9 @@ "200": { "$ref": "#/components/responses/nodes.stats-200" } - } + }, + "x-api-name" : "stats", + "x-namespace": "nodes" } }, "/_nodes/stats/{metric}": { @@ -28656,7 +29643,9 @@ "200": { "$ref": "#/components/responses/nodes.stats-200" } - } + }, + "x-api-name" : "stats", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/stats/{metric}": { @@ -28706,7 +29695,9 @@ "200": { "$ref": "#/components/responses/nodes.stats-200" } - } + }, + "x-api-name" : "stats", + "x-namespace": "nodes" } }, "/_nodes/stats/{metric}/{index_metric}": { @@ -28756,7 +29747,9 @@ "200": { "$ref": "#/components/responses/nodes.stats-200" } - } + }, + "x-api-name" : "stats", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/stats/{metric}/{index_metric}": { @@ -28809,7 +29802,9 @@ "200": { "$ref": "#/components/responses/nodes.stats-200" } - } + }, + "x-api-name" : "stats", + "x-namespace": "nodes" } }, "/_nodes/usage": { @@ -28829,7 +29824,9 @@ "$ref": "#/components/responses/nodes.usage-200" } }, - "x-state": "Added in 6.0.0" + "x-state": "Added in 6.0.0", + "x-api-name" : "usage", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/usage": { @@ -28852,7 +29849,9 @@ "$ref": "#/components/responses/nodes.usage-200" } }, - "x-state": "Added in 6.0.0" + "x-state": "Added in 6.0.0", + "x-api-name" : "usage", + "x-namespace": "nodes" } }, "/_nodes/usage/{metric}": { @@ -28875,7 +29874,9 @@ "$ref": "#/components/responses/nodes.usage-200" } }, - "x-state": "Added in 6.0.0" + "x-state": "Added in 6.0.0", + "x-api-name" : "usage", + "x-namespace": "nodes" } }, "/_nodes/{node_id}/usage/{metric}": { @@ -28901,7 +29902,9 @@ "$ref": "#/components/responses/nodes.usage-200" } }, - "x-state": "Added in 6.0.0" + "x-state": "Added in 6.0.0", + "x-api-name" : "usage", + "x-namespace": "nodes" } }, "/{index}/_pit": { @@ -29040,7 +30043,8 @@ } } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name": "open_point_in_time" } }, "/_scripts/{id}/{context}": { @@ -29078,7 +30082,8 @@ "200": { "$ref": "#/components/responses/put_script-200" } - } + }, + "x-api-name": "put_script" }, "post": { "tags": [ @@ -29114,7 +30119,8 @@ "200": { "$ref": "#/components/responses/put_script-200" } - } + }, + "x-api-name": "put_script" } }, "/_query_rules/{ruleset_id}/_rule/{rule_id}": { @@ -29170,7 +30176,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "get_rule", + "x-namespace": "query_rules" }, "put": { "tags": [ @@ -29269,7 +30277,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "put_rule", + "x-namespace": "query_rules" }, "delete": { "tags": [ @@ -29314,7 +30324,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "delete_rule", + "x-namespace": "query_rules" } }, "/_query_rules/{ruleset_id}": { @@ -29356,7 +30368,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "get_ruleset", + "x-namespace": "query_rules" }, "put": { "tags": [ @@ -29435,7 +30449,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "put_ruleset", + "x-namespace": "query_rules" }, "delete": { "tags": [ @@ -29469,7 +30485,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "delete_ruleset", + "x-namespace": "query_rules" } }, "/_query_rules": { @@ -29535,7 +30553,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "list_rulesets", + "x-namespace": "query_rules" } }, "/_query_rules/{ruleset_id}/_test": { @@ -29620,7 +30640,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "test", + "x-namespace": "query_rules" } }, "/_rank_eval": { @@ -29653,7 +30675,8 @@ "$ref": "#/components/responses/rank_eval-200" } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name": "rank_eval" }, "post": { "tags": [ @@ -29684,7 +30707,8 @@ "$ref": "#/components/responses/rank_eval-200" } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name": "rank_eval" } }, "/{index}/_rank_eval": { @@ -29720,7 +30744,8 @@ "$ref": "#/components/responses/rank_eval-200" } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name": "rank_eval" }, "post": { "tags": [ @@ -29754,7 +30779,8 @@ "$ref": "#/components/responses/rank_eval-200" } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name": "rank_eval" } }, "/_reindex": { @@ -30024,7 +31050,8 @@ } } }, - "x-state": "Added in 2.3.0" + "x-state": "Added in 2.3.0", + "x-api-name": "reindex" } }, "/_reindex/{task_id}/_rethrottle": { @@ -30081,7 +31108,8 @@ } } }, - "x-state": "Added in 2.4.0" + "x-state": "Added in 2.4.0", + "x-api-name": "reindex_rethrottle" } }, "/_render/template": { @@ -30099,7 +31127,8 @@ "200": { "$ref": "#/components/responses/render_search_template-200" } - } + }, + "x-api-name": "render_search_template" }, "post": { "tags": [ @@ -30115,7 +31144,8 @@ "200": { "$ref": "#/components/responses/render_search_template-200" } - } + }, + "x-api-name": "render_search_template" } }, "/_render/template/{id}": { @@ -30138,7 +31168,8 @@ "200": { "$ref": "#/components/responses/render_search_template-200" } - } + }, + "x-api-name": "render_search_template" }, "post": { "tags": [ @@ -30159,7 +31190,8 @@ "200": { "$ref": "#/components/responses/render_search_template-200" } - } + }, + "x-api-name": "render_search_template" } }, "/_rollup/job/{id}": { @@ -30181,7 +31213,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_jobs", + "x-namespace": "rollup" }, "put": { "tags": [ @@ -30277,7 +31311,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "put_job", + "x-namespace": "rollup" }, "delete": { "tags": [ @@ -30332,7 +31368,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "delete_job", + "x-namespace": "rollup" } }, "/_rollup/job": { @@ -30349,7 +31387,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_jobs", + "x-namespace": "rollup" } }, "/_rollup/data/{id}": { @@ -30371,7 +31411,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_rollup_caps", + "x-namespace": "rollup" } }, "/_rollup/data": { @@ -30388,7 +31430,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_rollup_caps", + "x-namespace": "rollup" } }, "/{index}/_rollup/data": { @@ -30434,7 +31478,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_rollup_index_caps", + "x-namespace": "rollup" } }, "/{index}/_rollup_search": { @@ -30465,7 +31511,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "rollup_search", + "x-namespace": "rollup" }, "post": { "tags": [ @@ -30494,7 +31542,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "rollup_search", + "x-namespace": "rollup" } }, "/_rollup/job/{id}/_start": { @@ -30545,7 +31595,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "start_job", + "x-namespace": "rollup" } }, "/_rollup/job/{id}/_stop": { @@ -30610,7 +31662,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "stop_job", + "x-namespace": "rollup" } }, "/_scripts/painless/_execute": { @@ -30629,7 +31683,8 @@ "$ref": "#/components/responses/scripts_painless_execute-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name": "scripts_painless_execute" }, "post": { "tags": [ @@ -30646,7 +31701,8 @@ "$ref": "#/components/responses/scripts_painless_execute-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name": "scripts_painless_execute" } }, "/_search": { @@ -30798,7 +31854,8 @@ "200": { "$ref": "#/components/responses/search-200" } - } + }, + "x-api-name": "search" }, "post": { "tags": [ @@ -30948,7 +32005,8 @@ "200": { "$ref": "#/components/responses/search-200" } - } + }, + "x-api-name": "search" } }, "/{index}/_search": { @@ -31103,7 +32161,8 @@ "200": { "$ref": "#/components/responses/search-200" } - } + }, + "x-api-name": "search" }, "post": { "tags": [ @@ -31256,7 +32315,8 @@ "200": { "$ref": "#/components/responses/search-200" } - } + }, + "x-api-name": "search" } }, "/_application/search_application/{name}": { @@ -31297,7 +32357,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "get", + "x-namespace": "search_application" }, "put": { "tags": [ @@ -31364,7 +32426,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "put", + "x-namespace": "search_application" }, "delete": { "tags": [ @@ -31398,7 +32462,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "delete", + "x-namespace": "search_application" } }, "/_application/analytics/{name}": { @@ -31419,7 +32485,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_behavioral_analytics", + "x-namespace": "search_application" }, "put": { "tags": [ @@ -31453,7 +32521,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "put_behavioral_analytics", + "x-namespace": "search_application" }, "delete": { "tags": [ @@ -31488,7 +32558,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "delete_behavioral_analytics", + "x-namespace": "search_application" } }, "/_application/analytics": { @@ -31504,7 +32576,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get_behavioral_analytics", + "x-namespace": "search_application" } }, "/_application/search_application": { @@ -31580,7 +32654,9 @@ } } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "list", + "x-namespace": "search_application" } }, "/_application/analytics/{collection_name}/event/{event_type}": { @@ -31667,7 +32743,9 @@ } }, "deprecated": true, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "post_behavioral_analytics_event", + "x-namespace": "search_application" } }, "/_application/search_application/{name}/_render_query": { @@ -31732,7 +32810,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "render_query", + "x-namespace": "search_application" } }, "/_application/search_application/{name}/_search": { @@ -31759,7 +32839,9 @@ "$ref": "#/components/responses/search_application.search-200" } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "search", + "x-namespace": "search_application" }, "post": { "tags": [ @@ -31784,7 +32866,9 @@ "$ref": "#/components/responses/search_application.search-200" } }, - "x-beta": true + "x-beta": true, + "x-api-name" : "search", + "x-namespace": "search_application" } }, "/{index}/_mvt/{field}/{zoom}/{x}/{y}": { @@ -31844,7 +32928,8 @@ "$ref": "#/components/responses/search_mvt-200" } }, - "x-state": "Added in 7.15.0" + "x-state": "Added in 7.15.0", + "x-api-name": "search_mvt" }, "post": { "tags": [ @@ -31902,7 +32987,8 @@ "$ref": "#/components/responses/search_mvt-200" } }, - "x-state": "Added in 7.15.0" + "x-state": "Added in 7.15.0", + "x-api-name": "search_mvt" } }, "/_search_shards": { @@ -31940,7 +33026,8 @@ "200": { "$ref": "#/components/responses/search_shards-200" } - } + }, + "x-api-name": "search_shards" }, "post": { "tags": [ @@ -31976,7 +33063,8 @@ "200": { "$ref": "#/components/responses/search_shards-200" } - } + }, + "x-api-name": "search_shards" } }, "/{index}/_search_shards": { @@ -32017,7 +33105,8 @@ "200": { "$ref": "#/components/responses/search_shards-200" } - } + }, + "x-api-name": "search_shards" }, "post": { "tags": [ @@ -32056,7 +33145,8 @@ "200": { "$ref": "#/components/responses/search_shards-200" } - } + }, + "x-api-name": "search_shards" } }, "/_search/template": { @@ -32118,7 +33208,8 @@ "$ref": "#/components/responses/search_template-200" } }, - "x-state": "Added in 2.0.0" + "x-state": "Added in 2.0.0", + "x-api-name": "search_template" }, "post": { "tags": [ @@ -32178,7 +33269,8 @@ "$ref": "#/components/responses/search_template-200" } }, - "x-state": "Added in 2.0.0" + "x-state": "Added in 2.0.0", + "x-api-name": "search_template" } }, "/{index}/_search/template": { @@ -32243,7 +33335,8 @@ "$ref": "#/components/responses/search_template-200" } }, - "x-state": "Added in 2.0.0" + "x-state": "Added in 2.0.0", + "x-api-name": "search_template" }, "post": { "tags": [ @@ -32306,7 +33399,8 @@ "$ref": "#/components/responses/search_template-200" } }, - "x-state": "Added in 2.0.0" + "x-state": "Added in 2.0.0", + "x-api-name": "search_template" } }, "/_searchable_snapshots/cache/stats": { @@ -32330,7 +33424,9 @@ "$ref": "#/components/responses/searchable_snapshots.cache_stats-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "cache_stats", + "x-namespace": "searchable_snapshots" } }, "/_searchable_snapshots/{node_id}/cache/stats": { @@ -32357,7 +33453,9 @@ "$ref": "#/components/responses/searchable_snapshots.cache_stats-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "cache_stats", + "x-namespace": "searchable_snapshots" } }, "/_searchable_snapshots/cache/clear": { @@ -32387,7 +33485,9 @@ "$ref": "#/components/responses/searchable_snapshots.clear_cache-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "clear_cache", + "x-namespace": "searchable_snapshots" } }, "/{index}/_searchable_snapshots/cache/clear": { @@ -32420,7 +33520,9 @@ "$ref": "#/components/responses/searchable_snapshots.clear_cache-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "clear_cache", + "x-namespace": "searchable_snapshots" } }, "/_snapshot/{repository}/{snapshot}/_mount": { @@ -32546,7 +33648,9 @@ } } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "mount", + "x-namespace": "searchable_snapshots" } }, "/_searchable_snapshots/stats": { @@ -32566,7 +33670,9 @@ "$ref": "#/components/responses/searchable_snapshots.stats-200" } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "stats", + "x-namespace": "searchable_snapshots" } }, "/{index}/_searchable_snapshots/stats": { @@ -32589,7 +33695,9 @@ "$ref": "#/components/responses/searchable_snapshots.stats-200" } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "stats", + "x-namespace": "searchable_snapshots" } }, "/_security/profile/_activate": { @@ -32654,7 +33762,9 @@ } } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "activate_user_profile", + "x-namespace": "security" } }, "/_security/_authenticate": { @@ -32746,7 +33856,9 @@ } } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "authenticate", + "x-namespace": "security" } }, "/_security/role": { @@ -32761,7 +33873,9 @@ "200": { "$ref": "#/components/responses/security.get_role-200" } - } + }, + "x-api-name" : "get_role", + "x-namespace": "security" }, "post": { "tags": [ @@ -32871,7 +33985,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "bulk_put_role", + "x-namespace": "security" }, "delete": { "tags": [ @@ -32969,7 +34085,9 @@ } } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "bulk_delete_role", + "x-namespace": "security" } }, "/_security/api_key/_bulk_update": { @@ -33071,7 +34189,9 @@ } } }, - "x-state": "Added in 8.5.0" + "x-state": "Added in 8.5.0", + "x-api-name" : "bulk_update_api_keys", + "x-namespace": "security" } }, "/_security/user/{username}/_password": { @@ -33097,7 +34217,9 @@ "200": { "$ref": "#/components/responses/security.change_password-200" } - } + }, + "x-api-name" : "change_password", + "x-namespace": "security" }, "post": { "tags": [ @@ -33121,7 +34243,9 @@ "200": { "$ref": "#/components/responses/security.change_password-200" } - } + }, + "x-api-name" : "change_password", + "x-namespace": "security" } }, "/_security/user/_password": { @@ -33144,7 +34268,9 @@ "200": { "$ref": "#/components/responses/security.change_password-200" } - } + }, + "x-api-name" : "change_password", + "x-namespace": "security" }, "post": { "tags": [ @@ -33165,7 +34291,9 @@ "200": { "$ref": "#/components/responses/security.change_password-200" } - } + }, + "x-api-name" : "change_password", + "x-namespace": "security" } }, "/_security/api_key/{ids}/_clear_cache": { @@ -33220,7 +34348,9 @@ } } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "clear_api_key_cache", + "x-namespace": "security" } }, "/_security/privilege/{application}/_clear_cache": { @@ -33275,7 +34405,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "clear_cached_privileges", + "x-namespace": "security" } }, "/_security/realm/{realms}/_clear_cache": { @@ -33345,7 +34477,9 @@ } } } - } + }, + "x-api-name" : "clear_cached_realms", + "x-namespace": "security" } }, "/_security/role/{name}/_clear_cache": { @@ -33399,7 +34533,9 @@ } } } - } + }, + "x-api-name" : "clear_cached_roles", + "x-namespace": "security" } }, "/_security/service/{namespace}/{service}/credential/token/{name}/_clear_cache": { @@ -33478,7 +34614,9 @@ } } } - } + }, + "x-api-name" : "clear_cached_service_tokens", + "x-namespace": "security" } }, "/_security/api_key": { @@ -33606,7 +34744,9 @@ } } }, - "x-state": "Added in 6.7.0" + "x-state": "Added in 6.7.0", + "x-api-name" : "get_api_key", + "x-namespace": "security" }, "put": { "tags": [ @@ -33631,7 +34771,9 @@ "$ref": "#/components/responses/security.create_api_key-200" } }, - "x-state": "Added in 6.7.0" + "x-state": "Added in 6.7.0", + "x-api-name" : "create_api_key", + "x-namespace": "security" }, "post": { "tags": [ @@ -33656,7 +34798,9 @@ "$ref": "#/components/responses/security.create_api_key-200" } }, - "x-state": "Added in 6.7.0" + "x-state": "Added in 6.7.0", + "x-api-name" : "create_api_key", + "x-namespace": "security" }, "delete": { "tags": [ @@ -33783,7 +34927,9 @@ } } }, - "x-state": "Added in 6.7.0" + "x-state": "Added in 6.7.0", + "x-api-name" : "invalidate_api_key", + "x-namespace": "security" } }, "/_security/cross_cluster/api_key": { @@ -33873,7 +35019,9 @@ } } } - } + }, + "x-api-name" : "create_cross_cluster_api_key", + "x-namespace": "security" } }, "/_security/service/{namespace}/{service}/credential/token/{name}": { @@ -33905,7 +35053,9 @@ "200": { "$ref": "#/components/responses/security.create_service_token-200" } - } + }, + "x-api-name" : "create_service_token", + "x-namespace": "security" }, "post": { "tags": [ @@ -33935,7 +35085,9 @@ "200": { "$ref": "#/components/responses/security.create_service_token-200" } - } + }, + "x-api-name" : "create_service_token", + "x-namespace": "security" }, "delete": { "tags": [ @@ -34019,7 +35171,9 @@ } } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "delete_service_token", + "x-namespace": "security" } }, "/_security/service/{namespace}/{service}/credential/token": { @@ -34048,7 +35202,9 @@ "200": { "$ref": "#/components/responses/security.create_service_token-200" } - } + }, + "x-api-name" : "create_service_token", + "x-namespace": "security" } }, "/_security/delegate_pki": { @@ -34130,7 +35286,9 @@ } } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "delegate_pki", + "x-namespace": "security" } }, "/_security/privilege/{application}/{name}": { @@ -34157,7 +35315,9 @@ "$ref": "#/components/responses/security.get_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "get_privileges", + "x-namespace": "security" }, "delete": { "tags": [ @@ -34227,7 +35387,9 @@ } } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "delete_privileges", + "x-namespace": "security" } }, "/_security/role/{name}": { @@ -34247,7 +35409,9 @@ "200": { "$ref": "#/components/responses/security.get_role-200" } - } + }, + "x-api-name" : "get_role", + "x-namespace": "security" }, "put": { "tags": [ @@ -34274,7 +35438,9 @@ "200": { "$ref": "#/components/responses/security.put_role-200" } - } + }, + "x-api-name" : "put_role", + "x-namespace": "security" }, "post": { "tags": [ @@ -34301,7 +35467,9 @@ "200": { "$ref": "#/components/responses/security.put_role-200" } - } + }, + "x-api-name" : "put_role", + "x-namespace": "security" }, "delete": { "tags": [ @@ -34359,7 +35527,9 @@ } } } - } + }, + "x-api-name" : "delete_role", + "x-namespace": "security" } }, "/_security/role_mapping/{name}": { @@ -34383,7 +35553,9 @@ "$ref": "#/components/responses/security.get_role_mapping-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_role_mapping", + "x-namespace": "security" }, "put": { "tags": [ @@ -34411,7 +35583,9 @@ "$ref": "#/components/responses/security.put_role_mapping-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "put_role_mapping", + "x-namespace": "security" }, "post": { "tags": [ @@ -34439,7 +35613,9 @@ "$ref": "#/components/responses/security.put_role_mapping-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "put_role_mapping", + "x-namespace": "security" }, "delete": { "tags": [ @@ -34501,7 +35677,9 @@ } } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "delete_role_mapping", + "x-namespace": "security" } }, "/_security/user/{username}": { @@ -34524,7 +35702,9 @@ "200": { "$ref": "#/components/responses/security.get_user-200" } - } + }, + "x-api-name" : "get_user", + "x-namespace": "security" }, "put": { "tags": [ @@ -34548,7 +35728,9 @@ "200": { "$ref": "#/components/responses/security.put_user-200" } - } + }, + "x-api-name" : "put_user", + "x-namespace": "security" }, "post": { "tags": [ @@ -34572,7 +35754,9 @@ "200": { "$ref": "#/components/responses/security.put_user-200" } - } + }, + "x-api-name" : "put_user", + "x-namespace": "security" }, "delete": { "tags": [ @@ -34630,7 +35814,9 @@ } } } - } + }, + "x-api-name" : "delete_user", + "x-namespace": "security" } }, "/_security/user/{username}/_disable": { @@ -34653,7 +35839,9 @@ "200": { "$ref": "#/components/responses/security.disable_user-200" } - } + }, + "x-api-name" : "disable_user", + "x-namespace": "security" }, "post": { "tags": [ @@ -34674,7 +35862,9 @@ "200": { "$ref": "#/components/responses/security.disable_user-200" } - } + }, + "x-api-name" : "disable_user", + "x-namespace": "security" } }, "/_security/profile/{uid}/_disable": { @@ -34698,7 +35888,9 @@ "$ref": "#/components/responses/security.disable_user_profile-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "disable_user_profile", + "x-namespace": "security" }, "post": { "tags": [ @@ -34720,7 +35912,9 @@ "$ref": "#/components/responses/security.disable_user_profile-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "disable_user_profile", + "x-namespace": "security" } }, "/_security/user/{username}/_enable": { @@ -34743,7 +35937,9 @@ "200": { "$ref": "#/components/responses/security.enable_user-200" } - } + }, + "x-api-name" : "enable_user", + "x-namespace": "security" }, "post": { "tags": [ @@ -34764,7 +35960,9 @@ "200": { "$ref": "#/components/responses/security.enable_user-200" } - } + }, + "x-api-name" : "enable_user", + "x-namespace": "security" } }, "/_security/profile/{uid}/_enable": { @@ -34788,7 +35986,9 @@ "$ref": "#/components/responses/security.enable_user_profile-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "enable_user_profile", + "x-namespace": "security" }, "post": { "tags": [ @@ -34810,7 +36010,9 @@ "$ref": "#/components/responses/security.enable_user_profile-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "enable_user_profile", + "x-namespace": "security" } }, "/_security/enroll/kibana": { @@ -34852,7 +36054,9 @@ } } }, - "x-state": "Added in 8.0.0" + "x-state": "Added in 8.0.0", + "x-api-name" : "enroll_kibana", + "x-namespace": "security" } }, "/_security/enroll/node": { @@ -34918,7 +36122,9 @@ } } }, - "x-state": "Added in 8.0.0" + "x-state": "Added in 8.0.0", + "x-api-name" : "enroll_node", + "x-namespace": "security" } }, "/_security/privilege/_builtin": { @@ -34978,7 +36184,9 @@ } } }, - "x-state": "Added in 7.3.0" + "x-state": "Added in 7.3.0", + "x-api-name" : "get_builtin_privileges", + "x-namespace": "security" } }, "/_security/privilege": { @@ -34997,7 +36205,9 @@ "$ref": "#/components/responses/security.get_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "get_privileges", + "x-namespace": "security" }, "put": { "tags": [ @@ -35022,7 +36232,9 @@ "$ref": "#/components/responses/security.put_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "put_privileges", + "x-namespace": "security" }, "post": { "tags": [ @@ -35047,7 +36259,9 @@ "$ref": "#/components/responses/security.put_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "put_privileges", + "x-namespace": "security" } }, "/_security/privilege/{application}": { @@ -35071,7 +36285,9 @@ "$ref": "#/components/responses/security.get_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "get_privileges", + "x-namespace": "security" } }, "/_security/role_mapping": { @@ -35090,7 +36306,9 @@ "$ref": "#/components/responses/security.get_role_mapping-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_role_mapping", + "x-namespace": "security" } }, "/_security/service/{namespace}/{service}": { @@ -35117,7 +36335,9 @@ "$ref": "#/components/responses/security.get_service_accounts-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "get_service_accounts", + "x-namespace": "security" } }, "/_security/service/{namespace}": { @@ -35141,7 +36361,9 @@ "$ref": "#/components/responses/security.get_service_accounts-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "get_service_accounts", + "x-namespace": "security" } }, "/_security/service": { @@ -35160,7 +36382,9 @@ "$ref": "#/components/responses/security.get_service_accounts-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "get_service_accounts", + "x-namespace": "security" } }, "/_security/service/{namespace}/{service}/credential": { @@ -35239,7 +36463,9 @@ } } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "get_service_credentials", + "x-namespace": "security" } }, "/_security/settings": { @@ -35289,7 +36515,9 @@ } } } - } + }, + "x-api-name" : "get_settings", + "x-namespace": "security" }, "put": { "tags": [ @@ -35366,7 +36594,9 @@ } } } - } + }, + "x-api-name" : "update_settings", + "x-namespace": "security" } }, "/_security/oauth2/token": { @@ -35478,7 +36708,9 @@ } } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "get_token", + "x-namespace": "security" }, "delete": { "tags": [ @@ -35584,7 +36816,9 @@ } } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "invalidate_token", + "x-namespace": "security" } }, "/_security/user": { @@ -35604,7 +36838,9 @@ "200": { "$ref": "#/components/responses/security.get_user-200" } - } + }, + "x-api-name" : "get_user", + "x-namespace": "security" } }, "/_security/user/_privileges": { @@ -35723,7 +36959,9 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name" : "get_user_privileges", + "x-namespace": "security" } }, "/_security/profile/{uid}": { @@ -35821,7 +37059,9 @@ } } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "get_user_profile", + "x-namespace": "security" } }, "/_security/api_key/grant": { @@ -35914,7 +37154,9 @@ } } }, - "x-state": "Added in 7.9.0" + "x-state": "Added in 7.9.0", + "x-api-name" : "grant_api_key", + "x-namespace": "security" } }, "/_security/user/_has_privileges": { @@ -35936,7 +37178,9 @@ "$ref": "#/components/responses/security.has_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "has_privileges", + "x-namespace": "security" }, "post": { "tags": [ @@ -35956,7 +37200,9 @@ "$ref": "#/components/responses/security.has_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "has_privileges", + "x-namespace": "security" } }, "/_security/user/{user}/_has_privileges": { @@ -35983,7 +37229,9 @@ "$ref": "#/components/responses/security.has_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "has_privileges", + "x-namespace": "security" }, "post": { "tags": [ @@ -36008,7 +37256,9 @@ "$ref": "#/components/responses/security.has_privileges-200" } }, - "x-state": "Added in 6.4.0" + "x-state": "Added in 6.4.0", + "x-api-name" : "has_privileges", + "x-namespace": "security" } }, "/_security/profile/_has_privileges": { @@ -36030,7 +37280,9 @@ "$ref": "#/components/responses/security.has_privileges_user_profile-200" } }, - "x-state": "Added in 8.3.0" + "x-state": "Added in 8.3.0", + "x-api-name" : "has_privileges_user_profile", + "x-namespace": "security" }, "post": { "tags": [ @@ -36050,7 +37302,9 @@ "$ref": "#/components/responses/security.has_privileges_user_profile-200" } }, - "x-state": "Added in 8.3.0" + "x-state": "Added in 8.3.0", + "x-api-name" : "has_privileges_user_profile", + "x-namespace": "security" } }, "/_security/oidc/authenticate": { @@ -36141,7 +37395,9 @@ } } } - } + }, + "x-api-name" : "oidc_authenticate", + "x-namespace": "security" } }, "/_security/oidc/logout": { @@ -36207,7 +37463,9 @@ } } } - } + }, + "x-api-name" : "oidc_logout", + "x-namespace": "security" } }, "/_security/oidc/prepare": { @@ -36305,7 +37563,9 @@ } } } - } + }, + "x-api-name" : "oidc_prepare_authentication", + "x-namespace": "security" } }, "/_security/_query/api_key": { @@ -36335,7 +37595,9 @@ "$ref": "#/components/responses/security.query_api_keys-200" } }, - "x-state": "Added in 7.15.0" + "x-state": "Added in 7.15.0", + "x-api-name" : "query_api_keys", + "x-namespace": "security" }, "post": { "tags": [ @@ -36363,7 +37625,9 @@ "$ref": "#/components/responses/security.query_api_keys-200" } }, - "x-state": "Added in 7.15.0" + "x-state": "Added in 7.15.0", + "x-api-name" : "query_api_keys", + "x-namespace": "security" } }, "/_security/_query/role": { @@ -36382,7 +37646,9 @@ "$ref": "#/components/responses/security.query_role-200" } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "query_role", + "x-namespace": "security" }, "post": { "tags": [ @@ -36399,7 +37665,9 @@ "$ref": "#/components/responses/security.query_role-200" } }, - "x-state": "Added in 8.15.0" + "x-state": "Added in 8.15.0", + "x-api-name" : "query_role", + "x-namespace": "security" } }, "/_security/_query/user": { @@ -36423,7 +37691,9 @@ "$ref": "#/components/responses/security.query_user-200" } }, - "x-state": "Added in 8.14.0" + "x-state": "Added in 8.14.0", + "x-api-name" : "query_user", + "x-namespace": "security" }, "post": { "tags": [ @@ -36445,7 +37715,9 @@ "$ref": "#/components/responses/security.query_user-200" } }, - "x-state": "Added in 8.14.0" + "x-state": "Added in 8.14.0", + "x-api-name" : "query_user", + "x-namespace": "security" } }, "/_security/saml/authenticate": { @@ -36539,7 +37811,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "saml_authenticate", + "x-namespace": "security" } }, "/_security/saml/complete_logout": { @@ -36604,7 +37878,9 @@ } } }, - "x-state": "Added in 7.14.0" + "x-state": "Added in 7.14.0", + "x-api-name" : "saml_complete_logout", + "x-namespace": "security" } }, "/_security/saml/invalidate": { @@ -36688,7 +37964,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "saml_invalidate", + "x-namespace": "security" } }, "/_security/saml/logout": { @@ -36758,7 +38036,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "saml_logout", + "x-namespace": "security" } }, "/_security/saml/prepare": { @@ -36844,7 +38124,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "saml_prepare_authentication", + "x-namespace": "security" } }, "/_security/saml/metadata/{realm_name}": { @@ -36895,7 +38177,9 @@ } } }, - "x-state": "Added in 7.11.0" + "x-state": "Added in 7.11.0", + "x-api-name" : "saml_service_provider_metadata", + "x-namespace": "security" } }, "/_security/profile/_suggest": { @@ -36919,7 +38203,9 @@ "$ref": "#/components/responses/security.suggest_user_profiles-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "suggest_user_profiles", + "x-namespace": "security" }, "post": { "tags": [ @@ -36941,7 +38227,9 @@ "$ref": "#/components/responses/security.suggest_user_profiles-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "suggest_user_profiles", + "x-namespace": "security" } }, "/_security/api_key/{id}": { @@ -37029,7 +38317,9 @@ } } }, - "x-state": "Added in 8.4.0" + "x-state": "Added in 8.4.0", + "x-api-name" : "update_api_key", + "x-namespace": "security" } }, "/_security/cross_cluster/api_key/{id}": { @@ -37112,7 +38402,9 @@ } } } - } + }, + "x-api-name" : "update_cross_cluster_api_key", + "x-namespace": "security" } }, "/_security/profile/{uid}/_data": { @@ -37145,7 +38437,9 @@ "$ref": "#/components/responses/security.update_user_profile_data-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "update_user_profile_data", + "x-namespace": "security" }, "post": { "tags": [ @@ -37176,7 +38470,9 @@ "$ref": "#/components/responses/security.update_user_profile_data-200" } }, - "x-state": "Added in 8.2.0" + "x-state": "Added in 8.2.0", + "x-api-name" : "update_user_profile_data", + "x-namespace": "security" } }, "/_nodes/{node_id}/shutdown": { @@ -37200,7 +38496,9 @@ "$ref": "#/components/responses/shutdown.get_node-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "get_node", + "x-namespace": "shutdown" }, "put": { "tags": [ @@ -37291,7 +38589,9 @@ } } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "put_node", + "x-namespace": "shutdown" }, "delete": { "tags": [ @@ -37351,7 +38651,9 @@ } } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "delete_node", + "x-namespace": "shutdown" } }, "/_nodes/shutdown": { @@ -37372,7 +38674,9 @@ "$ref": "#/components/responses/shutdown.get_node-200" } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "get_node", + "x-namespace": "shutdown" } }, "/_ingest/_simulate": { @@ -37396,7 +38700,9 @@ "$ref": "#/components/responses/simulate.ingest-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "ingest", + "x-namespace": "simulate" }, "post": { "tags": [ @@ -37418,7 +38724,9 @@ "$ref": "#/components/responses/simulate.ingest-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "ingest", + "x-namespace": "simulate" } }, "/_ingest/{index}/_simulate": { @@ -37445,7 +38753,9 @@ "$ref": "#/components/responses/simulate.ingest-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "ingest", + "x-namespace": "simulate" }, "post": { "tags": [ @@ -37470,7 +38780,9 @@ "$ref": "#/components/responses/simulate.ingest-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "ingest", + "x-namespace": "simulate" } }, "/_slm/policy/{policy_id}": { @@ -37497,7 +38809,9 @@ "$ref": "#/components/responses/slm.get_lifecycle-200" } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "get_lifecycle", + "x-namespace": "slm" }, "put": { "tags": [ @@ -37590,7 +38904,9 @@ } } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "put_lifecycle", + "x-namespace": "slm" }, "delete": { "tags": [ @@ -37644,7 +38960,9 @@ } } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "delete_lifecycle", + "x-namespace": "slm" } }, "/_slm/policy/{policy_id}/_execute": { @@ -37714,7 +39032,9 @@ } } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "execute_lifecycle", + "x-namespace": "slm" } }, "/_slm/_execute_retention": { @@ -37759,7 +39079,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "execute_retention", + "x-namespace": "slm" } }, "/_slm/policy": { @@ -37783,7 +39105,9 @@ "$ref": "#/components/responses/slm.get_lifecycle-200" } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "get_lifecycle", + "x-namespace": "slm" } }, "/_slm/stats": { @@ -37881,7 +39205,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "get_stats", + "x-namespace": "slm" } }, "/_slm/status": { @@ -37939,7 +39265,9 @@ } } }, - "x-state": "Added in 7.6.0" + "x-state": "Added in 7.6.0", + "x-api-name" : "get_status", + "x-namespace": "slm" } }, "/_slm/start": { @@ -37990,7 +39318,9 @@ } } }, - "x-state": "Added in 7.6.0" + "x-state": "Added in 7.6.0", + "x-api-name" : "start", + "x-namespace": "slm" } }, "/_slm/stop": { @@ -38035,7 +39365,9 @@ } } }, - "x-state": "Added in 7.6.0" + "x-state": "Added in 7.6.0", + "x-api-name" : "stop", + "x-namespace": "slm" } }, "/_snapshot/{repository}/_cleanup": { @@ -38108,7 +39440,9 @@ } } }, - "x-state": "Added in 7.4.0" + "x-state": "Added in 7.4.0", + "x-api-name" : "cleanup_repository", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}/{snapshot}/_clone/{target_snapshot}": { @@ -38201,7 +39535,9 @@ } } }, - "x-state": "Added in 7.10.0" + "x-state": "Added in 7.10.0", + "x-api-name" : "clone", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}/{snapshot}": { @@ -38414,7 +39750,9 @@ } } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "get", + "x-namespace": "snapshot" }, "put": { "tags": [ @@ -38448,7 +39786,9 @@ "$ref": "#/components/responses/snapshot.create-200" } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "create", + "x-namespace": "snapshot" }, "post": { "tags": [ @@ -38482,7 +39822,9 @@ "$ref": "#/components/responses/snapshot.create-200" } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "create", + "x-namespace": "snapshot" }, "delete": { "tags": [ @@ -38541,7 +39883,9 @@ } } } - } + }, + "x-api-name" : "delete", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}": { @@ -38567,7 +39911,9 @@ "$ref": "#/components/responses/snapshot.get_repository-200" } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "get_repository", + "x-namespace": "snapshot" }, "put": { "tags": [ @@ -38601,7 +39947,9 @@ "$ref": "#/components/responses/snapshot.create_repository-200" } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "create_repository", + "x-namespace": "snapshot" }, "post": { "tags": [ @@ -38635,7 +39983,9 @@ "$ref": "#/components/responses/snapshot.create_repository-200" } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "create_repository", + "x-namespace": "snapshot" }, "delete": { "tags": [ @@ -38689,7 +40039,9 @@ } } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "delete_repository", + "x-namespace": "snapshot" } }, "/_snapshot": { @@ -38712,7 +40064,9 @@ "$ref": "#/components/responses/snapshot.get_repository-200" } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "get_repository", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}/_analyze": { @@ -38966,7 +40320,9 @@ } } }, - "x-state": "Added in 7.12.0" + "x-state": "Added in 7.12.0", + "x-api-name" : "repository_analyze", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}/_verify_integrity": { @@ -39082,7 +40438,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "repository_verify_integrity", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}/{snapshot}/_restore": { @@ -39233,7 +40591,9 @@ } } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "restore", + "x-namespace": "snapshot" } }, "/_snapshot/_status": { @@ -39257,7 +40617,9 @@ "$ref": "#/components/responses/snapshot.status-200" } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "status", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}/_status": { @@ -39284,7 +40646,9 @@ "$ref": "#/components/responses/snapshot.status-200" } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "status", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}/{snapshot}/_status": { @@ -39314,7 +40678,9 @@ "$ref": "#/components/responses/snapshot.status-200" } }, - "x-state": "Added in 7.8.0" + "x-state": "Added in 7.8.0", + "x-api-name" : "status", + "x-namespace": "snapshot" } }, "/_snapshot/{repository}/_verify": { @@ -39385,7 +40751,9 @@ } } }, - "x-state": "Added in 0.0.0" + "x-state": "Added in 0.0.0", + "x-api-name" : "verify_repository", + "x-namespace": "snapshot" } }, "/_sql/close": { @@ -39440,7 +40808,9 @@ } } }, - "x-state": "Added in 6.3.0" + "x-state": "Added in 6.3.0", + "x-api-name" : "clear_cursor", + "x-namespace": "sql" } }, "/_sql/async/delete/{id}": { @@ -39476,7 +40846,9 @@ } } }, - "x-state": "Added in 7.15.0" + "x-state": "Added in 7.15.0", + "x-api-name" : "delete_async", + "x-namespace": "sql" } }, "/_sql/async/{id}": { @@ -39589,7 +40961,9 @@ } } }, - "x-state": "Added in 7.15.0" + "x-state": "Added in 7.15.0", + "x-api-name" : "get_async", + "x-namespace": "sql" } }, "/_sql/async/status/{id}": { @@ -39655,7 +41029,9 @@ } } }, - "x-state": "Added in 7.15.0" + "x-state": "Added in 7.15.0", + "x-api-name" : "get_async_status", + "x-namespace": "sql" } }, "/_sql": { @@ -39679,7 +41055,9 @@ "$ref": "#/components/responses/sql.query-200" } }, - "x-state": "Added in 6.3.0" + "x-state": "Added in 6.3.0", + "x-api-name" : "query", + "x-namespace": "sql" }, "post": { "tags": [ @@ -39701,7 +41079,9 @@ "$ref": "#/components/responses/sql.query-200" } }, - "x-state": "Added in 6.3.0" + "x-state": "Added in 6.3.0", + "x-api-name" : "query", + "x-namespace": "sql" } }, "/_sql/translate": { @@ -39720,7 +41100,9 @@ "$ref": "#/components/responses/sql.translate-200" } }, - "x-state": "Added in 6.3.0" + "x-state": "Added in 6.3.0", + "x-api-name" : "translate", + "x-namespace": "sql" }, "post": { "tags": [ @@ -39737,7 +41119,9 @@ "$ref": "#/components/responses/sql.translate-200" } }, - "x-state": "Added in 6.3.0" + "x-state": "Added in 6.3.0", + "x-api-name" : "translate", + "x-namespace": "sql" } }, "/_ssl/certificates": { @@ -39772,7 +41156,9 @@ } } }, - "x-state": "Added in 6.2.0" + "x-state": "Added in 6.2.0", + "x-api-name" : "certificates", + "x-namespace": "ssl" } }, "/_synonyms/{id}": { @@ -39850,7 +41236,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "get_synonym", + "x-namespace": "synonyms" }, "put": { "tags": [ @@ -39934,7 +41322,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "put_synonym", + "x-namespace": "synonyms" }, "delete": { "tags": [ @@ -39968,7 +41358,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "delete_synonym", + "x-namespace": "synonyms" } }, "/_synonyms/{set_id}/{rule_id}": { @@ -40021,7 +41413,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "get_synonym_rule", + "x-namespace": "synonyms" }, "put": { "tags": [ @@ -40107,7 +41501,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "put_synonym_rule", + "x-namespace": "synonyms" }, "delete": { "tags": [ @@ -40168,7 +41564,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "delete_synonym_rule", + "x-namespace": "synonyms" } }, "/_synonyms": { @@ -40236,7 +41634,9 @@ } } }, - "x-state": "Added in 8.10.0" + "x-state": "Added in 8.10.0", + "x-api-name" : "get_synonyms_sets", + "x-namespace": "synonyms" } }, "/_tasks/_cancel": { @@ -40266,7 +41666,9 @@ "$ref": "#/components/responses/tasks.cancel-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "cancel", + "x-namespace": "tasks" } }, "/_tasks/{task_id}/_cancel": { @@ -40299,7 +41701,9 @@ "$ref": "#/components/responses/tasks.cancel-200" } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "cancel", + "x-namespace": "tasks" } }, "/_tasks/{task_id}": { @@ -40385,7 +41789,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "get", + "x-namespace": "tasks" } }, "/_tasks": { @@ -40496,7 +41902,9 @@ } } }, - "x-state": "Technical preview" + "x-state": "Technical preview", + "x-api-name" : "list", + "x-namespace": "tasks" } }, "/{index}/_terms_enum": { @@ -40520,7 +41928,8 @@ "$ref": "#/components/responses/terms_enum-200" } }, - "x-state": "Added in 7.14.0" + "x-state": "Added in 7.14.0", + "x-api-name": "terms_enum" }, "post": { "tags": [ @@ -40542,7 +41951,8 @@ "$ref": "#/components/responses/terms_enum-200" } }, - "x-state": "Added in 7.14.0" + "x-state": "Added in 7.14.0", + "x-api-name": "terms_enum" } }, "/{index}/_termvectors/{id}": { @@ -40601,7 +42011,8 @@ "200": { "$ref": "#/components/responses/termvectors-200" } - } + }, + "x-api-name": "termvectors" }, "post": { "tags": [ @@ -40658,7 +42069,8 @@ "200": { "$ref": "#/components/responses/termvectors-200" } - } + }, + "x-api-name": "termvectors" } }, "/{index}/_termvectors": { @@ -40714,7 +42126,8 @@ "200": { "$ref": "#/components/responses/termvectors-200" } - } + }, + "x-api-name": "termvectors" }, "post": { "tags": [ @@ -40768,7 +42181,8 @@ "200": { "$ref": "#/components/responses/termvectors-200" } - } + }, + "x-api-name": "termvectors" } }, "/_text_structure/find_field_structure": { @@ -41007,7 +42421,9 @@ } } } - } + }, + "x-api-name" : "find_field_structure", + "x-namespace": "text_structure" } }, "/_text_structure/find_message_structure": { @@ -41060,7 +42476,9 @@ "200": { "$ref": "#/components/responses/text_structure.find_message_structure-200" } - } + }, + "x-api-name" : "find_message_structure", + "x-namespace": "text_structure" }, "post": { "tags": [ @@ -41111,7 +42529,9 @@ "200": { "$ref": "#/components/responses/text_structure.find_message_structure-200" } - } + }, + "x-api-name" : "find_message_structure", + "x-namespace": "text_structure" } }, "/_text_structure/find_structure": { @@ -41417,7 +42837,9 @@ } } }, - "x-state": "Added in 7.13.0" + "x-state": "Added in 7.13.0", + "x-api-name" : "find_structure", + "x-namespace": "text_structure" } }, "/_text_structure/test_grok_pattern": { @@ -41444,7 +42866,9 @@ "$ref": "#/components/responses/text_structure.test_grok_pattern-200" } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "test_grok_pattern", + "x-namespace": "text_structure" }, "post": { "tags": [ @@ -41469,7 +42893,9 @@ "$ref": "#/components/responses/text_structure.test_grok_pattern-200" } }, - "x-state": "Added in 8.13.0" + "x-state": "Added in 8.13.0", + "x-api-name" : "test_grok_pattern", + "x-namespace": "text_structure" } }, "/_transform/{transform_id}": { @@ -41502,7 +42928,9 @@ "$ref": "#/components/responses/transform.get_transform-200" } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "get_transform", + "x-namespace": "transform" }, "put": { "tags": [ @@ -41621,7 +43049,9 @@ } } }, - "x-state": "Added in 7.2.0" + "x-state": "Added in 7.2.0", + "x-api-name" : "put_transform", + "x-namespace": "transform" }, "delete": { "tags": [ @@ -41690,7 +43120,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "delete_transform", + "x-namespace": "transform" } }, "/_transform": { @@ -41720,7 +43152,9 @@ "$ref": "#/components/responses/transform.get_transform-200" } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "get_transform", + "x-namespace": "transform" } }, "/_transform/{transform_id}/_stats": { @@ -41817,7 +43251,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "get_transform_stats", + "x-namespace": "transform" } }, "/_transform/{transform_id}/_preview": { @@ -41844,7 +43280,9 @@ "$ref": "#/components/responses/transform.preview_transform-200" } }, - "x-state": "Added in 7.2.0" + "x-state": "Added in 7.2.0", + "x-api-name" : "preview_transform", + "x-namespace": "transform" }, "post": { "tags": [ @@ -41869,7 +43307,9 @@ "$ref": "#/components/responses/transform.preview_transform-200" } }, - "x-state": "Added in 7.2.0" + "x-state": "Added in 7.2.0", + "x-api-name" : "preview_transform", + "x-namespace": "transform" } }, "/_transform/_preview": { @@ -41893,7 +43333,9 @@ "$ref": "#/components/responses/transform.preview_transform-200" } }, - "x-state": "Added in 7.2.0" + "x-state": "Added in 7.2.0", + "x-api-name" : "preview_transform", + "x-namespace": "transform" }, "post": { "tags": [ @@ -41915,7 +43357,9 @@ "$ref": "#/components/responses/transform.preview_transform-200" } }, - "x-state": "Added in 7.2.0" + "x-state": "Added in 7.2.0", + "x-api-name" : "preview_transform", + "x-namespace": "transform" } }, "/_transform/{transform_id}/_reset": { @@ -41977,7 +43421,9 @@ } } }, - "x-state": "Added in 8.1.0" + "x-state": "Added in 8.1.0", + "x-api-name" : "reset_transform", + "x-namespace": "transform" } }, "/_transform/{transform_id}/_schedule_now": { @@ -42029,7 +43475,9 @@ } } }, - "x-state": "Added in 8.7.0" + "x-state": "Added in 8.7.0", + "x-api-name" : "schedule_now_transform", + "x-namespace": "transform" } }, "/_transform/{transform_id}/_start": { @@ -42091,7 +43539,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "start_transform", + "x-namespace": "transform" } }, "/_transform/{transform_id}/_stop": { @@ -42183,7 +43633,9 @@ } } }, - "x-state": "Added in 7.5.0" + "x-state": "Added in 7.5.0", + "x-api-name" : "stop_transform", + "x-namespace": "transform" } }, "/_transform/{transform_id}/_update": { @@ -42350,7 +43802,9 @@ } } }, - "x-state": "Added in 7.2.0" + "x-state": "Added in 7.2.0", + "x-api-name" : "update_transform", + "x-namespace": "transform" } }, "/_transform/_upgrade": { @@ -42420,7 +43874,9 @@ } } }, - "x-state": "Added in 7.16.0" + "x-state": "Added in 7.16.0", + "x-api-name" : "upgrade_transforms", + "x-namespace": "transform" } }, "/{index}/_update/{id}": { @@ -42698,7 +44154,8 @@ } } } - } + }, + "x-api-name": "update" } }, "/{index}/_update_by_query": { @@ -43161,7 +44618,8 @@ } } }, - "x-state": "Added in 2.4.0" + "x-state": "Added in 2.4.0", + "x-api-name": "update_by_query" } }, "/_update_by_query/{task_id}/_rethrottle": { @@ -43218,7 +44676,8 @@ } } }, - "x-state": "Added in 6.5.0" + "x-state": "Added in 6.5.0", + "x-api-name": "update_by_query_rethrottle" } }, "/_watcher/watch/{watch_id}/_ack": { @@ -43238,7 +44697,9 @@ "200": { "$ref": "#/components/responses/watcher.ack_watch-200" } - } + }, + "x-api-name" : "ack_watch", + "x-namespace": "watcher" }, "post": { "tags": [ @@ -43256,7 +44717,9 @@ "200": { "$ref": "#/components/responses/watcher.ack_watch-200" } - } + }, + "x-api-name" : "ack_watch", + "x-namespace": "watcher" } }, "/_watcher/watch/{watch_id}/_ack/{action_id}": { @@ -43279,7 +44742,9 @@ "200": { "$ref": "#/components/responses/watcher.ack_watch-200" } - } + }, + "x-api-name" : "ack_watch", + "x-namespace": "watcher" }, "post": { "tags": [ @@ -43300,7 +44765,9 @@ "200": { "$ref": "#/components/responses/watcher.ack_watch-200" } - } + }, + "x-api-name" : "ack_watch", + "x-namespace": "watcher" } }, "/_watcher/watch/{watch_id}/_activate": { @@ -43323,7 +44790,9 @@ "200": { "$ref": "#/components/responses/watcher.activate_watch-200" } - } + }, + "x-api-name" : "activate_watch", + "x-namespace": "watcher" }, "post": { "tags": [ @@ -43344,7 +44813,9 @@ "200": { "$ref": "#/components/responses/watcher.activate_watch-200" } - } + }, + "x-api-name" : "activate_watch", + "x-namespace": "watcher" } }, "/_watcher/watch/{watch_id}/_deactivate": { @@ -43367,7 +44838,9 @@ "200": { "$ref": "#/components/responses/watcher.deactivate_watch-200" } - } + }, + "x-api-name" : "deactivate_watch", + "x-namespace": "watcher" }, "post": { "tags": [ @@ -43388,7 +44861,9 @@ "200": { "$ref": "#/components/responses/watcher.deactivate_watch-200" } - } + }, + "x-api-name" : "deactivate_watch", + "x-namespace": "watcher" } }, "/_watcher/watch/{id}": { @@ -43456,7 +44931,9 @@ } } }, - "x-state": "Added in 5.6.0" + "x-state": "Added in 5.6.0", + "x-api-name" : "get_watch", + "x-namespace": "watcher" }, "put": { "tags": [ @@ -43489,7 +44966,9 @@ "200": { "$ref": "#/components/responses/watcher.put_watch-200" } - } + }, + "x-api-name" : "put_watch", + "x-namespace": "watcher" }, "post": { "tags": [ @@ -43522,7 +45001,9 @@ "200": { "$ref": "#/components/responses/watcher.put_watch-200" } - } + }, + "x-api-name" : "put_watch", + "x-namespace": "watcher" }, "delete": { "tags": [ @@ -43577,7 +45058,9 @@ } } } - } + }, + "x-api-name" : "delete_watch", + "x-namespace": "watcher" } }, "/_watcher/watch/{id}/_execute": { @@ -43603,7 +45086,9 @@ "200": { "$ref": "#/components/responses/watcher.execute_watch-200" } - } + }, + "x-api-name" : "execute_watch", + "x-namespace": "watcher" }, "post": { "tags": [ @@ -43627,7 +45112,9 @@ "200": { "$ref": "#/components/responses/watcher.execute_watch-200" } - } + }, + "x-api-name" : "execute_watch", + "x-namespace": "watcher" } }, "/_watcher/watch/_execute": { @@ -43650,7 +45137,9 @@ "200": { "$ref": "#/components/responses/watcher.execute_watch-200" } - } + }, + "x-api-name" : "execute_watch", + "x-namespace": "watcher" }, "post": { "tags": [ @@ -43671,7 +45160,9 @@ "200": { "$ref": "#/components/responses/watcher.execute_watch-200" } - } + }, + "x-api-name" : "execute_watch", + "x-namespace": "watcher" } }, "/_watcher/settings": { @@ -43719,7 +45210,9 @@ } } } - } + }, + "x-api-name" : "get_settings", + "x-namespace": "watcher" }, "put": { "tags": [ @@ -43792,7 +45285,9 @@ } } } - } + }, + "x-api-name" : "update_settings", + "x-namespace": "watcher" } }, "/_watcher/_query/watches": { @@ -43811,7 +45306,9 @@ "$ref": "#/components/responses/watcher.query_watches-200" } }, - "x-state": "Added in 7.11.0" + "x-state": "Added in 7.11.0", + "x-api-name" : "query_watches", + "x-namespace": "watcher" }, "post": { "tags": [ @@ -43828,7 +45325,9 @@ "$ref": "#/components/responses/watcher.query_watches-200" } }, - "x-state": "Added in 7.11.0" + "x-state": "Added in 7.11.0", + "x-api-name" : "query_watches", + "x-namespace": "watcher" } }, "/_watcher/_start": { @@ -43868,7 +45367,9 @@ } } } - } + }, + "x-api-name" : "start", + "x-namespace": "watcher" } }, "/_watcher/stats": { @@ -43892,7 +45393,9 @@ "$ref": "#/components/responses/watcher.stats-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "stats", + "x-namespace": "watcher" } }, "/_watcher/stats/{metric}": { @@ -43919,7 +45422,9 @@ "$ref": "#/components/responses/watcher.stats-200" } }, - "x-state": "Added in 5.5.0" + "x-state": "Added in 5.5.0", + "x-api-name" : "stats", + "x-namespace": "watcher" } }, "/_watcher/_stop": { @@ -43959,7 +45464,9 @@ } } } - } + }, + "x-api-name" : "stop", + "x-namespace": "watcher" } }, "/_xpack": { @@ -44042,7 +45549,9 @@ } } } - } + }, + "x-api-name" : "info", + "x-namespace": "xpack" } }, "/_xpack/usage": { @@ -44190,7 +45699,9 @@ } } } - } + }, + "x-api-name" : "usage", + "x-namespace": "xpack" } } }, @@ -80235,6 +81746,36 @@ } } }, + "inference._types.InferenceEndpointInfoAmazonBedrock": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeAmazonBedrock" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeAmazonBedrock": { + "type": "string", + "enum": [ + "text_embedding", + "completion" + ] + }, "inference._types.AnthropicTaskType": { "type": "string", "enum": [ @@ -80294,6 +81835,35 @@ "max_tokens" ] }, + "inference._types.InferenceEndpointInfoAnthropic": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeAnthropic" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeAnthropic": { + "type": "string", + "enum": [ + "completion" + ] + }, "inference._types.AzureAiStudioTaskType": { "type": "string", "enum": [ @@ -80368,6 +81938,36 @@ } } }, + "inference._types.InferenceEndpointInfoAzureAIStudio": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeAzureAIStudio" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeAzureAIStudio": { + "type": "string", + "enum": [ + "text_embedding", + "completion" + ] + }, "inference._types.AzureOpenAITaskType": { "type": "string", "enum": [ @@ -80435,6 +82035,36 @@ } } }, + "inference._types.InferenceEndpointInfoAzureOpenAI": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeAzureOpenAI" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeAzureOpenAI": { + "type": "string", + "enum": [ + "text_embedding", + "completion" + ] + }, "inference._types.CohereTaskType": { "type": "string", "enum": [ @@ -80531,6 +82161,37 @@ "START" ] }, + "inference._types.InferenceEndpointInfoCohere": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeCohere" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeCohere": { + "type": "string", + "enum": [ + "text_embedding", + "rerank", + "completion" + ] + }, "inference._types.ElasticsearchTaskType": { "type": "string", "enum": [ @@ -80602,6 +82263,37 @@ } } }, + "inference._types.InferenceEndpointInfoElasticsearch": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeElasticsearch" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeElasticsearch": { + "type": "string", + "enum": [ + "sparse_embedding", + "text_embedding", + "rerank" + ] + }, "inference._types.ElserTaskType": { "type": "string", "enum": [ @@ -80634,6 +82326,35 @@ "num_threads" ] }, + "inference._types.InferenceEndpointInfoELSER": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeELSER" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeELSER": { + "type": "string", + "enum": [ + "sparse_embedding" + ] + }, "inference._types.GoogleAiStudioTaskType": { "type": "string", "enum": [ @@ -80670,11 +82391,43 @@ "model_id" ] }, + "inference._types.InferenceEndpointInfoGoogleAIStudio": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeGoogleAIStudio" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeGoogleAIStudio": { + "type": "string", + "enum": [ + "text_embedding", + "completion" + ] + }, "inference._types.GoogleVertexAITaskType": { "type": "string", "enum": [ "rerank", - "text_embedding" + "text_embedding", + "completion", + "chat_completion" ] }, "inference._types.GoogleVertexAIServiceType": { @@ -80732,6 +82485,36 @@ } } }, + "inference._types.InferenceEndpointInfoGoogleVertexAI": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeGoogleVertexAI" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeGoogleVertexAI": { + "type": "string", + "enum": [ + "text_embedding", + "rerank" + ] + }, "inference._types.HuggingFaceTaskType": { "type": "string", "enum": [ @@ -80767,6 +82550,35 @@ "url" ] }, + "inference._types.InferenceEndpointInfoHuggingFace": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeHuggingFace" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeHuggingFace": { + "type": "string", + "enum": [ + "text_embedding" + ] + }, "inference._types.JinaAITaskType": { "type": "string", "enum": [ @@ -80910,6 +82722,35 @@ "model" ] }, + "inference._types.InferenceEndpointInfoMistral": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeMistral" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeMistral": { + "type": "string", + "enum": [ + "text_embedding" + ] + }, "inference._types.OpenAITaskType": { "type": "string", "enum": [ @@ -80971,6 +82812,37 @@ } } }, + "inference._types.InferenceEndpointInfoOpenAI": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeOpenAI" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeOpenAI": { + "type": "string", + "enum": [ + "text_embedding", + "chat_completion", + "completion" + ] + }, "inference._types.VoyageAITaskType": { "type": "string", "enum": [ @@ -81037,6 +82909,36 @@ } } }, + "inference._types.InferenceEndpointInfoVoyageAI": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeVoyageAI" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeVoyageAI": { + "type": "string", + "enum": [ + "text_embedding", + "rerank" + ] + }, "inference._types.WatsonxTaskType": { "type": "string", "enum": [ @@ -81093,6 +82995,35 @@ "url" ] }, + "inference._types.InferenceEndpointInfoWatsonx": { + "allOf": [ + { + "$ref": "#/components/schemas/inference._types.InferenceEndpoint" + }, + { + "type": "object", + "properties": { + "inference_id": { + "description": "The inference Id", + "type": "string" + }, + "task_type": { + "$ref": "#/components/schemas/inference._types.TaskTypeWatsonx" + } + }, + "required": [ + "inference_id", + "task_type" + ] + } + ] + }, + "inference._types.TaskTypeWatsonx": { + "type": "string", + "enum": [ + "text_embedding" + ] + }, "inference._types.RerankedInferenceResult": { "type": "object", "properties": { diff --git a/docs/kibana-openapi.json b/docs/kibana-openapi.json new file mode 100644 index 000000000..59d20f545 --- /dev/null +++ b/docs/kibana-openapi.json @@ -0,0 +1 @@ +{"openapi":"3.0.3","info":{"contact":{"name":"Kibana Team"},"description":"The Kibana REST APIs enable you to manage resources such as connectors, data views, and saved objects.\nThe API calls are stateless.\nEach request that you make happens in isolation from other calls and must include all of the necessary information for Kibana to fulfill the\nrequest.\nAPI requests return JSON output, which is a format that is machine-readable and works well for automation.\n\nTo interact with Kibana APIs, use the following operations:\n\n- GET: Fetches the information.\n- PATCH: Applies partial modifications to the existing information.\n- POST: Adds new information.\n- PUT: Updates the existing information.\n- DELETE: Removes the information.\n\nYou can prepend any Kibana API endpoint with `kbn:` and run the request in **Dev Tools → Console**.\nFor example:\n\n```\nGET kbn:/api/data_views\n```\n\nFor more information about the console, refer to [Run API requests](https://www.elastic.co/docs/explore-analyze/query-filter/tools/console).\n\nNOTE: Access to internal Kibana API endpoints will be restricted in Kibana version 9.0. Please move any integrations to publicly documented APIs.\n\n## Documentation source and versions\n\nThis documentation is derived from the `main` branch of the [kibana](https://github.com/elastic/kibana) repository.\nIt is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/).\n\nThis documentation contains work-in-progress information for future Elastic Stack releases.\n","title":"Kibana APIs","version":"1.0.2","x-doc-license":{"name":"Attribution-NonCommercial-NoDerivatives 4.0 International","url":"https://creativecommons.org/licenses/by-nc-nd/4.0/"},"x-feedbackLink":{"label":"Feedback","url":"https://github.com/elastic/docs-content/issues/new?assignees=\u0026labels=feedback%2Ccommunity\u0026projects=\u0026template=api-feedback.yaml\u0026title=%5BFeedback%5D%3A+"}},"servers":[{"url":"https://{kibana_url}","variables":{"kibana_url":{"default":"localhost:5601"}}}],"security":[{"apiKeyAuth":[]},{"basicAuth":[]}],"tags":[{"name":"alerting","description":"Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. Actions typically involve the use of connectors to interact with Kibana services or third party integrations.\n","externalDocs":{"description":"Alerting documentation","url":"https://www.elastic.co/docs/explore-analyze/alerts-cases/alerts"},"x-displayName":"Alerting"},{"description":"Adjust APM agent configuration without need to redeploy your application.\n","name":"APM agent configuration"},{"description":"Configure APM agent keys to authorize requests from APM agents to the APM Server.\n","name":"APM agent keys"},{"description":"Annotate visualizations in the APM app with significant events. Annotations enable you to easily see how events are impacting the performance of your applications.\n","name":"APM annotations"},{"description":"Create APM fleet server schema.","name":"APM server schema"},{"description":"Configure APM source maps. A source map allows minified files to be mapped back to original source code--allowing you to maintain the speed advantage of minified code, without losing the ability to quickly and easily debug your application.\nFor best results, uploading source maps should become a part of your deployment procedure, and not something you only do when you see unhelpful errors. That's because uploading source maps after errors happen won't make old errors magically readable--errors must occur again for source mapping to occur.\n","name":"APM sourcemaps"},{"description":"Cases are used to open and track issues. You can add assignees and tags to your cases, set their severity and status, and add alerts, comments, and visualizations. You can also send cases to external incident management systems by configuring connectors.\n","name":"cases","externalDocs":{"description":"Cases documentation","url":"https://www.elastic.co/docs/explore-analyze/alerts-cases/cases"},"x-displayName":"Cases"},{"name":"connectors","description":"Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Alerting rules can use connectors to run actions when rule conditions are met.\n","externalDocs":{"description":"Connector documentation","url":"https://www.elastic.co/docs/reference/kibana/connectors-kibana"},"x-displayName":"Connectors"},{"name":"Dashboards"},{"name":"Data streams"},{"description":"Data view APIs enable you to manage data views, formerly known as Kibana index patterns.","name":"data views","x-displayName":"Data views"},{"name":"Elastic Agent actions"},{"name":"Elastic Agent binary download sources"},{"name":"Elastic Agent policies"},{"name":"Elastic Agent status"},{"name":"Elastic Agents"},{"name":"Elastic Package Manager (EPM)"},{"name":"Fleet enrollment API keys"},{"name":"Fleet internals"},{"name":"Fleet outputs"},{"name":"Fleet package policies"},{"name":"Fleet proxies"},{"name":"Fleet Server hosts"},{"name":"Fleet service tokens"},{"name":"Fleet uninstall tokens"},{"description":"Programmatically integrate with Logstash configuration management.\n\u003e warn\n\u003e Do not directly access the `.logstash` index. The structure of the `.logstash` index is subject to change, which could cause your integration to break. Instead, use the Logstash configuration management APIs.\n","externalDocs":{"description":"Centralized pipeline management","url":"https://www.elastic.co/docs/reference/logstash/logstash-centralized-pipeline-management"},"name":"logstash","x-displayName":"Logstash configuration management"},{"name":"maintenance-window","description":"You can schedule single or recurring maintenance windows to temporarily reduce rule notifications. For example, a maintenance window prevents false alarms during planned outages.\n","externalDocs":{"description":"Maintenance window documentation","url":"https://www.elastic.co/docs/explore-analyze/alerts-cases/alerts/maintenance-windows"},"x-displayName":"Maintenance windows"},{"name":"Message Signing Service"},{"description":"Machine learning","name":"ml","x-displayName":"Machine learning"},{"name":"roles","x-displayName":"Roles","description":"Manage the roles that grant Elasticsearch and Kibana privileges.","externalDocs":{"description":"Kibana role management","url":"https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles"}},{"name":"saved objects","x-displayName":"Saved objects","description":"Export sets of saved objects that you want to import into Kibana, resolve import errors, and rotate an encryption key for encrypted saved objects with the saved objects APIs.\n\nTo manage a specific type of saved object, use the corresponding APIs.\nFor example, use:\n\n* [Data views](../group/endpoint-data-views)\n* [Spaces](../group/endpoint-spaces)\n* [Short URLs](../group/endpoint-short-url)\n\nWarning: Do not write documents directly to the `.kibana` index. When you write directly to the `.kibana` index, the data becomes corrupted and permanently breaks future Kibana versions\n"},{"description":"Manage and interact with Security Assistant resources.","name":"Security AI Assistant API","x-displayName":"Security AI assistant"},{"description":"Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged.\n\nThis API supports both key-based authentication and basic authentication.\n\nTo use key-based authentication, create an API key, then specify the key in the header of your API calls.\n\nTo use basic authentication, provide a username and password; this automatically creates an API key that matches the current user’s privileges.\n\nIn both cases, the API key is subsequently used for authorization when the rule runs.\n\u003e warn\n\u003e If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.\n\n\u003e If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.\n\nTo create and run rules, the user must meet specific requirements for the Kibana space. Refer to the [Detections requirements](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html) for a complete list of requirements.\n","name":"Security Detections API","x-displayName":"Security detections"},{"description":"Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.","name":"Security Endpoint Exceptions API","x-displayName":"Security endpoint exceptions"},{"description":"Interact with and manage endpoints running the Elastic Defend integration.","name":"Security Endpoint Management API","x-displayName":"Security endpoint management"},{"description":"","name":"Security Entity Analytics API","x-displayName":"Security entity analytics"},{"description":"Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.\n\nExceptions are made up of:\n\n* **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.\n* **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert.\n\nFor detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.\n\u003e info\n\u003e You cannot use lists with endpoint rule exceptions.\n\n\u003e info\n\u003e Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.\n\n## Exceptions requirements\n\nBefore you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui).\n","name":"Security Exceptions API","x-displayName":"Security exceptions"},{"description":"Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts.\n\nLists are made up of:\n\n* **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used:\n * `boolean`\n * `byte`\n * `date`\n * `date_nanos`\n * `date_range`\n * `double`\n * `double_range`\n * `float`\n * `float_range`\n * `half_float`\n * `integer`\n * `integer_range`\n * `ip`\n * `ip_range`\n * `keyword`\n * `long`\n * `long_range`\n * `short`\n * `text`\n* **List items**: The values used to determine whether the exception prevents an alert from being generated.\n\nAll list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address:\n1. `192.168.1.1`\n2. `192.168.1.3`\n3. `192.168.1.18`\n4. `192.168.1.12`\n5. `192.168.1.7`\n\nTo use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list.\n\u003e info\n\u003e Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object.\n\n## Lists requirements\n\nBefore you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements.\n","name":"Security Lists API","x-displayName":"Security lists"},{"description":"Run live queries, manage packs and saved queries.","name":"Security Osquery API","x-displayName":"Security Osquery"},{"description":"You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.","name":"Security Timeline API","x-displayName":"Security timeline"},{"description":"Manage Kibana short URLs.","name":"short url","x-displayName":"Short URLs"},{"description":"SLO APIs enable you to define, manage and track service-level objectives","name":"slo","x-displayName":"Service level objectives"},{"name":"spaces","x-displayName":"Spaces","description":"Manage your Kibana spaces.","externalDocs":{"url":"https://www.elastic.co/docs/deploy-manage/manage-spaces","description":"Space overview"}},{"name":"streams","description":"Streams is a new and experimental way to manage your data in Kibana (currently experimental - expect changes).\n","x-displayName":"Streams"},{"name":"synthetics","x-displayName":"Synthetics","externalDocs":{"description":"Synthetic monitoring","url":"https://www.elastic.co/docs/solutions/observability/synthetics"}},{"name":"system","x-displayName":"System","description":"Get information about the system status, resource usage, features, and installed plugins.\n"},{"description":"Get information about the system status, resource usage, features, and installed plugins.\n","name":"system","x-displayName":"System"},{"externalDocs":{"description":"Task manager","url":"https://www.elastic.co/docs/deploy-manage/distributed-architecture/kibana-tasks-management"},"name":"task manager","x-displayName":"Task manager"},{"description":"The assistant helps you prepare for the next major version of Elasticsearch.","name":"upgrade","x-displayName":"Upgrade assistant"},{"externalDocs":{"description":"Uptime monitoring","url":"https://www.elastic.co/docs/solutions/observability/uptime"},"name":"uptime","x-displayName":"Uptime"},{"name":"user session","x-displayName":"User session management"}],"paths":{"/api/actions/connector_types":{"get":{"description":"You do not need any Kibana feature privileges to run this API.","operationId":"get-actions-connector-types","parameters":[{"description":"A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).","in":"query","name":"feature_id","required":false,"schema":{"type":"string"}}],"responses":{"200":{"description":"Indicates a successful call.","content":{"application/json":{"examples":{"getConnectorTypesServerlessResponse":{"$ref":"#/components/examples/get_connector_types_generativeai_response"}}}}}},"summary":"Get connector types","tags":["connectors"]}},"/api/actions/connector/{id}":{"delete":{"description":"WARNING: When you delete a connector, it cannot be recovered.","operationId":"delete-actions-connector-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"An identifier for the connector.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."}},"summary":"Delete a connector","tags":["connectors"]},"get":{"operationId":"get-actions-connector-id","parameters":[{"description":"An identifier for the connector.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"config":{"additionalProperties":{},"type":"object"},"connector_type_id":{"description":"The connector type identifier.","type":"string"},"id":{"description":"The identifier for the connector.","type":"string"},"is_deprecated":{"description":"Indicates whether the connector is deprecated.","type":"boolean"},"is_missing_secrets":{"description":"Indicates whether the connector is missing secrets.","type":"boolean"},"is_preconfigured":{"description":"Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ","type":"boolean"},"is_system_action":{"description":"Indicates whether the connector is used for system actions.","type":"boolean"},"name":{"description":" The name of the rule.","type":"string"}},"required":["id","name","connector_type_id","is_preconfigured","is_deprecated","is_system_action"]},"examples":{"getConnectorResponse":{"$ref":"#/components/examples/get_connector_response"}}}},"description":"Indicates a successful call."}},"summary":"Get connector information","tags":["connectors"]},"post":{"operationId":"post-actions-connector-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"An identifier for the connector.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"connector_type_id":{"description":"The type of connector.","type":"string"},"name":{"description":"The display name for the connector.","type":"string"},"config":{"additionalProperties":{},"default":{},"description":"The connector configuration details.","oneOf":[{"$ref":"#/components/schemas/bedrock_config"},{"$ref":"#/components/schemas/crowdstrike_config"},{"$ref":"#/components/schemas/d3security_config"},{"$ref":"#/components/schemas/email_config"},{"$ref":"#/components/schemas/gemini_config"},{"$ref":"#/components/schemas/resilient_config"},{"$ref":"#/components/schemas/index_config"},{"$ref":"#/components/schemas/jira_config"},{"$ref":"#/components/schemas/genai_azure_config"},{"$ref":"#/components/schemas/genai_openai_config"},{"$ref":"#/components/schemas/opsgenie_config"},{"$ref":"#/components/schemas/pagerduty_config"},{"$ref":"#/components/schemas/sentinelone_config"},{"$ref":"#/components/schemas/servicenow_config"},{"$ref":"#/components/schemas/servicenow_itom_config"},{"$ref":"#/components/schemas/slack_api_config"},{"$ref":"#/components/schemas/swimlane_config"},{"$ref":"#/components/schemas/thehive_config"},{"$ref":"#/components/schemas/tines_config"},{"$ref":"#/components/schemas/torq_config"},{"$ref":"#/components/schemas/webhook_config"},{"$ref":"#/components/schemas/cases_webhook_config"},{"$ref":"#/components/schemas/xmatters_config"}]},"secrets":{"additionalProperties":{},"default":{},"oneOf":[{"$ref":"#/components/schemas/bedrock_secrets"},{"$ref":"#/components/schemas/crowdstrike_secrets"},{"$ref":"#/components/schemas/d3security_secrets"},{"$ref":"#/components/schemas/email_secrets"},{"$ref":"#/components/schemas/gemini_secrets"},{"$ref":"#/components/schemas/resilient_secrets"},{"$ref":"#/components/schemas/jira_secrets"},{"$ref":"#/components/schemas/defender_secrets"},{"$ref":"#/components/schemas/teams_secrets"},{"$ref":"#/components/schemas/genai_secrets"},{"$ref":"#/components/schemas/opsgenie_secrets"},{"$ref":"#/components/schemas/pagerduty_secrets"},{"$ref":"#/components/schemas/sentinelone_secrets"},{"$ref":"#/components/schemas/servicenow_secrets"},{"$ref":"#/components/schemas/slack_api_secrets"},{"$ref":"#/components/schemas/swimlane_secrets"},{"$ref":"#/components/schemas/thehive_secrets"},{"$ref":"#/components/schemas/tines_secrets"},{"$ref":"#/components/schemas/torq_secrets"},{"$ref":"#/components/schemas/webhook_secrets"},{"$ref":"#/components/schemas/cases_webhook_secrets"},{"$ref":"#/components/schemas/xmatters_secrets"}]}},"required":["name","connector_type_id"]},"examples":{"createEmailConnectorRequest":{"$ref":"#/components/examples/create_email_connector_request"},"createIndexConnectorRequest":{"$ref":"#/components/examples/create_index_connector_request"},"createWebhookConnectorRequest":{"$ref":"#/components/examples/create_webhook_connector_request"},"createXmattersConnectorRequest":{"$ref":"#/components/examples/create_xmatters_connector_request"}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"config":{"additionalProperties":{},"type":"object"},"connector_type_id":{"description":"The connector type identifier.","type":"string"},"id":{"description":"The identifier for the connector.","type":"string"},"is_deprecated":{"description":"Indicates whether the connector is deprecated.","type":"boolean"},"is_missing_secrets":{"description":"Indicates whether the connector is missing secrets.","type":"boolean"},"is_preconfigured":{"description":"Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ","type":"boolean"},"is_system_action":{"description":"Indicates whether the connector is used for system actions.","type":"boolean"},"name":{"description":" The name of the rule.","type":"string"}},"required":["id","name","connector_type_id","is_preconfigured","is_deprecated","is_system_action"]},"examples":{"createEmailConnectorResponse":{"$ref":"#/components/examples/create_email_connector_response"},"createIndexConnectorResponse":{"$ref":"#/components/examples/create_index_connector_response"},"createWebhookConnectorResponse":{"$ref":"#/components/examples/create_webhook_connector_response"},"createXmattersConnectorResponse":{"$ref":"#/components/examples/get_connector_response"}}}},"description":"Indicates a successful call."}},"summary":"Create a connector","tags":["connectors"]},"put":{"operationId":"put-actions-connector-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"An identifier for the connector.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"name":{"description":"The display name for the connector.","type":"string"},"config":{"additionalProperties":{},"default":{},"description":"The connector configuration details.","oneOf":[{"$ref":"#/components/schemas/bedrock_config"},{"$ref":"#/components/schemas/crowdstrike_config"},{"$ref":"#/components/schemas/d3security_config"},{"$ref":"#/components/schemas/email_config"},{"$ref":"#/components/schemas/gemini_config"},{"$ref":"#/components/schemas/resilient_config"},{"$ref":"#/components/schemas/index_config"},{"$ref":"#/components/schemas/jira_config"},{"$ref":"#/components/schemas/defender_config"},{"$ref":"#/components/schemas/genai_azure_config"},{"$ref":"#/components/schemas/genai_openai_config"},{"$ref":"#/components/schemas/opsgenie_config"},{"$ref":"#/components/schemas/pagerduty_config"},{"$ref":"#/components/schemas/sentinelone_config"},{"$ref":"#/components/schemas/servicenow_config"},{"$ref":"#/components/schemas/servicenow_itom_config"},{"$ref":"#/components/schemas/slack_api_config"},{"$ref":"#/components/schemas/swimlane_config"},{"$ref":"#/components/schemas/thehive_config"},{"$ref":"#/components/schemas/tines_config"},{"$ref":"#/components/schemas/torq_config"},{"$ref":"#/components/schemas/webhook_config"},{"$ref":"#/components/schemas/cases_webhook_config"},{"$ref":"#/components/schemas/xmatters_config"}]},"secrets":{"additionalProperties":{},"default":{},"oneOf":[{"$ref":"#/components/schemas/bedrock_secrets"},{"$ref":"#/components/schemas/crowdstrike_secrets"},{"$ref":"#/components/schemas/d3security_secrets"},{"$ref":"#/components/schemas/email_secrets"},{"$ref":"#/components/schemas/gemini_secrets"},{"$ref":"#/components/schemas/resilient_secrets"},{"$ref":"#/components/schemas/jira_secrets"},{"$ref":"#/components/schemas/teams_secrets"},{"$ref":"#/components/schemas/genai_secrets"},{"$ref":"#/components/schemas/opsgenie_secrets"},{"$ref":"#/components/schemas/pagerduty_secrets"},{"$ref":"#/components/schemas/sentinelone_secrets"},{"$ref":"#/components/schemas/servicenow_secrets"},{"$ref":"#/components/schemas/slack_api_secrets"},{"$ref":"#/components/schemas/swimlane_secrets"},{"$ref":"#/components/schemas/thehive_secrets"},{"$ref":"#/components/schemas/tines_secrets"},{"$ref":"#/components/schemas/torq_secrets"},{"$ref":"#/components/schemas/webhook_secrets"},{"$ref":"#/components/schemas/cases_webhook_secrets"},{"$ref":"#/components/schemas/xmatters_secrets"}]}},"required":["name"]},"examples":{"updateIndexConnectorRequest":{"$ref":"#/components/examples/update_index_connector_request"}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"config":{"additionalProperties":{},"type":"object"},"connector_type_id":{"description":"The connector type identifier.","type":"string"},"id":{"description":"The identifier for the connector.","type":"string"},"is_deprecated":{"description":"Indicates whether the connector is deprecated.","type":"boolean"},"is_missing_secrets":{"description":"Indicates whether the connector is missing secrets.","type":"boolean"},"is_preconfigured":{"description":"Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ","type":"boolean"},"is_system_action":{"description":"Indicates whether the connector is used for system actions.","type":"boolean"},"name":{"description":" The name of the rule.","type":"string"}},"required":["id","name","connector_type_id","is_preconfigured","is_deprecated","is_system_action"]}}},"description":"Indicates a successful call."}},"summary":"Update a connector","tags":["connectors"]}},"/api/actions/connector/{id}/_execute":{"post":{"description":"You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.","operationId":"post-actions-connector-id-execute","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"An identifier for the connector.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"params":{"additionalProperties":{},"oneOf":[{"$ref":"#/components/schemas/run_acknowledge_resolve_pagerduty"},{"$ref":"#/components/schemas/run_documents"},{"$ref":"#/components/schemas/run_message_email"},{"$ref":"#/components/schemas/run_message_serverlog"},{"$ref":"#/components/schemas/run_message_slack"},{"$ref":"#/components/schemas/run_trigger_pagerduty"},{"$ref":"#/components/schemas/run_addevent"},{"$ref":"#/components/schemas/run_closealert"},{"$ref":"#/components/schemas/run_closeincident"},{"$ref":"#/components/schemas/run_createalert"},{"$ref":"#/components/schemas/run_fieldsbyissuetype"},{"$ref":"#/components/schemas/run_getagentdetails"},{"$ref":"#/components/schemas/run_getagents"},{"$ref":"#/components/schemas/run_getchoices"},{"$ref":"#/components/schemas/run_getfields"},{"$ref":"#/components/schemas/run_getincident"},{"$ref":"#/components/schemas/run_issue"},{"$ref":"#/components/schemas/run_issues"},{"$ref":"#/components/schemas/run_issuetypes"},{"$ref":"#/components/schemas/run_postmessage"},{"$ref":"#/components/schemas/run_pushtoservice"},{"$ref":"#/components/schemas/run_validchannelid"}]}},"required":["params"]},"examples":{"runIndexConnectorRequest":{"$ref":"#/components/examples/run_index_connector_request"},"runJiraConnectorRequest":{"$ref":"#/components/examples/run_jira_connector_request"},"runServerLogConnectorRequest":{"$ref":"#/components/examples/run_servicenow_itom_connector_request"},"runSlackConnectorRequest":{"$ref":"#/components/examples/run_slack_api_connector_request"},"runSwimlaneConnectorRequest":{"$ref":"#/components/examples/run_swimlane_connector_request"}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"config":{"additionalProperties":{},"type":"object"},"connector_type_id":{"description":"The connector type identifier.","type":"string"},"id":{"description":"The identifier for the connector.","type":"string"},"is_deprecated":{"description":"Indicates whether the connector is deprecated.","type":"boolean"},"is_missing_secrets":{"description":"Indicates whether the connector is missing secrets.","type":"boolean"},"is_preconfigured":{"description":"Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ","type":"boolean"},"is_system_action":{"description":"Indicates whether the connector is used for system actions.","type":"boolean"},"name":{"description":" The name of the rule.","type":"string"}},"required":["id","name","connector_type_id","is_preconfigured","is_deprecated","is_system_action"]},"examples":{"runIndexConnectorResponse":{"$ref":"#/components/examples/run_index_connector_response"},"runJiraConnectorResponse":{"$ref":"#/components/examples/run_jira_connector_response"},"runServerLogConnectorResponse":{"$ref":"#/components/examples/run_server_log_connector_response"},"runServiceNowITOMConnectorResponse":{"$ref":"#/components/examples/run_servicenow_itom_connector_response"},"runSlackConnectorResponse":{"$ref":"#/components/examples/run_slack_api_connector_response"},"runSwimlaneConnectorResponse":{"$ref":"#/components/examples/run_swimlane_connector_response"}}}},"description":"Indicates a successful call."}},"summary":"Run a connector","tags":["connectors"]}},"/api/actions/connectors":{"get":{"operationId":"get-actions-connectors","parameters":[],"responses":{"200":{"description":"Indicates a successful call.","content":{"application/json":{"examples":{"getConnectorsResponse":{"$ref":"#/components/examples/get_connectors_response"}}}}}},"summary":"Get all connectors","tags":["connectors"]}},"/api/alerting/_health":{"get":{"description":"You must have `read` privileges for the **Management \u003e Stack Rules** feature or for at least one of the **Analytics \u003e Discover**, **Analytics \u003e Machine Learning**, **Observability**, or **Security** features.\n","operationId":"getAlertingHealth","responses":{"200":{"content":{"application/json":{"examples":{"getAlertingHealthResponse":{"$ref":"#/components/examples/Alerting_get_health_response"}},"schema":{"type":"object","properties":{"alerting_framework_health":{"description":"Three substates identify the health of the alerting framework: `decryption_health`, `execution_health`, and `read_health`.\n","type":"object","properties":{"decryption_health":{"description":"The timestamp and status of the rule decryption.","type":"object","properties":{"status":{"enum":["error","ok","warn"],"example":"ok","type":"string"},"timestamp":{"example":"2023-01-13T01:28:00.280Z","format":"date-time","type":"string"}}},"execution_health":{"description":"The timestamp and status of the rule run.","type":"object","properties":{"status":{"enum":["error","ok","warn"],"example":"ok","type":"string"},"timestamp":{"example":"2023-01-13T01:28:00.280Z","format":"date-time","type":"string"}}},"read_health":{"description":"The timestamp and status of the rule reading events.","type":"object","properties":{"status":{"enum":["error","ok","warn"],"example":"ok","type":"string"},"timestamp":{"example":"2023-01-13T01:28:00.280Z","format":"date-time","type":"string"}}}}},"has_permanent_encryption_key":{"description":"If `false`, the encrypted saved object plugin does not have a permanent encryption key.","example":true,"type":"boolean"},"is_sufficiently_secure":{"description":"If `false`, security is enabled but TLS is not.","example":true,"type":"boolean"}}}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Alerting_401_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get the alerting framework health","tags":["alerting"]}},"/api/alerting/rule_types":{"get":{"description":"If you have `read` privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the **Management \u003e Stack Rules** feature, **Analytics \u003e Discover** and **Machine Learning** features, **Observability** features, and **Security** features. To get rule types associated with the **Stack Monitoring** feature, use the `monitoring_user` built-in role.\n","operationId":"getRuleTypes","responses":{"200":{"content":{"application/json":{"examples":{"getRuleTypesResponse":{"$ref":"#/components/examples/Alerting_get_rule_types_response"}},"schema":{"items":{"type":"object","properties":{"action_groups":{"description":"An explicit list of groups for which the rule type can schedule actions, each with the action group's unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid.\n","items":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}}},"type":"array"},"action_variables":{"description":"A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors.\n","type":"object","properties":{"context":{"items":{"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"},"useWithTripleBracesInTemplates":{"type":"boolean"}}},"type":"array"},"params":{"items":{"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}}},"type":"array"},"state":{"items":{"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}}},"type":"array"}}},"alerts":{"description":"Details for writing alerts as data documents for this rule type.\n","type":"object","properties":{"context":{"description":"The namespace for this rule type.\n","enum":["ml.anomaly-detection","observability.apm","observability.logs","observability.metrics","observability.slo","observability.threshold","observability.uptime","security","stack"],"type":"string"},"dynamic":{"description":"Indicates whether new fields are added dynamically.","enum":["false","runtime","strict","true"],"type":"string"},"isSpaceAware":{"description":"Indicates whether the alerts are space-aware. If true, space-specific alert indices are used.\n","type":"boolean"},"mappings":{"type":"object","properties":{"fieldMap":{"additionalProperties":{"$ref":"#/components/schemas/Alerting_fieldmap_properties"},"description":"Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation.\n","type":"object"}}},"secondaryAlias":{"description":"A secondary alias. It is typically used to support the signals alias for detection rules.\n","type":"string"},"shouldWrite":{"description":"Indicates whether the rule should write out alerts as data.\n","type":"boolean"},"useEcs":{"description":"Indicates whether to include the ECS component template for the alerts.\n","type":"boolean"},"useLegacyAlerts":{"default":false,"description":"Indicates whether to include the legacy component template for the alerts.\n","type":"boolean"}}},"authorized_consumers":{"description":"The list of the plugins IDs that have access to the rule type.","type":"object","properties":{"alerts":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"apm":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"discover":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"infrastructure":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"logs":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"ml":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"monitoring":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"siem":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"slo":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"stackAlerts":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}},"uptime":{"type":"object","properties":{"all":{"type":"boolean"},"read":{"type":"boolean"}}}}},"category":{"description":"The rule category, which is used by features such as category-specific maintenance windows.","enum":["management","observability","securitySolution"],"type":"string"},"default_action_group_id":{"description":"The default identifier for the rule type group.","type":"string"},"does_set_recovery_context":{"description":"Indicates whether the rule passes context variables to its recovery action.","type":"boolean"},"enabled_in_license":{"description":"Indicates whether the rule type is enabled or disabled based on the subscription.","type":"boolean"},"has_alerts_mappings":{"description":"Indicates whether the rule type has custom mappings for the alert data.","type":"boolean"},"has_fields_for_a_a_d":{"type":"boolean"},"id":{"description":"The unique identifier for the rule type.","type":"string"},"is_exportable":{"description":"Indicates whether the rule type is exportable in **Stack Management \u003e Saved Objects**.","type":"boolean"},"minimum_license_required":{"description":"The subscriptions required to use the rule type.","example":"basic","type":"string"},"name":{"description":"The descriptive name of the rule type.","type":"string"},"producer":{"description":"An identifier for the application that produces this rule type.","example":"stackAlerts","type":"string"},"recovery_action_group":{"description":"An action group to use when an alert goes from an active state to an inactive one.","type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}}},"rule_task_timeout":{"example":"5m","type":"string"}}},"type":"array"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Alerting_401_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get the rule types","tags":["alerting"]}},"/api/alerting/rule/{id}":{"delete":{"operationId":"delete-alerting-rule-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given ID does not exist."}},"summary":"Delete a rule","tags":["alerting"]},"get":{"operationId":"get-alerting-rule-id","parameters":[{"description":"The identifier for the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actions":{"items":{"additionalProperties":false,"type":"object","properties":{"alerts_filter":{"additionalProperties":false,"description":"Defines a period that limits whether the action runs.","type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"dsl":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL).","type":"string"},"filters":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.","items":{"additionalProperties":false,"type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"A filter can be either specific to an application context or applied globally.","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":{},"type":"object"},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql","filters"]},"timeframe":{"additionalProperties":false,"type":"object","properties":{"days":{"description":"Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.","items":{"enum":[1,2,3,4,5,6,7],"type":"integer"},"type":"array"},"hours":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end of the time frame in 24-hour notation (`hh:mm`).","type":"string"},"start":{"description":"The start of the time frame in 24-hour notation (`hh:mm`).","type":"string"}},"required":["start","end"]},"timezone":{"description":"The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.","type":"string"}},"required":["days","hours","timezone"]}}},"connector_type_id":{"description":"The type of connector. This property appears in responses but cannot be set in requests.","type":"string"},"frequency":{"additionalProperties":false,"type":"object","properties":{"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"type":"string"},"summary":{"description":"Indicates whether the action is a summary.","type":"boolean"},"throttle":{"description":"The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"}},"required":["summary","notify_when","throttle"]},"group":{"description":"The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.","type":"string"},"id":{"description":"The identifier for the connector saved object.","type":"string"},"params":{"additionalProperties":{},"description":"The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.","type":"object"},"use_alert_data_for_template":{"description":"Indicates whether to use alert data as a template.","type":"boolean"},"uuid":{"description":"A universally unique identifier (UUID) for the action.","type":"string"}},"required":["id","connector_type_id","params"]},"type":"array"},"active_snoozes":{"items":{"description":"List of active snoozes for the rule.","type":"string"},"type":"array"},"alert_delay":{"additionalProperties":false,"description":"Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.","type":"object","properties":{"active":{"description":"The number of consecutive runs that must meet the rule conditions.","type":"number"}},"required":["active"]},"api_key_created_by_user":{"description":"Indicates whether the API key that is associated with the rule was created by the user.","nullable":true,"type":"boolean"},"api_key_owner":{"description":"The owner of the API key that is associated with the rule and used to run background tasks.","nullable":true,"type":"string"},"artifacts":{"additionalProperties":false,"type":"object","properties":{"dashboards":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"investigation_guide":{"additionalProperties":false,"type":"object","properties":{"blob":{"description":"User-created content that describes alert causes and remdiation.","type":"string"}},"required":["blob"]}}},"consumer":{"description":"The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.","type":"string"},"created_at":{"description":"The date and time that the rule was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the rule.","nullable":true,"type":"string"},"enabled":{"description":"Indicates whether you want to run the rule on an interval basis after it is created.","type":"boolean"},"execution_status":{"additionalProperties":false,"type":"object","properties":{"error":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"Error message.","type":"string"},"reason":{"description":"Reason for error.","enum":["read","decrypt","execute","unknown","license","timeout","disabled","validate"],"type":"string"}},"required":["reason","message"]},"last_duration":{"description":"Duration of last execution of the rule.","type":"number"},"last_execution_date":{"description":"The date and time when rule was executed last.","type":"string"},"status":{"description":"Status of rule execution.","enum":["ok","active","error","warning","pending","unknown"],"type":"string"},"warning":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"Warning message.","type":"string"},"reason":{"description":"Reason for warning.","enum":["maxExecutableActions","maxAlerts","maxQueuedActions","ruleExecution"],"type":"string"}},"required":["reason","message"]}},"required":["status","last_execution_date"]},"flapping":{"additionalProperties":false,"description":"When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced.","nullable":true,"type":"object","properties":{"look_back_window":{"description":"The minimum number of runs in which the threshold must be met.","maximum":20,"minimum":2,"type":"number"},"status_change_threshold":{"description":"The minimum number of times an alert must switch states in the look back window.","maximum":20,"minimum":2,"type":"number"}},"required":["look_back_window","status_change_threshold"]},"id":{"description":"The identifier for the rule.","type":"string"},"is_snoozed_until":{"description":"The date when the rule will no longer be snoozed.","nullable":true,"type":"string"},"last_run":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"alerts_count":{"additionalProperties":false,"type":"object","properties":{"active":{"description":"Number of active alerts during last run.","nullable":true,"type":"number"},"ignored":{"description":"Number of ignored alerts during last run.","nullable":true,"type":"number"},"new":{"description":"Number of new alerts during last run.","nullable":true,"type":"number"},"recovered":{"description":"Number of recovered alerts during last run.","nullable":true,"type":"number"}}},"outcome":{"description":"Outcome of last run of the rule. Value could be succeeded, warning or failed.","enum":["succeeded","warning","failed"],"type":"string"},"outcome_msg":{"items":{"description":"Outcome message generated during last rule run.","type":"string"},"nullable":true,"type":"array"},"outcome_order":{"description":"Order of the outcome.","type":"number"},"warning":{"description":"Warning of last rule execution.","enum":["read","decrypt","execute","unknown","license","timeout","disabled","validate","maxExecutableActions","maxAlerts","maxQueuedActions","ruleExecution"],"nullable":true,"type":"string"}},"required":["outcome","alerts_count"]},"mapped_params":{"additionalProperties":{},"type":"object"},"monitoring":{"additionalProperties":false,"description":"Monitoring details of the rule.","type":"object","properties":{"run":{"additionalProperties":false,"description":"Rule run details.","type":"object","properties":{"calculated_metrics":{"additionalProperties":false,"description":"Calculation of different percentiles and success ratio.","type":"object","properties":{"p50":{"type":"number"},"p95":{"type":"number"},"p99":{"type":"number"},"success_ratio":{"type":"number"}},"required":["success_ratio"]},"history":{"description":"History of the rule run.","items":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of the rule run.","type":"number"},"outcome":{"description":"Outcome of last run of the rule. Value could be succeeded, warning or failed.","enum":["succeeded","warning","failed"],"type":"string"},"success":{"description":"Indicates whether the rule run was successful.","type":"boolean"},"timestamp":{"description":"Time of rule run.","type":"number"}},"required":["success","timestamp"]},"type":"array"},"last_run":{"additionalProperties":false,"type":"object","properties":{"metrics":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of most recent rule run.","type":"number"},"gap_duration_s":{"description":"Duration in seconds of rule run gap.","nullable":true,"type":"number"},"gap_range":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"gte":{"description":"End of the gap range.","type":"string"},"lte":{"description":"Start of the gap range.","type":"string"}},"required":["lte","gte"]},"total_alerts_created":{"description":"Total number of alerts created during last rule run.","nullable":true,"type":"number"},"total_alerts_detected":{"description":"Total number of alerts detected during last rule run.","nullable":true,"type":"number"},"total_indexing_duration_ms":{"description":"Total time spent indexing documents during last rule run in milliseconds.","nullable":true,"type":"number"},"total_search_duration_ms":{"description":"Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.","nullable":true,"type":"number"}}},"timestamp":{"description":"Time of the most recent rule run.","type":"string"}},"required":["timestamp","metrics"]}},"required":["history","calculated_metrics","last_run"]}},"required":["run"]},"mute_all":{"description":"Indicates whether all alerts are muted.","type":"boolean"},"muted_alert_ids":{"items":{"description":"List of identifiers of muted alerts. ","type":"string"},"type":"array"},"name":{"description":" The name of the rule.","type":"string"},"next_run":{"description":"Date and time of the next run of the rule.","nullable":true,"type":"string"},"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"nullable":true,"type":"string"},"params":{"additionalProperties":{},"description":"The parameters for the rule.","type":"object"},"revision":{"description":"The rule revision number.","type":"number"},"rule_type_id":{"description":"The rule type identifier.","type":"string"},"running":{"description":"Indicates whether the rule is running.","nullable":true,"type":"boolean"},"schedule":{"additionalProperties":false,"type":"object","properties":{"interval":{"description":"The interval is specified in seconds, minutes, hours, or days.","type":"string"}},"required":["interval"]},"scheduled_task_id":{"description":"Identifier of the scheduled task.","type":"string"},"snooze_schedule":{"items":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of the rule snooze schedule.","type":"number"},"id":{"description":"Identifier of the rule snooze schedule.","type":"string"},"rRule":{"additionalProperties":false,"type":"object","properties":{"byhour":{"items":{"description":"Indicates hours of the day to recur.","type":"number"},"nullable":true,"type":"array"},"byminute":{"items":{"description":"Indicates minutes of the hour to recur.","type":"number"},"nullable":true,"type":"array"},"bymonth":{"items":{"description":"Indicates months of the year that this rule should recur.","type":"number"},"nullable":true,"type":"array"},"bymonthday":{"items":{"description":"Indicates the days of the month to recur.","type":"number"},"nullable":true,"type":"array"},"bysecond":{"items":{"description":"Indicates seconds of the day to recur.","type":"number"},"nullable":true,"type":"array"},"bysetpos":{"items":{"description":"A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.","type":"number"},"nullable":true,"type":"array"},"byweekday":{"items":{"anyOf":[{"type":"string"},{"type":"number"}],"description":"Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination."},"nullable":true,"type":"array"},"byweekno":{"items":{"description":"Indicates number of the week hours to recur.","type":"number"},"nullable":true,"type":"array"},"byyearday":{"items":{"description":"Indicates the days of the year that this rule should recur.","type":"number"},"nullable":true,"type":"array"},"count":{"description":"Number of times the rule should recur until it stops.","type":"number"},"dtstart":{"description":"Rule start date in Coordinated Universal Time (UTC).","type":"string"},"freq":{"description":"Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.","enum":[0,1,2,3,4,5,6],"type":"integer"},"interval":{"description":"Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.","type":"number"},"tzid":{"description":"Indicates timezone abbreviation.","type":"string"},"until":{"description":"Recur the rule until this date.","type":"string"},"wkst":{"description":"Indicates the start of week, defaults to Monday.","enum":["MO","TU","WE","TH","FR","SA","SU"],"type":"string"}},"required":["dtstart","tzid"]},"skipRecurrences":{"items":{"description":"Skips recurrence of rule on this date.","type":"string"},"type":"array"}},"required":["duration","rRule"]},"type":"array"},"tags":{"items":{"description":"The tags for the rule.","type":"string"},"type":"array"},"throttle":{"deprecated":true,"description":"Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"},"updated_at":{"description":"The date and time that the rule was updated most recently.","type":"string"},"updated_by":{"description":"The identifier for the user that updated this rule most recently.","nullable":true,"type":"string"},"view_in_app_relative_url":{"description":"Relative URL to view rule in the app.","nullable":true,"type":"string"}},"required":["id","enabled","name","tags","rule_type_id","consumer","schedule","actions","params","created_by","updated_by","created_at","updated_at","api_key_owner","mute_all","muted_alert_ids","execution_status","revision"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given ID does not exist."}},"summary":"Get rule details","tags":["alerting"]},"post":{"operationId":"post-alerting-rule-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule. If it is omitted, an ID is randomly generated.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"examples":{"createEsQueryEsqlRuleRequest":{"description":"Create an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL) to define its query and a server log connector to send notifications.\n","summary":"Elasticsearch query rule (ES|QL)","value":{"actions":[{"frequency":{"notify_when":"onActiveAlert","summary":false},"group":"query matched","id":"d0db1fe0-78d6-11ee-9177-f7d404c8c945","params":{"level":"info","message":"Elasticsearch query rule '{{rule.name}}' is active:\n- Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}}"}}],"consumer":"stackAlerts","name":"my Elasticsearch query ESQL rule","params":{"esqlQuery":{"esql":"FROM kibana_sample_data_logs | KEEP bytes, clientip, host, geo.dest | where geo.dest != \"GB\" | STATS sumbytes = sum(bytes) by clientip, host | WHERE sumbytes \u003e 5000 | SORT sumbytes desc | LIMIT 10"},"searchType":"esqlQuery","size":0,"threshold":[0],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":1,"timeWindowUnit":"d"},"rule_type_id":".es-query","schedule":{"interval":"1d"}}},"createEsQueryKqlRuleRequest":{"description":"Create an Elasticsearch query rule that uses Kibana query language (KQL).","summary":"Elasticsearch query rule (KQL)","value":{"consumer":"alerts","name":"my Elasticsearch query KQL rule","params":{"aggType":"count","excludeHitsFromPreviousRun":true,"groupBy":"all","searchConfiguration":{"index":"90943e30-9a47-11e8-b64d-95841ca0b247","query":{"language":"kuery","query":"\"\"geo.src : \"US\" \"\""}},"searchType":"searchSource","size":100,"threshold":[1000],"thresholdComparator":"\u003e","timeWindowSize":5,"timeWindowUnit":"m"},"rule_type_id":".es-query","schedule":{"interval":"1m"}}},"createEsQueryRuleRequest":{"description":"Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications.\n","summary":"Elasticsearch query rule (DSL)","value":{"actions":[{"frequency":{"notify_when":"onThrottleInterval","summary":true,"throttle":"1d"},"group":"query matched","id":"fdbece50-406c-11ee-850e-c71febc4ca7f","params":{"level":"info","message":"The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."}},{"frequency":{"notify_when":"onActionGroupChange","summary":false},"group":"recovered","id":"fdbece50-406c-11ee-850e-c71febc4ca7f","params":{"level":"info","message":"Recovered"}}],"consumer":"alerts","name":"my Elasticsearch query rule","params":{"esQuery":"\"\"\"{\"query\":{\"match_all\" : {}}}\"\"\"","index":["kibana_sample_data_logs"],"size":100,"threshold":[100],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":1,"timeWindowUnit":"d"},"rule_type_id":".es-query","schedule":{"interval":"1d"}}},"createIndexThresholdRuleRequest":{"description":"Create an index threshold rule that uses a server log connector to send notifications when the threshold is met.\n","summary":"Index threshold rule","value":{"actions":[{"frequency":{"notify_when":"onActionGroupChange","summary":false},"group":"threshold met","id":"48de3460-f401-11ed-9f8e-399c75a2deeb","params":{"level":"info","message":"Rule '{{rule.name}}' is active for group '{{context.group}}':\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}}"}}],"alert_delay":{"active":3},"consumer":"alerts","name":"my rule","params":{"aggField":"sheet.version","aggType":"avg","groupBy":"top","index":[".test-index"],"termField":"name.keyword","termSize":6,"threshold":[1000],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":5,"timeWindowUnit":"m"},"rule_type_id":".index-threshold","schedule":{"interval":"1m"},"tags":["cpu"]}},"createTrackingContainmentRuleRequest":{"description":"Create a tracking containment rule that checks when an entity is contained or no longer contained within a boundary.\n","summary":"Tracking containment rule","value":{"consumer":"alerts","name":"my tracking rule","params":{"boundaryGeoField":"location","boundaryIndexId":"0cd90abf-abe7-44c7-909a-f621bbbcfefc","boundaryIndexTitle":"boundary*","boundaryNameField":"name","boundaryType":"entireIndex","dateField\"":"@timestamp","entity":"agent.keyword","geoField":"geo.coordinates","index":"kibana_sample_data_logs","indexId":"90943e30-9a47-11e8-b64d-95841ca0b247"},"rule_type_id":".geo-containment","schedule":{"interval":"1h"}}}},"schema":{"additionalProperties":false,"type":"object","properties":{"actions":{"default":[],"items":{"additionalProperties":false,"description":"An action that runs under defined conditions.","type":"object","properties":{"alerts_filter":{"additionalProperties":false,"description":"Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.","type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"dsl":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL).","type":"string"},"filters":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.","items":{"additionalProperties":false,"type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"A filter can be either specific to an application context or applied globally.","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":{},"type":"object"},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql","filters"]},"timeframe":{"additionalProperties":false,"description":"Defines a period that limits whether the action runs.","type":"object","properties":{"days":{"description":"Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.","items":{"enum":[1,2,3,4,5,6,7],"type":"integer"},"type":"array"},"hours":{"additionalProperties":false,"description":"Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.","type":"object","properties":{"end":{"description":"The end of the time frame in 24-hour notation (`hh:mm`).","type":"string"},"start":{"description":"The start of the time frame in 24-hour notation (`hh:mm`).","type":"string"}},"required":["start","end"]},"timezone":{"description":"The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.","type":"string"}},"required":["days","hours","timezone"]}}},"frequency":{"additionalProperties":false,"type":"object","properties":{"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"type":"string"},"summary":{"description":"Indicates whether the action is a summary.","type":"boolean"},"throttle":{"description":"The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"}},"required":["summary","notify_when","throttle"]},"group":{"description":"The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.","type":"string"},"id":{"description":"The identifier for the connector saved object.","type":"string"},"params":{"additionalProperties":{},"default":{},"description":"The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.","type":"object"},"use_alert_data_for_template":{"description":"Indicates whether to use alert data as a template.","type":"boolean"},"uuid":{"description":"A universally unique identifier (UUID) for the action.","type":"string"}},"required":["id"]},"type":"array"},"alert_delay":{"additionalProperties":false,"description":"Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.","type":"object","properties":{"active":{"description":"The number of consecutive runs that must meet the rule conditions.","type":"number"}},"required":["active"]},"artifacts":{"additionalProperties":false,"type":"object","properties":{"dashboards":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"maxItems":10,"type":"array"},"investigation_guide":{"additionalProperties":false,"type":"object","properties":{"blob":{"maxLength":1000,"type":"string"}},"required":["blob"]}}},"consumer":{"description":"The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.","type":"string"},"enabled":{"default":true,"description":"Indicates whether you want to run the rule on an interval basis after it is created.","type":"boolean"},"flapping":{"additionalProperties":false,"description":"When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced.","nullable":true,"type":"object","properties":{"look_back_window":{"description":"The minimum number of runs in which the threshold must be met.","maximum":20,"minimum":2,"type":"number"},"status_change_threshold":{"description":"The minimum number of times an alert must switch states in the look back window.","maximum":20,"minimum":2,"type":"number"}},"required":["look_back_window","status_change_threshold"]},"name":{"description":"The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.","type":"string"},"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"nullable":true,"type":"string"},"rule_type_id":{"description":"The rule type identifier.","type":"string"},"schedule":{"additionalProperties":false,"description":"The check interval, which specifies how frequently the rule conditions are checked.","type":"object","properties":{"interval":{"description":"The interval is specified in seconds, minutes, hours, or days.","type":"string"}},"required":["interval"]},"tags":{"default":[],"description":"The tags for the rule.","items":{"type":"string"},"type":"array"},"throttle":{"description":"Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"},"params":{"additionalProperties":{},"default":{},"description":"The parameters for the rule.","anyOf":[{"$ref":"#/components/schemas/params_property_apm_anomaly"},{"$ref":"#/components/schemas/params_property_apm_error_count"},{"$ref":"#/components/schemas/params_property_apm_transaction_duration"},{"$ref":"#/components/schemas/params_property_apm_transaction_error_rate"},{"$ref":"#/components/schemas/params_es_query_dsl_rule"},{"$ref":"#/components/schemas/params_es_query_esql_rule"},{"$ref":"#/components/schemas/params_es_query_kql_rule"},{"$ref":"#/components/schemas/params_index_threshold_rule"},{"$ref":"#/components/schemas/params_property_infra_inventory"},{"$ref":"#/components/schemas/params_property_log_threshold"},{"$ref":"#/components/schemas/params_property_infra_metric_threshold"},{"$ref":"#/components/schemas/params_property_slo_burn_rate"},{"$ref":"#/components/schemas/params_property_synthetics_uptime_tls"},{"$ref":"#/components/schemas/params_property_synthetics_monitor_status"}]}},"required":["name","rule_type_id","consumer","schedule"]}}}},"responses":{"200":{"content":{"application/json":{"examples":{"createEsQueryEsqlRuleResponse":{"description":"The response for successfully creating an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL).","summary":"Elasticsearch query rule (ES|QL)","value":{"actions":[{"connector_type_id":".server-log","frequency":{"notify_when":"onActiveAlert","summary":false,"throttle":null},"group":"query matched","id":"d0db1fe0-78d6-11ee-9177-f7d404c8c945","params":{"level":"info","message":"Elasticsearch query rule '{{rule.name}}' is active:\n- Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}}"},"uuid":"bfe370a3-531b-4855-bbe6-ad739f578844"}],"api_key_created_by_user":false,"api_key_owner":"elastic","consumer":"stackAlerts","created_at":"2023-11-01T19:00:10.453Z","created_by":"elastic","enabled":true,"execution_status":{"last_execution_date":"2023-11-01T19:00:10.453Z","status":"pending"},"id":"e0d62360-78e8-11ee-9177-f7d404c8c945","mute_all":false,"muted_alert_ids":[],"name":"my Elasticsearch query ESQL rule","notify_when":null,"params":{"aggType":"count","esqlQuery":{"esql":"FROM kibana_sample_data_logs | keep bytes, clientip, host, geo.dest | WHERE geo.dest != \"GB\" | stats sumbytes = sum(bytes) by clientip, host | WHERE sumbytes \u003e 5000 | sort sumbytes desc | limit 10"},"excludeHitsFromPreviousRun\"":"true,","groupBy":"all","searchType":"esqlQuery","size":0,"threshold":[0],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":1,"timeWindowUnit":"d"},"revision":0,"rule_type_id":".es-query","running":false,"schedule":{"interval":"1d"},"scheduled_task_id":"e0d62360-78e8-11ee-9177-f7d404c8c945","tags":[],"throttle":null,"updated_at":"2023-11-01T19:00:10.453Z","updated_by":"elastic\","}},"createEsQueryKqlRuleResponse":{"description":"The response for successfully creating an Elasticsearch query rule that uses Kibana query language (KQL).","summary":"Elasticsearch query rule (KQL)","value":{"actions":[],"api_key_created_by_user":false,"api_key_owner":"elastic","consumer":"alerts","created_at":"2023-07-14T20:24:50.729Z","created_by":"elastic","enabled":true,"execution_status":{"last_execution_date":"2023-07-14T20:24:50.729Z","status":"pending"},"id":"7bd506d0-2284-11ee-8fad-6101956ced88","mute_all":false,"muted_alert_ids":[],"name":"my Elasticsearch query KQL rule\"","notify_when":null,"params":{"aggType":"count","excludeHitsFromPreviousRun":true,"groupBy":"all","searchConfiguration":{"index":"90943e30-9a47-11e8-b64d-95841ca0b247","query":{"language":"kuery","query":"\"\"geo.src : \"US\" \"\""}},"searchType":"searchSource","size":100,"threshold":[1000],"thresholdComparator":"\u003e","timeWindowSize":5,"timeWindowUnit":"m"},"revision":0,"rule_type_id":".es-query","running":false,"schedule":{"interval":"1m"},"scheduled_task_id":"7bd506d0-2284-11ee-8fad-6101956ced88","tags":[],"throttle":null,"updated_at":"2023-07-14T20:24:50.729Z","updated_by":"elastic"}},"createEsQueryRuleResponse":{"description":"The response for successfully creating an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL).","summary":"Elasticsearch query rule (DSL)","value":{"actions":[{"connector_type_id":".server-log","frequency":{"notify_when":"onThrottleInterval","summary":true,"throttle":"1d"},"group":"query matched","id":"fdbece50-406c-11ee-850e-c71febc4ca7f","params":{"level":"info","message":"The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts."},"uuid":"53f3c2a3-e5d0-4cfa-af3b-6f0881385e78"},{"connector_type_id":".server-log","frequency":{"notify_when":"onActionGroupChange","summary":false,"throttle":null},"group":"recovered","id":"fdbece50-406c-11ee-850e-c71febc4ca7f","params":{"level":"info","message":"Recovered"},"uuid":"2324e45b-c0df-45c7-9d70-4993e30be758"}],"api_key_created_by_user":false,"api_key_owner":"elastic","consumer":"alerts","created_at":"2023-08-22T00:03:38.263Z","created_by":"elastic","enabled":true,"execution_status":{"last_execution_date":"2023-08-22T00:03:38.263Z","status":"pending"},"id":"58148c70-407f-11ee-850e-c71febc4ca7f","mute_all":false,"muted_alert_ids":[],"name":"my Elasticsearch query rule","notify_when":null,"params":{"aggType":"count","esQuery":"\"\"\"{\"query\":{\"match_all\" : {}}}\"\"\"","excludeHitsFromPreviousRun":true,"groupBy":"all","index":["kibana_sample_data_logs"],"searchType":"esQuery","size":100,"threshold":[100],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":1,"timeWindowUnit":"d"},"revision":0,"rule_type_id":".es-query","running":false,"schedule":{"interval":"1d"},"scheduled_task_id":"58148c70-407f-11ee-850e-c71febc4ca7f","tags":[],"throttle":null,"updated_at":"2023-08-22T00:03:38.263Z","updated_by":"elastic"}},"createIndexThresholdRuleResponse":{"description":"The response for successfully creating an index threshold rule.","summary":"Index threshold rule","value":{"actions":[{"connector_type_id":".server-log","frequency":{"notify_when":"onActionGroupChange","summary":false,"throttle":null},"group":"threshold met","id":"dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2","params":{"level":"info","message":"Rule {{rule.name}} is active for group {{context.group} :\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}}"},"uuid":"07aef2a0-9eed-4ef9-94ec-39ba58eb609d"}],"alert_delay":{"active":3},"api_key_created_by_user":false,"api_key_owner":"elastic","consumer":"alerts","created_at":"2022-06-08T17:20:31.632Z","created_by":"elastic","enabled":true,"execution_status":{"last_execution_date":"2022-06-08T17:20:31.632Z","status":"pending"},"id":"41893910-6bca-11eb-9e0d-85d233e3ee35","mute_all":false,"muted_alert_ids":[],"name":"my rule","notify_when":null,"params":{"aggField":"sheet.version","aggType":"avg","groupBy":"top","index":[".test-index"],"termField":"name.keyword","termSize":6,"threshold":[1000],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":5,"timeWindowUnit":"m"},"revision":0,"rule_type_id":".index-threshold","running":false,"schedule":{"interval":"1m"},"scheduled_task_id":"425b0800-6bca-11eb-9e0d-85d233e3ee35","tags":["cpu"],"throttle":null,"updated_at":"2022-06-08T17:20:31.632Z","updated_by":"elastic"}},"createTrackingContainmentRuleResponse":{"description":"The response for successfully creating a tracking containment rule.","summary":"Tracking containment rule","value":{"actions":[],"api_key_created_by_user":false,"api_key_owner":"elastic","consumer":"alerts","created_at":"2024-02-14T19:52:55.920Z","created_by":"elastic","enabled":true,"execution_status":{"last_duration":74,"last_execution_date":"2024-02-15T03:25:38.125Z","status":"ok"},"id":"b6883f9d-5f70-4758-a66e-369d7c26012f","last_run":{"alerts_count":{"active":0,"ignored":0,"new":0,"recovered":0},"outcome":"succeeded","outcome_msg":null,"outcome_order":0,"warning":null},"mute_all":false,"muted_alert_ids":[],"name":"my tracking rule","next_run":"2024-02-15T03:26:38.033Z","notify_when":null,"params":{"boundaryGeoField":"location","boundaryIndexId":"0cd90abf-abe7-44c7-909a-f621bbbcfefc","boundaryIndexTitle":"boundary*","boundaryNameField":"name","boundaryType":"entireIndex","dateField":"@timestamp","entity":"agent.keyword","geoField":"geo.coordinates","index":"kibana_sample_data_logs","indexId":"90943e30-9a47-11e8-b64d-95841ca0b247"},"revision":1,"rule_type_id":".geo-containment","running":false,"schedule":{"interval":"1h"},"scheduled_task_id":"b6883f9d-5f70-4758-a66e-369d7c26012f","tags":[],"throttle":null,"updated_at":"2024-02-15T03:24:32.574Z","updated_by":"elastic"}}},"schema":{"additionalProperties":false,"type":"object","properties":{"actions":{"items":{"additionalProperties":false,"type":"object","properties":{"alerts_filter":{"additionalProperties":false,"description":"Defines a period that limits whether the action runs.","type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"dsl":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL).","type":"string"},"filters":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.","items":{"additionalProperties":false,"type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"A filter can be either specific to an application context or applied globally.","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":{},"type":"object"},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql","filters"]},"timeframe":{"additionalProperties":false,"type":"object","properties":{"days":{"description":"Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.","items":{"enum":[1,2,3,4,5,6,7],"type":"integer"},"type":"array"},"hours":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end of the time frame in 24-hour notation (`hh:mm`).","type":"string"},"start":{"description":"The start of the time frame in 24-hour notation (`hh:mm`).","type":"string"}},"required":["start","end"]},"timezone":{"description":"The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.","type":"string"}},"required":["days","hours","timezone"]}}},"connector_type_id":{"description":"The type of connector. This property appears in responses but cannot be set in requests.","type":"string"},"frequency":{"additionalProperties":false,"type":"object","properties":{"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"type":"string"},"summary":{"description":"Indicates whether the action is a summary.","type":"boolean"},"throttle":{"description":"The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"}},"required":["summary","notify_when","throttle"]},"group":{"description":"The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.","type":"string"},"id":{"description":"The identifier for the connector saved object.","type":"string"},"params":{"additionalProperties":{},"description":"The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.","type":"object"},"use_alert_data_for_template":{"description":"Indicates whether to use alert data as a template.","type":"boolean"},"uuid":{"description":"A universally unique identifier (UUID) for the action.","type":"string"}},"required":["id","connector_type_id","params"]},"type":"array"},"active_snoozes":{"items":{"description":"List of active snoozes for the rule.","type":"string"},"type":"array"},"alert_delay":{"additionalProperties":false,"description":"Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.","type":"object","properties":{"active":{"description":"The number of consecutive runs that must meet the rule conditions.","type":"number"}},"required":["active"]},"api_key_created_by_user":{"description":"Indicates whether the API key that is associated with the rule was created by the user.","nullable":true,"type":"boolean"},"api_key_owner":{"description":"The owner of the API key that is associated with the rule and used to run background tasks.","nullable":true,"type":"string"},"artifacts":{"additionalProperties":false,"type":"object","properties":{"dashboards":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"investigation_guide":{"additionalProperties":false,"type":"object","properties":{"blob":{"description":"User-created content that describes alert causes and remdiation.","type":"string"}},"required":["blob"]}}},"consumer":{"description":"The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.","type":"string"},"created_at":{"description":"The date and time that the rule was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the rule.","nullable":true,"type":"string"},"enabled":{"description":"Indicates whether you want to run the rule on an interval basis after it is created.","type":"boolean"},"execution_status":{"additionalProperties":false,"type":"object","properties":{"error":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"Error message.","type":"string"},"reason":{"description":"Reason for error.","enum":["read","decrypt","execute","unknown","license","timeout","disabled","validate"],"type":"string"}},"required":["reason","message"]},"last_duration":{"description":"Duration of last execution of the rule.","type":"number"},"last_execution_date":{"description":"The date and time when rule was executed last.","type":"string"},"status":{"description":"Status of rule execution.","enum":["ok","active","error","warning","pending","unknown"],"type":"string"},"warning":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"Warning message.","type":"string"},"reason":{"description":"Reason for warning.","enum":["maxExecutableActions","maxAlerts","maxQueuedActions","ruleExecution"],"type":"string"}},"required":["reason","message"]}},"required":["status","last_execution_date"]},"flapping":{"additionalProperties":false,"description":"When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced.","nullable":true,"type":"object","properties":{"look_back_window":{"description":"The minimum number of runs in which the threshold must be met.","maximum":20,"minimum":2,"type":"number"},"status_change_threshold":{"description":"The minimum number of times an alert must switch states in the look back window.","maximum":20,"minimum":2,"type":"number"}},"required":["look_back_window","status_change_threshold"]},"id":{"description":"The identifier for the rule.","type":"string"},"is_snoozed_until":{"description":"The date when the rule will no longer be snoozed.","nullable":true,"type":"string"},"last_run":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"alerts_count":{"additionalProperties":false,"type":"object","properties":{"active":{"description":"Number of active alerts during last run.","nullable":true,"type":"number"},"ignored":{"description":"Number of ignored alerts during last run.","nullable":true,"type":"number"},"new":{"description":"Number of new alerts during last run.","nullable":true,"type":"number"},"recovered":{"description":"Number of recovered alerts during last run.","nullable":true,"type":"number"}}},"outcome":{"description":"Outcome of last run of the rule. Value could be succeeded, warning or failed.","enum":["succeeded","warning","failed"],"type":"string"},"outcome_msg":{"items":{"description":"Outcome message generated during last rule run.","type":"string"},"nullable":true,"type":"array"},"outcome_order":{"description":"Order of the outcome.","type":"number"},"warning":{"description":"Warning of last rule execution.","enum":["read","decrypt","execute","unknown","license","timeout","disabled","validate","maxExecutableActions","maxAlerts","maxQueuedActions","ruleExecution"],"nullable":true,"type":"string"}},"required":["outcome","alerts_count"]},"mapped_params":{"additionalProperties":{},"type":"object"},"monitoring":{"additionalProperties":false,"description":"Monitoring details of the rule.","type":"object","properties":{"run":{"additionalProperties":false,"description":"Rule run details.","type":"object","properties":{"calculated_metrics":{"additionalProperties":false,"description":"Calculation of different percentiles and success ratio.","type":"object","properties":{"p50":{"type":"number"},"p95":{"type":"number"},"p99":{"type":"number"},"success_ratio":{"type":"number"}},"required":["success_ratio"]},"history":{"description":"History of the rule run.","items":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of the rule run.","type":"number"},"outcome":{"description":"Outcome of last run of the rule. Value could be succeeded, warning or failed.","enum":["succeeded","warning","failed"],"type":"string"},"success":{"description":"Indicates whether the rule run was successful.","type":"boolean"},"timestamp":{"description":"Time of rule run.","type":"number"}},"required":["success","timestamp"]},"type":"array"},"last_run":{"additionalProperties":false,"type":"object","properties":{"metrics":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of most recent rule run.","type":"number"},"gap_duration_s":{"description":"Duration in seconds of rule run gap.","nullable":true,"type":"number"},"gap_range":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"gte":{"description":"End of the gap range.","type":"string"},"lte":{"description":"Start of the gap range.","type":"string"}},"required":["lte","gte"]},"total_alerts_created":{"description":"Total number of alerts created during last rule run.","nullable":true,"type":"number"},"total_alerts_detected":{"description":"Total number of alerts detected during last rule run.","nullable":true,"type":"number"},"total_indexing_duration_ms":{"description":"Total time spent indexing documents during last rule run in milliseconds.","nullable":true,"type":"number"},"total_search_duration_ms":{"description":"Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.","nullable":true,"type":"number"}}},"timestamp":{"description":"Time of the most recent rule run.","type":"string"}},"required":["timestamp","metrics"]}},"required":["history","calculated_metrics","last_run"]}},"required":["run"]},"mute_all":{"description":"Indicates whether all alerts are muted.","type":"boolean"},"muted_alert_ids":{"items":{"description":"List of identifiers of muted alerts. ","type":"string"},"type":"array"},"name":{"description":" The name of the rule.","type":"string"},"next_run":{"description":"Date and time of the next run of the rule.","nullable":true,"type":"string"},"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"nullable":true,"type":"string"},"params":{"additionalProperties":{},"description":"The parameters for the rule.","type":"object"},"revision":{"description":"The rule revision number.","type":"number"},"rule_type_id":{"description":"The rule type identifier.","type":"string"},"running":{"description":"Indicates whether the rule is running.","nullable":true,"type":"boolean"},"schedule":{"additionalProperties":false,"type":"object","properties":{"interval":{"description":"The interval is specified in seconds, minutes, hours, or days.","type":"string"}},"required":["interval"]},"scheduled_task_id":{"description":"Identifier of the scheduled task.","type":"string"},"snooze_schedule":{"items":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of the rule snooze schedule.","type":"number"},"id":{"description":"Identifier of the rule snooze schedule.","type":"string"},"rRule":{"additionalProperties":false,"type":"object","properties":{"byhour":{"items":{"description":"Indicates hours of the day to recur.","type":"number"},"nullable":true,"type":"array"},"byminute":{"items":{"description":"Indicates minutes of the hour to recur.","type":"number"},"nullable":true,"type":"array"},"bymonth":{"items":{"description":"Indicates months of the year that this rule should recur.","type":"number"},"nullable":true,"type":"array"},"bymonthday":{"items":{"description":"Indicates the days of the month to recur.","type":"number"},"nullable":true,"type":"array"},"bysecond":{"items":{"description":"Indicates seconds of the day to recur.","type":"number"},"nullable":true,"type":"array"},"bysetpos":{"items":{"description":"A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.","type":"number"},"nullable":true,"type":"array"},"byweekday":{"items":{"anyOf":[{"type":"string"},{"type":"number"}],"description":"Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination."},"nullable":true,"type":"array"},"byweekno":{"items":{"description":"Indicates number of the week hours to recur.","type":"number"},"nullable":true,"type":"array"},"byyearday":{"items":{"description":"Indicates the days of the year that this rule should recur.","type":"number"},"nullable":true,"type":"array"},"count":{"description":"Number of times the rule should recur until it stops.","type":"number"},"dtstart":{"description":"Rule start date in Coordinated Universal Time (UTC).","type":"string"},"freq":{"description":"Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.","enum":[0,1,2,3,4,5,6],"type":"integer"},"interval":{"description":"Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.","type":"number"},"tzid":{"description":"Indicates timezone abbreviation.","type":"string"},"until":{"description":"Recur the rule until this date.","type":"string"},"wkst":{"description":"Indicates the start of week, defaults to Monday.","enum":["MO","TU","WE","TH","FR","SA","SU"],"type":"string"}},"required":["dtstart","tzid"]},"skipRecurrences":{"items":{"description":"Skips recurrence of rule on this date.","type":"string"},"type":"array"}},"required":["duration","rRule"]},"type":"array"},"tags":{"items":{"description":"The tags for the rule.","type":"string"},"type":"array"},"throttle":{"deprecated":true,"description":"Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"},"updated_at":{"description":"The date and time that the rule was updated most recently.","type":"string"},"updated_by":{"description":"The identifier for the user that updated this rule most recently.","nullable":true,"type":"string"},"view_in_app_relative_url":{"description":"Relative URL to view rule in the app.","nullable":true,"type":"string"}},"required":["id","enabled","name","tags","rule_type_id","consumer","schedule","actions","params","created_by","updated_by","created_at","updated_at","api_key_owner","mute_all","muted_alert_ids","execution_status","revision"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"409":{"description":"Indicates that the rule id is already in use."}},"summary":"Create a rule","tags":["alerting"]},"put":{"operationId":"put-alerting-rule-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"examples":{"updateRuleRequest":{"description":"Update an index threshold rule that uses a server log connector to send notifications when the threshold is met.","summary":"Index threshold rule","value":{"actions":[{"frequency":{"notify_when":"onActionGroupChange","summary":false},"group":"threshold met","id":"96b668d0-a1b6-11ed-afdf-d39a49596974","params":{"level":"info","message":"Rule {{rule.name}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}}"}}],"name":"new name","params":{"aggField":"sheet.version","aggType":"avg","groupBy":"top","index":[".updated-index"],"termField":"name.keyword","termSize":6,"threshold":[1000],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":5,"timeWindowUnit":"m"},"schedule":{"interval":"1m"},"tags":[]}}},"schema":{"additionalProperties":false,"type":"object","properties":{"actions":{"default":[],"items":{"additionalProperties":false,"description":"An action that runs under defined conditions.","type":"object","properties":{"alerts_filter":{"additionalProperties":false,"type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"dsl":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL).","type":"string"},"filters":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.","items":{"additionalProperties":false,"type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"A filter can be either specific to an application context or applied globally.","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":{},"type":"object"},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql","filters"]},"timeframe":{"additionalProperties":false,"description":"Defines a period that limits whether the action runs.","type":"object","properties":{"days":{"description":"Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.","items":{"enum":[1,2,3,4,5,6,7],"type":"integer"},"type":"array"},"hours":{"additionalProperties":false,"description":"Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.","type":"object","properties":{"end":{"description":"The end of the time frame in 24-hour notation (`hh:mm`).","type":"string"},"start":{"description":"The start of the time frame in 24-hour notation (`hh:mm`).","type":"string"}},"required":["start","end"]},"timezone":{"description":"The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.","type":"string"}},"required":["days","hours","timezone"]}}},"frequency":{"additionalProperties":false,"type":"object","properties":{"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"type":"string"},"summary":{"description":"Indicates whether the action is a summary.","type":"boolean"},"throttle":{"description":"The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"}},"required":["summary","notify_when","throttle"]},"group":{"description":"The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.","type":"string"},"id":{"description":"The identifier for the connector saved object.","type":"string"},"params":{"additionalProperties":{},"default":{},"description":"The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.","type":"object"},"use_alert_data_for_template":{"description":"Indicates whether to use alert data as a template.","type":"boolean"},"uuid":{"description":"A universally unique identifier (UUID) for the action.","type":"string"}},"required":["id"]},"type":"array"},"alert_delay":{"additionalProperties":false,"description":"Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.","type":"object","properties":{"active":{"description":"The number of consecutive runs that must meet the rule conditions.","type":"number"}},"required":["active"]},"artifacts":{"additionalProperties":false,"type":"object","properties":{"dashboards":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"maxItems":10,"type":"array"},"investigation_guide":{"additionalProperties":false,"type":"object","properties":{"blob":{"maxLength":1000,"type":"string"}},"required":["blob"]}}},"flapping":{"additionalProperties":false,"description":"When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced.","nullable":true,"type":"object","properties":{"look_back_window":{"description":"The minimum number of runs in which the threshold must be met.","maximum":20,"minimum":2,"type":"number"},"status_change_threshold":{"description":"The minimum number of times an alert must switch states in the look back window.","maximum":20,"minimum":2,"type":"number"}},"required":["look_back_window","status_change_threshold"]},"name":{"description":"The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.","type":"string"},"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"nullable":true,"type":"string"},"params":{"additionalProperties":{},"default":{},"description":"The parameters for the rule.","type":"object"},"schedule":{"additionalProperties":false,"type":"object","properties":{"interval":{"description":"The interval is specified in seconds, minutes, hours, or days.","type":"string"}},"required":["interval"]},"tags":{"default":[],"items":{"description":"The tags for the rule.","type":"string"},"type":"array"},"throttle":{"description":"Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"}},"required":["name","schedule"]}}}},"responses":{"200":{"content":{"application/json":{"examples":{"updateRuleResponse":{"description":"The response for successfully updating an index threshold rule.","summary":"Index threshold rule","value":{"actions":[{"connector_type_id":".server-log","frequency":{"notify_when":"onActionGroupChange","summary":false,"throttle":null},"group":"threshold met","id":"96b668d0-a1b6-11ed-afdf-d39a49596974","params":{"level":"info","message":"Rule {{rule.name}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}"},"uuid":"07aef2a0-9eed-4ef9-94ec-39ba58eb609d"}],"api_key_created_by_user":false,"api_key_owner":"elastic","consumer":"alerts","created_at":"2024-03-26T23:13:20.985Z","created_by":"elastic","enabled":true,"execution_status":{"last_duration":52,"last_execution_date":"2024-03-26T23:22:51.390Z","status":"ok"},"id":"ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74","last_run":{"alerts_count":{"active":0,"ignored":0,"new":0,"recovered":0},"outcome":"succeeded","outcome_msg":null,"warning":null},"mute_all":false,"muted_alert_ids":[],"name":"new name","next_run":"2024-03-26T23:23:51.316Z","params":{"aggField":"sheet.version","aggType":"avg","groupBy":"top","index":[".updated-index"],"termField":"name.keyword","termSize":6,"threshold":[1000],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":5,"timeWindowUnit":"m"},"revision":1,"rule_type_id":".index-threshold","running":false,"schedule":{"interval":"1m"},"scheduled_task_id":"4c5eda00-e74f-11ec-b72f-5b18752ff9ea","tags":[],"throttle":null,"updated_at":"2024-03-26T23:22:59.949Z","updated_by":"elastic"}}},"schema":{"additionalProperties":false,"type":"object","properties":{"actions":{"items":{"additionalProperties":false,"type":"object","properties":{"alerts_filter":{"additionalProperties":false,"description":"Defines a period that limits whether the action runs.","type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"dsl":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL).","type":"string"},"filters":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.","items":{"additionalProperties":false,"type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"A filter can be either specific to an application context or applied globally.","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":{},"type":"object"},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql","filters"]},"timeframe":{"additionalProperties":false,"type":"object","properties":{"days":{"description":"Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.","items":{"enum":[1,2,3,4,5,6,7],"type":"integer"},"type":"array"},"hours":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end of the time frame in 24-hour notation (`hh:mm`).","type":"string"},"start":{"description":"The start of the time frame in 24-hour notation (`hh:mm`).","type":"string"}},"required":["start","end"]},"timezone":{"description":"The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.","type":"string"}},"required":["days","hours","timezone"]}}},"connector_type_id":{"description":"The type of connector. This property appears in responses but cannot be set in requests.","type":"string"},"frequency":{"additionalProperties":false,"type":"object","properties":{"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"type":"string"},"summary":{"description":"Indicates whether the action is a summary.","type":"boolean"},"throttle":{"description":"The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"}},"required":["summary","notify_when","throttle"]},"group":{"description":"The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.","type":"string"},"id":{"description":"The identifier for the connector saved object.","type":"string"},"params":{"additionalProperties":{},"description":"The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.","type":"object"},"use_alert_data_for_template":{"description":"Indicates whether to use alert data as a template.","type":"boolean"},"uuid":{"description":"A universally unique identifier (UUID) for the action.","type":"string"}},"required":["id","connector_type_id","params"]},"type":"array"},"active_snoozes":{"items":{"description":"List of active snoozes for the rule.","type":"string"},"type":"array"},"alert_delay":{"additionalProperties":false,"description":"Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.","type":"object","properties":{"active":{"description":"The number of consecutive runs that must meet the rule conditions.","type":"number"}},"required":["active"]},"api_key_created_by_user":{"description":"Indicates whether the API key that is associated with the rule was created by the user.","nullable":true,"type":"boolean"},"api_key_owner":{"description":"The owner of the API key that is associated with the rule and used to run background tasks.","nullable":true,"type":"string"},"artifacts":{"additionalProperties":false,"type":"object","properties":{"dashboards":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"investigation_guide":{"additionalProperties":false,"type":"object","properties":{"blob":{"description":"User-created content that describes alert causes and remdiation.","type":"string"}},"required":["blob"]}}},"consumer":{"description":"The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.","type":"string"},"created_at":{"description":"The date and time that the rule was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the rule.","nullable":true,"type":"string"},"enabled":{"description":"Indicates whether you want to run the rule on an interval basis after it is created.","type":"boolean"},"execution_status":{"additionalProperties":false,"type":"object","properties":{"error":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"Error message.","type":"string"},"reason":{"description":"Reason for error.","enum":["read","decrypt","execute","unknown","license","timeout","disabled","validate"],"type":"string"}},"required":["reason","message"]},"last_duration":{"description":"Duration of last execution of the rule.","type":"number"},"last_execution_date":{"description":"The date and time when rule was executed last.","type":"string"},"status":{"description":"Status of rule execution.","enum":["ok","active","error","warning","pending","unknown"],"type":"string"},"warning":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"Warning message.","type":"string"},"reason":{"description":"Reason for warning.","enum":["maxExecutableActions","maxAlerts","maxQueuedActions","ruleExecution"],"type":"string"}},"required":["reason","message"]}},"required":["status","last_execution_date"]},"flapping":{"additionalProperties":false,"description":"When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced.","nullable":true,"type":"object","properties":{"look_back_window":{"description":"The minimum number of runs in which the threshold must be met.","maximum":20,"minimum":2,"type":"number"},"status_change_threshold":{"description":"The minimum number of times an alert must switch states in the look back window.","maximum":20,"minimum":2,"type":"number"}},"required":["look_back_window","status_change_threshold"]},"id":{"description":"The identifier for the rule.","type":"string"},"is_snoozed_until":{"description":"The date when the rule will no longer be snoozed.","nullable":true,"type":"string"},"last_run":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"alerts_count":{"additionalProperties":false,"type":"object","properties":{"active":{"description":"Number of active alerts during last run.","nullable":true,"type":"number"},"ignored":{"description":"Number of ignored alerts during last run.","nullable":true,"type":"number"},"new":{"description":"Number of new alerts during last run.","nullable":true,"type":"number"},"recovered":{"description":"Number of recovered alerts during last run.","nullable":true,"type":"number"}}},"outcome":{"description":"Outcome of last run of the rule. Value could be succeeded, warning or failed.","enum":["succeeded","warning","failed"],"type":"string"},"outcome_msg":{"items":{"description":"Outcome message generated during last rule run.","type":"string"},"nullable":true,"type":"array"},"outcome_order":{"description":"Order of the outcome.","type":"number"},"warning":{"description":"Warning of last rule execution.","enum":["read","decrypt","execute","unknown","license","timeout","disabled","validate","maxExecutableActions","maxAlerts","maxQueuedActions","ruleExecution"],"nullable":true,"type":"string"}},"required":["outcome","alerts_count"]},"mapped_params":{"additionalProperties":{},"type":"object"},"monitoring":{"additionalProperties":false,"description":"Monitoring details of the rule.","type":"object","properties":{"run":{"additionalProperties":false,"description":"Rule run details.","type":"object","properties":{"calculated_metrics":{"additionalProperties":false,"description":"Calculation of different percentiles and success ratio.","type":"object","properties":{"p50":{"type":"number"},"p95":{"type":"number"},"p99":{"type":"number"},"success_ratio":{"type":"number"}},"required":["success_ratio"]},"history":{"description":"History of the rule run.","items":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of the rule run.","type":"number"},"outcome":{"description":"Outcome of last run of the rule. Value could be succeeded, warning or failed.","enum":["succeeded","warning","failed"],"type":"string"},"success":{"description":"Indicates whether the rule run was successful.","type":"boolean"},"timestamp":{"description":"Time of rule run.","type":"number"}},"required":["success","timestamp"]},"type":"array"},"last_run":{"additionalProperties":false,"type":"object","properties":{"metrics":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of most recent rule run.","type":"number"},"gap_duration_s":{"description":"Duration in seconds of rule run gap.","nullable":true,"type":"number"},"gap_range":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"gte":{"description":"End of the gap range.","type":"string"},"lte":{"description":"Start of the gap range.","type":"string"}},"required":["lte","gte"]},"total_alerts_created":{"description":"Total number of alerts created during last rule run.","nullable":true,"type":"number"},"total_alerts_detected":{"description":"Total number of alerts detected during last rule run.","nullable":true,"type":"number"},"total_indexing_duration_ms":{"description":"Total time spent indexing documents during last rule run in milliseconds.","nullable":true,"type":"number"},"total_search_duration_ms":{"description":"Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.","nullable":true,"type":"number"}}},"timestamp":{"description":"Time of the most recent rule run.","type":"string"}},"required":["timestamp","metrics"]}},"required":["history","calculated_metrics","last_run"]}},"required":["run"]},"mute_all":{"description":"Indicates whether all alerts are muted.","type":"boolean"},"muted_alert_ids":{"items":{"description":"List of identifiers of muted alerts. ","type":"string"},"type":"array"},"name":{"description":" The name of the rule.","type":"string"},"next_run":{"description":"Date and time of the next run of the rule.","nullable":true,"type":"string"},"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"nullable":true,"type":"string"},"params":{"additionalProperties":{},"description":"The parameters for the rule.","type":"object"},"revision":{"description":"The rule revision number.","type":"number"},"rule_type_id":{"description":"The rule type identifier.","type":"string"},"running":{"description":"Indicates whether the rule is running.","nullable":true,"type":"boolean"},"schedule":{"additionalProperties":false,"type":"object","properties":{"interval":{"description":"The interval is specified in seconds, minutes, hours, or days.","type":"string"}},"required":["interval"]},"scheduled_task_id":{"description":"Identifier of the scheduled task.","type":"string"},"snooze_schedule":{"items":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of the rule snooze schedule.","type":"number"},"id":{"description":"Identifier of the rule snooze schedule.","type":"string"},"rRule":{"additionalProperties":false,"type":"object","properties":{"byhour":{"items":{"description":"Indicates hours of the day to recur.","type":"number"},"nullable":true,"type":"array"},"byminute":{"items":{"description":"Indicates minutes of the hour to recur.","type":"number"},"nullable":true,"type":"array"},"bymonth":{"items":{"description":"Indicates months of the year that this rule should recur.","type":"number"},"nullable":true,"type":"array"},"bymonthday":{"items":{"description":"Indicates the days of the month to recur.","type":"number"},"nullable":true,"type":"array"},"bysecond":{"items":{"description":"Indicates seconds of the day to recur.","type":"number"},"nullable":true,"type":"array"},"bysetpos":{"items":{"description":"A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.","type":"number"},"nullable":true,"type":"array"},"byweekday":{"items":{"anyOf":[{"type":"string"},{"type":"number"}],"description":"Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination."},"nullable":true,"type":"array"},"byweekno":{"items":{"description":"Indicates number of the week hours to recur.","type":"number"},"nullable":true,"type":"array"},"byyearday":{"items":{"description":"Indicates the days of the year that this rule should recur.","type":"number"},"nullable":true,"type":"array"},"count":{"description":"Number of times the rule should recur until it stops.","type":"number"},"dtstart":{"description":"Rule start date in Coordinated Universal Time (UTC).","type":"string"},"freq":{"description":"Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.","enum":[0,1,2,3,4,5,6],"type":"integer"},"interval":{"description":"Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.","type":"number"},"tzid":{"description":"Indicates timezone abbreviation.","type":"string"},"until":{"description":"Recur the rule until this date.","type":"string"},"wkst":{"description":"Indicates the start of week, defaults to Monday.","enum":["MO","TU","WE","TH","FR","SA","SU"],"type":"string"}},"required":["dtstart","tzid"]},"skipRecurrences":{"items":{"description":"Skips recurrence of rule on this date.","type":"string"},"type":"array"}},"required":["duration","rRule"]},"type":"array"},"tags":{"items":{"description":"The tags for the rule.","type":"string"},"type":"array"},"throttle":{"deprecated":true,"description":"Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"},"updated_at":{"description":"The date and time that the rule was updated most recently.","type":"string"},"updated_by":{"description":"The identifier for the user that updated this rule most recently.","nullable":true,"type":"string"},"view_in_app_relative_url":{"description":"Relative URL to view rule in the app.","nullable":true,"type":"string"}},"required":["id","enabled","name","tags","rule_type_id","consumer","schedule","actions","params","created_by","updated_by","created_at","updated_at","api_key_owner","mute_all","muted_alert_ids","execution_status","revision"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given ID does not exist."},"409":{"description":"Indicates that the rule has already been updated by another user."}},"summary":"Update a rule","tags":["alerting"]}},"/api/alerting/rule/{id}/_disable":{"post":{"operationId":"post-alerting-rule-id-disable","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"untrack":{"description":"Defines whether this rule's alerts should be untracked.","type":"boolean"}},"x-oas-optional":true}}}},"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given ID does not exist."}},"summary":"Disable a rule","tags":["alerting"]}},"/api/alerting/rule/{id}/_enable":{"post":{"operationId":"post-alerting-rule-id-enable","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given ID does not exist."}},"summary":"Enable a rule","tags":["alerting"]}},"/api/alerting/rule/{id}/_mute_all":{"post":{"operationId":"post-alerting-rule-id-mute-all","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given ID does not exist."}},"summary":"Mute all alerts","tags":["alerting"]}},"/api/alerting/rule/{id}/_unmute_all":{"post":{"operationId":"post-alerting-rule-id-unmute-all","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given ID does not exist."}},"summary":"Unmute all alerts","tags":["alerting"]}},"/api/alerting/rule/{id}/_update_api_key":{"post":{"operationId":"post-alerting-rule-id-update-api-key","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given ID does not exist."},"409":{"description":"Indicates that the rule has already been updated by another user."}},"summary":"Update the API key for a rule","tags":["alerting"]}},"/api/alerting/rule/{id}/snooze_schedule":{"post":{"description":"When you snooze a rule, the rule checks continue to run but alerts will not generate actions. You can snooze for a specified period of time and schedule single or recurring downtimes.","operationId":"post-alerting-rule-id-snooze-schedule","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"Identifier of the rule.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","minimum":1,"type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"maximum":12,"minimum":1,"type":"number"},"minItems":1,"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"maximum":31,"minimum":1,"type":"number"},"minItems":1,"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"minItems":1,"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]}}}},"required":["schedule"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"body":{"additionalProperties":false,"type":"object","properties":{"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","minimum":1,"type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"maximum":12,"minimum":1,"type":"number"},"minItems":1,"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"maximum":31,"minimum":1,"type":"number"},"minItems":1,"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"minItems":1,"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]},"id":{"description":"Identifier of the snooze schedule.","type":"string"}},"required":["id"]}},"required":["schedule"]}},"required":["body"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given id does not exist."}},"summary":"Schedule a snooze for the rule","tags":["alerting"],"x-state":"Generally available; added in 8.19.0"}},"/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute":{"post":{"operationId":"post-alerting-rule-rule-id-alert-alert-id-mute","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"rule_id","required":true,"schema":{"type":"string"}},{"description":"The identifier for the alert.","in":"path","name":"alert_id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule or alert with the given ID does not exist."}},"summary":"Mute an alert","tags":["alerting"]}},"/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute":{"post":{"operationId":"post-alerting-rule-rule-id-alert-alert-id-unmute","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"rule_id","required":true,"schema":{"type":"string"}},{"description":"The identifier for the alert.","in":"path","name":"alert_id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule or alert with the given ID does not exist."}},"summary":"Unmute an alert","tags":["alerting"]}},"/api/alerting/rule/{ruleId}/snooze_schedule/{scheduleId}":{"delete":{"operationId":"delete-alerting-rule-ruleid-snooze-schedule-scheduleid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the rule.","in":"path","name":"ruleId","required":true,"schema":{"type":"string"}},{"description":"The identifier for the snooze schedule.","in":"path","name":"scheduleId","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a rule with the given id does not exist."}},"summary":"Delete a snooze schedule for a rule","tags":["alerting"],"x-state":"Generally available; added in 8.19.0"}},"/api/alerting/rules/_find":{"get":{"operationId":"get-alerting-rules-find","parameters":[{"description":"The number of rules to return per page.","in":"query","name":"per_page","required":false,"schema":{"default":10,"minimum":0,"type":"number"}},{"description":"The page number to return.","in":"query","name":"page","required":false,"schema":{"default":1,"minimum":1,"type":"number"}},{"description":"An Elasticsearch simple_query_string query that filters the objects in the response.","in":"query","name":"search","required":false,"schema":{"type":"string"}},{"description":"The default operator to use for the simple_query_string.","in":"query","name":"default_search_operator","required":false,"schema":{"default":"OR","enum":["OR","AND"],"type":"string"}},{"description":"The fields to perform the simple_query_string parsed query against.","in":"query","name":"search_fields","required":false,"schema":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]}},{"description":"Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.","in":"query","name":"sort_field","required":false,"schema":{"type":"string"}},{"description":"Determines the sort order.","in":"query","name":"sort_order","required":false,"schema":{"enum":["asc","desc"],"type":"string"}},{"description":"Filters the rules that have a relation with the reference objects with a specific type and identifier.","in":"query","name":"has_reference","required":false,"schema":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"}},"required":["type","id"]}},{"in":"query","name":"fields","required":false,"schema":{"items":{"description":"The fields to return in the `attributes` key of the response.","type":"string"},"type":"array"}},{"description":"A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt \u003e 2018-12-22`.","in":"query","name":"filter","required":false,"schema":{"type":"string"}},{"in":"query","name":"filter_consumers","required":false,"schema":{"items":{"description":"List of consumers to filter.","type":"string"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"examples":{"findConditionalActionRulesResponse":{"description":"A response that contains information about an index threshold rule.","summary":"Index threshold rule","value":{"data":[{"actions":[{"frequency":{"notify_when":"onActionGroupChange","summary":false,"throttle":null},"group":"threshold met","id":"9dca3e00-74f5-11ed-9801-35303b735aef","params":{"connector_type_id":".server-log","level":"info","message":"Rule {{rule.name}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}\n- Timestamp: {{context.date}}"},"uuid":"1c7a1280-f28c-4e06-96b2-e4e5f05d1d61"}],"api_key_created_by_user":false,"api_key_owner":"elastic","consumer":"alerts","created_at":"2022-12-05T23:40:33.132Z","created_by":"elastic","enabled":true,"execution_status":{"last_duration":48,"last_execution_date":"2022-12-06T01:44:23.983Z","status":"ok"},"id":"3583a470-74f6-11ed-9801-35303b735aef","last_run":{"alerts_count":{"active":0,"ignored":0,"new":0,"recovered":0},"outcome":"succeeded","outcome_msg":null,"warning":null},"mute_all":false,"muted_alert_ids":[],"name":"my alert","next_run":"2022-12-06T01:45:23.912Z","params":{"aggField":"sheet.version","aggType":"avg","groupBy":"top","index":["test-index"],"termField":"name.keyword","termSize":6,"threshold":[1000],"thresholdComparator":"\u003e","timeField":"@timestamp","timeWindowSize":5,"timeWindowUnit":"m"},"revision":1,"rule_type_id":".index-threshold","schedule":{"interval":"1m"},"scheduled_task_id":"3583a470-74f6-11ed-9801-35303b735aef","tags":["cpu"],"throttle":null,"updated_at":"2022-12-05T23:40:33.132Z","updated_by":"elastic"}],"page":1,"per_page":10,"total":1}},"findRulesResponse":{"description":"A response that contains information about a security rule that has conditional actions.","summary":"Security rule","value":{"data":[{"actions":[{"alerts_filter":{"query":{"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"field":"client.geo.region_iso_code","index":"c4bdca79-e69e-4d80-82a1-e5192c621bea","key":"client.geo.region_iso_code","negate":false,"params":{"query":"CA-QC","type":"phrase"}},"query":{"match_phrase":{"client.geo.region_iso_code":"CA-QC"}}}],"kql":""},"timeframe":{"days":[7],"hours":{"end":"17:00","start":"08:00"},"timezone":"UTC"}},"connector_type_id":".index","frequency":{"notify_when":"onActiveAlert","summary":true,"throttle":null},"group":"default","id":"49eae970-f401-11ed-9f8e-399c75a2deeb","params":{"documents":[{"alert_id":{"[object Object]":null},"context_message":{"[object Object]":null},"rule_id":{"[object Object]":null},"rule_name":{"[object Object]":null}}]},"uuid":"1c7a1280-f28c-4e06-96b2-e4e5f05d1d61"}],"api_key_created_by_user":false,"api_key_owner":"elastic","consumer":"siem","created_at":"2023-05-16T15:50:28.358Z","created_by":"elastic","enabled":true,"execution_status":{"last_duration":166,"last_execution_date":"2023-05-16T20:26:49.590Z","status":"ok"},"id":"6107a8f0-f401-11ed-9f8e-399c75a2deeb","last_run":{"alerts_count":{"active":0,"ignored":0,"new":0,"recovered":0},"outcome":"succeeded","outcome_msg":["Rule execution completed successfully"],"outcome_order":0,"warning":null},"mute_all":false,"muted_alert_ids":[],"name":"security_rule","next_run":"2023-05-16T20:27:49.507Z","notify_when":null,"params":{"author":[],"description":"A security threshold rule.","exceptionsList":[],"falsePositives":[],"filters":[],"from":"now-3660s","immutable":false,"index":["kibana_sample_data_logs"],"language":"kuery","license":"","maxSignals":100,"meta":{"from":"1h","kibana_siem_app_url":"https://localhost:5601/app/security"},"outputIndex":"","query":"*","references":[],"riskScore":21,"riskScoreMapping":[],"ruleId":"an_internal_rule_id","severity":"low","severityMapping":[],"threat":[],"threshold":{"cardinality":[],"field":["bytes"],"value":1},"to":"now","type":"threshold","version":1},"revision":1,"rule_type_id":"siem.thresholdRule","running":false,"schedule":{"interval":"1m"},"scheduled_task_id":"6107a8f0-f401-11ed-9f8e-399c75a2deeb","tags":[],"throttle":null,"updated_at":"2023-05-16T20:25:42.559Z","updated_by":"elastic"}],"page":1,"per_page":10,"total":1}}},"schema":{"additionalProperties":false,"type":"object","properties":{"actions":{"items":{"additionalProperties":false,"type":"object","properties":{"alerts_filter":{"additionalProperties":false,"description":"Defines a period that limits whether the action runs.","type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"dsl":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL).","type":"string"},"filters":{"description":"A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.","items":{"additionalProperties":false,"type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"A filter can be either specific to an application context or applied globally.","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":{},"type":"object"},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql","filters"]},"timeframe":{"additionalProperties":false,"type":"object","properties":{"days":{"description":"Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.","items":{"enum":[1,2,3,4,5,6,7],"type":"integer"},"type":"array"},"hours":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end of the time frame in 24-hour notation (`hh:mm`).","type":"string"},"start":{"description":"The start of the time frame in 24-hour notation (`hh:mm`).","type":"string"}},"required":["start","end"]},"timezone":{"description":"The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.","type":"string"}},"required":["days","hours","timezone"]}}},"connector_type_id":{"description":"The type of connector. This property appears in responses but cannot be set in requests.","type":"string"},"frequency":{"additionalProperties":false,"type":"object","properties":{"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"type":"string"},"summary":{"description":"Indicates whether the action is a summary.","type":"boolean"},"throttle":{"description":"The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"}},"required":["summary","notify_when","throttle"]},"group":{"description":"The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.","type":"string"},"id":{"description":"The identifier for the connector saved object.","type":"string"},"params":{"additionalProperties":{},"description":"The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.","type":"object"},"use_alert_data_for_template":{"description":"Indicates whether to use alert data as a template.","type":"boolean"},"uuid":{"description":"A universally unique identifier (UUID) for the action.","type":"string"}},"required":["id","connector_type_id","params"]},"type":"array"},"active_snoozes":{"items":{"description":"List of active snoozes for the rule.","type":"string"},"type":"array"},"alert_delay":{"additionalProperties":false,"description":"Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.","type":"object","properties":{"active":{"description":"The number of consecutive runs that must meet the rule conditions.","type":"number"}},"required":["active"]},"api_key_created_by_user":{"description":"Indicates whether the API key that is associated with the rule was created by the user.","nullable":true,"type":"boolean"},"api_key_owner":{"description":"The owner of the API key that is associated with the rule and used to run background tasks.","nullable":true,"type":"string"},"artifacts":{"additionalProperties":false,"type":"object","properties":{"dashboards":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"investigation_guide":{"additionalProperties":false,"type":"object","properties":{"blob":{"description":"User-created content that describes alert causes and remdiation.","type":"string"}},"required":["blob"]}}},"consumer":{"description":"The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.","type":"string"},"created_at":{"description":"The date and time that the rule was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the rule.","nullable":true,"type":"string"},"enabled":{"description":"Indicates whether you want to run the rule on an interval basis after it is created.","type":"boolean"},"execution_status":{"additionalProperties":false,"type":"object","properties":{"error":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"Error message.","type":"string"},"reason":{"description":"Reason for error.","enum":["read","decrypt","execute","unknown","license","timeout","disabled","validate"],"type":"string"}},"required":["reason","message"]},"last_duration":{"description":"Duration of last execution of the rule.","type":"number"},"last_execution_date":{"description":"The date and time when rule was executed last.","type":"string"},"status":{"description":"Status of rule execution.","enum":["ok","active","error","warning","pending","unknown"],"type":"string"},"warning":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"Warning message.","type":"string"},"reason":{"description":"Reason for warning.","enum":["maxExecutableActions","maxAlerts","maxQueuedActions","ruleExecution"],"type":"string"}},"required":["reason","message"]}},"required":["status","last_execution_date"]},"flapping":{"additionalProperties":false,"description":"When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced.","nullable":true,"type":"object","properties":{"look_back_window":{"description":"The minimum number of runs in which the threshold must be met.","maximum":20,"minimum":2,"type":"number"},"status_change_threshold":{"description":"The minimum number of times an alert must switch states in the look back window.","maximum":20,"minimum":2,"type":"number"}},"required":["look_back_window","status_change_threshold"]},"id":{"description":"The identifier for the rule.","type":"string"},"is_snoozed_until":{"description":"The date when the rule will no longer be snoozed.","nullable":true,"type":"string"},"last_run":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"alerts_count":{"additionalProperties":false,"type":"object","properties":{"active":{"description":"Number of active alerts during last run.","nullable":true,"type":"number"},"ignored":{"description":"Number of ignored alerts during last run.","nullable":true,"type":"number"},"new":{"description":"Number of new alerts during last run.","nullable":true,"type":"number"},"recovered":{"description":"Number of recovered alerts during last run.","nullable":true,"type":"number"}}},"outcome":{"description":"Outcome of last run of the rule. Value could be succeeded, warning or failed.","enum":["succeeded","warning","failed"],"type":"string"},"outcome_msg":{"items":{"description":"Outcome message generated during last rule run.","type":"string"},"nullable":true,"type":"array"},"outcome_order":{"description":"Order of the outcome.","type":"number"},"warning":{"description":"Warning of last rule execution.","enum":["read","decrypt","execute","unknown","license","timeout","disabled","validate","maxExecutableActions","maxAlerts","maxQueuedActions","ruleExecution"],"nullable":true,"type":"string"}},"required":["outcome","alerts_count"]},"mapped_params":{"additionalProperties":{},"type":"object"},"monitoring":{"additionalProperties":false,"description":"Monitoring details of the rule.","type":"object","properties":{"run":{"additionalProperties":false,"description":"Rule run details.","type":"object","properties":{"calculated_metrics":{"additionalProperties":false,"description":"Calculation of different percentiles and success ratio.","type":"object","properties":{"p50":{"type":"number"},"p95":{"type":"number"},"p99":{"type":"number"},"success_ratio":{"type":"number"}},"required":["success_ratio"]},"history":{"description":"History of the rule run.","items":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of the rule run.","type":"number"},"outcome":{"description":"Outcome of last run of the rule. Value could be succeeded, warning or failed.","enum":["succeeded","warning","failed"],"type":"string"},"success":{"description":"Indicates whether the rule run was successful.","type":"boolean"},"timestamp":{"description":"Time of rule run.","type":"number"}},"required":["success","timestamp"]},"type":"array"},"last_run":{"additionalProperties":false,"type":"object","properties":{"metrics":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of most recent rule run.","type":"number"},"gap_duration_s":{"description":"Duration in seconds of rule run gap.","nullable":true,"type":"number"},"gap_range":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"gte":{"description":"End of the gap range.","type":"string"},"lte":{"description":"Start of the gap range.","type":"string"}},"required":["lte","gte"]},"total_alerts_created":{"description":"Total number of alerts created during last rule run.","nullable":true,"type":"number"},"total_alerts_detected":{"description":"Total number of alerts detected during last rule run.","nullable":true,"type":"number"},"total_indexing_duration_ms":{"description":"Total time spent indexing documents during last rule run in milliseconds.","nullable":true,"type":"number"},"total_search_duration_ms":{"description":"Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.","nullable":true,"type":"number"}}},"timestamp":{"description":"Time of the most recent rule run.","type":"string"}},"required":["timestamp","metrics"]}},"required":["history","calculated_metrics","last_run"]}},"required":["run"]},"mute_all":{"description":"Indicates whether all alerts are muted.","type":"boolean"},"muted_alert_ids":{"items":{"description":"List of identifiers of muted alerts. ","type":"string"},"type":"array"},"name":{"description":" The name of the rule.","type":"string"},"next_run":{"description":"Date and time of the next run of the rule.","nullable":true,"type":"string"},"notify_when":{"description":"Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","enum":["onActionGroupChange","onActiveAlert","onThrottleInterval"],"nullable":true,"type":"string"},"params":{"additionalProperties":{},"description":"The parameters for the rule.","type":"object"},"revision":{"description":"The rule revision number.","type":"number"},"rule_type_id":{"description":"The rule type identifier.","type":"string"},"running":{"description":"Indicates whether the rule is running.","nullable":true,"type":"boolean"},"schedule":{"additionalProperties":false,"type":"object","properties":{"interval":{"description":"The interval is specified in seconds, minutes, hours, or days.","type":"string"}},"required":["interval"]},"scheduled_task_id":{"description":"Identifier of the scheduled task.","type":"string"},"snooze_schedule":{"items":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"Duration of the rule snooze schedule.","type":"number"},"id":{"description":"Identifier of the rule snooze schedule.","type":"string"},"rRule":{"additionalProperties":false,"type":"object","properties":{"byhour":{"items":{"description":"Indicates hours of the day to recur.","type":"number"},"nullable":true,"type":"array"},"byminute":{"items":{"description":"Indicates minutes of the hour to recur.","type":"number"},"nullable":true,"type":"array"},"bymonth":{"items":{"description":"Indicates months of the year that this rule should recur.","type":"number"},"nullable":true,"type":"array"},"bymonthday":{"items":{"description":"Indicates the days of the month to recur.","type":"number"},"nullable":true,"type":"array"},"bysecond":{"items":{"description":"Indicates seconds of the day to recur.","type":"number"},"nullable":true,"type":"array"},"bysetpos":{"items":{"description":"A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.","type":"number"},"nullable":true,"type":"array"},"byweekday":{"items":{"anyOf":[{"type":"string"},{"type":"number"}],"description":"Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination."},"nullable":true,"type":"array"},"byweekno":{"items":{"description":"Indicates number of the week hours to recur.","type":"number"},"nullable":true,"type":"array"},"byyearday":{"items":{"description":"Indicates the days of the year that this rule should recur.","type":"number"},"nullable":true,"type":"array"},"count":{"description":"Number of times the rule should recur until it stops.","type":"number"},"dtstart":{"description":"Rule start date in Coordinated Universal Time (UTC).","type":"string"},"freq":{"description":"Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.","enum":[0,1,2,3,4,5,6],"type":"integer"},"interval":{"description":"Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.","type":"number"},"tzid":{"description":"Indicates timezone abbreviation.","type":"string"},"until":{"description":"Recur the rule until this date.","type":"string"},"wkst":{"description":"Indicates the start of week, defaults to Monday.","enum":["MO","TU","WE","TH","FR","SA","SU"],"type":"string"}},"required":["dtstart","tzid"]},"skipRecurrences":{"items":{"description":"Skips recurrence of rule on this date.","type":"string"},"type":"array"}},"required":["duration","rRule"]},"type":"array"},"tags":{"items":{"description":"The tags for the rule.","type":"string"},"type":"array"},"throttle":{"deprecated":true,"description":"Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.","nullable":true,"type":"string"},"updated_at":{"description":"The date and time that the rule was updated most recently.","type":"string"},"updated_by":{"description":"The identifier for the user that updated this rule most recently.","nullable":true,"type":"string"},"view_in_app_relative_url":{"description":"Relative URL to view rule in the app.","nullable":true,"type":"string"}},"required":["id","enabled","name","tags","rule_type_id","consumer","schedule","actions","params","created_by","updated_by","created_at","updated_at","api_key_owner","mute_all","muted_alert_ids","execution_status","revision"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."}},"summary":"Get information about rules","tags":["alerting"]}},"/api/apm/agent_keys":{"post":{"description":"Create a new agent key for APM.\nThe user creating an APM agent API key must have at least the `manage_own_api_key` cluster privilege and the APM application-level privileges that it wishes to grant.\nAfter it is created, you can copy the API key (Base64 encoded) and use it to to authorize requests from APM agents to the APM Server.\n","operationId":"createAgentKey","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"$ref":"#/components/parameters/APM_UI_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"createAgentKeyRequest1":{"$ref":"#/components/examples/APM_UI_agent_keys_object_post_request1"}},"schema":{"$ref":"#/components/schemas/APM_UI_agent_keys_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"createAgentKeyResponse1":{"$ref":"#/components/examples/APM_UI_agent_keys_object_post_200_response1"}},"schema":{"$ref":"#/components/schemas/APM_UI_agent_keys_response"}}},"description":"Agent key created successfully"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_403_response"}}},"description":"Forbidden response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_500_response"}}},"description":"Internal Server Error response"}},"summary":"Create an APM agent key","tags":["APM agent keys"]}},"/api/apm/fleet/apm_server_schema":{"post":{"operationId":"saveApmServerSchema","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"$ref":"#/components/parameters/APM_UI_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"schema":{"additionalProperties":true,"description":"Schema object","example":{"foo":"bar"},"type":"object"}}}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_403_response"}}},"description":"Forbidden response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Save APM server schema","tags":["APM server schema"]}},"/api/apm/services/{serviceName}/annotation":{"post":{"description":"Create a new annotation for a specific service.","operationId":"createAnnotation","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"$ref":"#/components/parameters/APM_UI_kbn_xsrf"},{"description":"The name of the service","in":"path","name":"serviceName","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_create_annotation_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"createAnnotationResponse1":{"$ref":"#/components/examples/APM_UI_annotation_object_post_200_response1"}},"schema":{"$ref":"#/components/schemas/APM_UI_create_annotation_response"}}},"description":"Annotation created successfully"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_403_response"}}},"description":"Forbidden response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Create a service annotation","tags":["APM annotations"],"x-codeSamples":[{"lang":"Curl","source":"curl -X POST \\\nhttp://localhost:5601/api/apm/services/opbeans-java/annotation \\\n-H 'Content-Type: application/json' \\\n-H 'kbn-xsrf: true' \\\n-H 'Authorization: Basic YhUlubWZhM0FDbnlQeE6WRtaW49FQmSGZ4RUWXdX' \\\n-d '{\n \"@timestamp\": \"2020-05-08T10:31:30.452Z\",\n \"service\": {\n \"version\": \"1.2\"\n },\n \"message\": \"Deployment 1.2\"\n }'\n"}]}},"/api/apm/services/{serviceName}/annotation/search":{"get":{"description":"Search for annotations related to a specific service.","operationId":"getAnnotation","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"description":"The name of the service","in":"path","name":"serviceName","required":true,"schema":{"type":"string"}},{"description":"The environment to filter annotations by","in":"query","name":"environment","required":false,"schema":{"type":"string"}},{"description":"The start date for the search","in":"query","name":"start","required":false,"schema":{"type":"string"}},{"description":"The end date for the search","in":"query","name":"end","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_annotation_search_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_500_response"}}},"description":"Internal Server Error response"}},"summary":"Search for annotations","tags":["APM annotations"]}},"/api/apm/settings/agent-configuration":{"delete":{"operationId":"deleteAgentConfiguration","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"$ref":"#/components/parameters/APM_UI_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"deleteAgentConfigurationRequest1":{"$ref":"#/components/examples/APM_UI_agent_configuration_intake_object_delete_request1"}},"schema":{"$ref":"#/components/schemas/APM_UI_service_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_delete_agent_configurations_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_403_response"}}},"description":"Forbidden response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Delete agent configuration","tags":["APM agent configuration"]},"get":{"operationId":"getAgentConfigurations","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"}],"responses":{"200":{"content":{"application/json":{"examples":{"getAgentConfigurationsResponseExample1":{"$ref":"#/components/examples/APM_UI_agent_configuration_intake_object_get_200_response1"}},"schema":{"$ref":"#/components/schemas/APM_UI_agent_configurations_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Get a list of agent configurations","tags":["APM agent configuration"]},"put":{"operationId":"createUpdateAgentConfiguration","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"$ref":"#/components/parameters/APM_UI_kbn_xsrf"},{"description":"If the config exists ?overwrite=true is required","in":"query","name":"overwrite","schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"examples":{"createUpdateAgentConfigurationRequestExample1":{"$ref":"#/components/examples/APM_UI_agent_configuration_intake_object_put_request1"}},"schema":{"$ref":"#/components/schemas/APM_UI_agent_configuration_intake_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_403_response"}}},"description":"Forbidden response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Create or update agent configuration","tags":["APM agent configuration"]}},"/api/apm/settings/agent-configuration/agent_name":{"get":{"description":"Retrieve `agentName` for a service.","operationId":"getAgentNameForService","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"description":"The name of the service","example":"node","in":"query","name":"serviceName","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_service_agent_name_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Get agent name for service","tags":["APM agent configuration"]}},"/api/apm/settings/agent-configuration/environments":{"get":{"operationId":"getEnvironmentsForService","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"description":"The name of the service","in":"query","name":"serviceName","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_service_environments_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Get environments for service","tags":["APM agent configuration"]}},"/api/apm/settings/agent-configuration/search":{"post":{"description":"This endpoint enables you to search for a single agent configuration and update the 'applied_by_agent' field.\n","operationId":"searchSingleConfiguration","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"$ref":"#/components/parameters/APM_UI_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"searchSingleConfigurationRequest1":{"$ref":"#/components/examples/APM_UI_agent_configuration_intake_object_search_request1"}},"schema":{"$ref":"#/components/schemas/APM_UI_search_agent_configuration_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"searchSingleConfigurationResponse1":{"$ref":"#/components/examples/APM_UI_agent_configuration_intake_object_search_200_response1"}},"schema":{"$ref":"#/components/schemas/APM_UI_search_agent_configuration_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Lookup single agent configuration","tags":["APM agent configuration"]}},"/api/apm/settings/agent-configuration/view":{"get":{"operationId":"getSingleAgentConfiguration","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"description":"Service name","example":"node","in":"query","name":"name","schema":{"type":"string"}},{"description":"Service environment","example":"prod","in":"query","name":"environment","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_single_agent_configuration_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_404_response"}}},"description":"Not found response"}},"summary":"Get single agent configuration","tags":["APM agent configuration"]}},"/api/apm/sourcemaps":{"get":{"description":"Get an array of Fleet artifacts, including source map uploads. You must have `read` or `all` Kibana privileges for the APM and User Experience feature.\n","operationId":"getSourceMaps","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"description":"Page number","in":"query","name":"page","schema":{"type":"number"}},{"description":"Number of records per page","in":"query","name":"perPage","schema":{"type":"number"}}],"responses":{"200":{"content":{"application/json":{"examples":{"getSourceMapsResponse1":{"$ref":"#/components/examples/APM_UI_source_maps_get_200_response1"}},"schema":{"$ref":"#/components/schemas/APM_UI_source_maps_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_500_response"}}},"description":"Internal Server Error response"},"501":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_501_response"}}},"description":"Not Implemented response"}},"summary":"Get source maps","tags":["APM sourcemaps"],"x-codeSamples":[{"lang":"Curl","source":"curl -X GET \"http://localhost:5601/api/apm/sourcemaps\" \\\n-H 'Content-Type: application/json' \\\n-H 'kbn-xsrf: true' \\\n-H 'Authorization: ApiKey ${YOUR_API_KEY}'\n"}]},"post":{"description":"Upload a source map for a specific service and version. You must have `all` Kibana privileges for the APM and User Experience feature.\nThe maximum payload size is `1mb`. If you attempt to upload a source map that exceeds the maximum payload size, you will get a 413 error. Before uploading source maps that exceed this default, change the maximum payload size allowed by Kibana with the `server.maxPayload` variable.\n","operationId":"uploadSourceMap","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"$ref":"#/components/parameters/APM_UI_kbn_xsrf"}],"requestBody":{"content":{"multipart/form-data":{"schema":{"$ref":"#/components/schemas/APM_UI_upload_source_map_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"uploadSourceMapResponse1":{"$ref":"#/components/examples/APM_UI_source_maps_upload_200_response1"}},"schema":{"$ref":"#/components/schemas/APM_UI_upload_source_maps_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_403_response"}}},"description":"Forbidden response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_500_response"}}},"description":"Internal Server Error response"},"501":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_501_response"}}},"description":"Not Implemented response"}},"summary":"Upload a source map","tags":["APM sourcemaps"],"x-codeSamples":[{"lang":"Curl","source":"curl -X POST \"http://localhost:5601/api/apm/sourcemaps\" \\\n-H 'Content-Type: multipart/form-data' \\\n-H 'kbn-xsrf: true' \\\n-H 'Authorization: ApiKey ${YOUR_API_KEY}' \\\n-F 'service_name=\"foo\"' \\\n-F 'service_version=\"1.0.0\"' \\\n-F 'bundle_filepath=\"/test/e2e/general-usecase/bundle.js\"' \\\n-F 'sourcemap=\"{\\\"version\\\":3,\\\"file\\\":\\\"static/js/main.chunk.js\\\",\\\"sources\\\":[\\\"fleet-source-map-client/src/index.css\\\",\\\"fleet-source-map-client/src/App.js\\\",\\\"webpack:///./src/index.css?bb0a\\\",\\\"fleet-source-map-client/src/index.js\\\",\\\"fleet-source-map-client/src/reportWebVitals.js\\\"],\\\"sourcesContent\\\":[\\\"content\\\"],\\\"mappings\\\":\\\"mapping\\\",\\\"sourceRoot\\\":\\\"\\\"}\"' \n"}]}},"/api/apm/sourcemaps/{id}":{"delete":{"description":"Delete a previously uploaded source map. You must have `all` Kibana privileges for the APM and User Experience feature.\n","operationId":"deleteSourceMap","parameters":[{"$ref":"#/components/parameters/APM_UI_elastic_api_version"},{"$ref":"#/components/parameters/APM_UI_kbn_xsrf"},{"description":"Source map identifier","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_400_response"}}},"description":"Bad Request response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_403_response"}}},"description":"Forbidden response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_500_response"}}},"description":"Internal Server Error response"},"501":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/APM_UI_501_response"}}},"description":"Not Implemented response"}},"summary":"Delete source map","tags":["APM sourcemaps"],"x-codeSamples":[{"lang":"Curl","source":"curl -X DELETE \"http://localhost:5601/api/apm/sourcemaps/apm:foo-1.0.0-644fd5a9\" \\\n-H 'Content-Type: application/json' \\\n-H 'kbn-xsrf: true' \\\n-H 'Authorization: ApiKey ${YOUR_API_KEY}'\n"}]}},"/api/asset_criticality":{"delete":{"description":"Delete the asset criticality record for a specific entity.","operationId":"DeleteAssetCriticalityRecord","parameters":[{"description":"The ID value of the asset.","example":"my_host","in":"query","name":"id_value","required":true,"schema":{"type":"string"}},{"description":"The field representing the ID.","example":"host.name","in":"query","name":"id_field","required":true,"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_IdField"}},{"description":"If 'wait_for' the request will wait for the index refresh.","in":"query","name":"refresh","required":false,"schema":{"enum":["wait_for"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"deleted":{"description":"True if the record was deleted or false if the record did not exist.","type":"boolean"},"record":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord","description":"The deleted record if it existed."}},"required":["deleted"]}}},"description":"Successful response"},"400":{"description":"Invalid request"}},"summary":"Delete an asset criticality record","tags":["Security Entity Analytics API"]},"get":{"description":"Get the asset criticality record for a specific entity.","operationId":"GetAssetCriticalityRecord","parameters":[{"description":"The ID value of the asset.","example":"my_host","in":"query","name":"id_value","required":true,"schema":{"type":"string"}},{"description":"The field representing the ID.","example":"host.name","in":"query","name":"id_field","required":true,"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_IdField"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord"}}},"description":"Successful response"},"400":{"description":"Invalid request"},"404":{"description":"Criticality record not found"}},"summary":"Get an asset criticality record","tags":["Security Entity Analytics API"]},"post":{"description":"Create or update an asset criticality record for a specific entity.\n\nIf a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created.\n","operationId":"CreateAssetCriticalityRecord","requestBody":{"content":{"application/json":{"schema":{"allOf":[{"$ref":"#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord"},{"type":"object","properties":{"refresh":{"description":"If 'wait_for' the request will wait for the index refresh.","enum":["wait_for"],"type":"string"}}}],"example":{"criticality_level":"high_impact","id_field":"host.name","id_value":"my_host"}}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord"}}},"description":"Successful response"},"400":{"description":"Invalid request"}},"summary":"Upsert an asset criticality record","tags":["Security Entity Analytics API"]}},"/api/asset_criticality/bulk":{"post":{"description":"Bulk upsert up to 1000 asset criticality records.\n\nIf asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created.\n","operationId":"BulkUpsertAssetCriticalityRecords","requestBody":{"content":{"application/json":{"schema":{"example":{"records":[{"criticality_level":"low_impact","id_field":"host.name","id_value":"host-1"},{"criticality_level":"medium_impact","id_field":"host.name","id_value":"host-2"}]},"type":"object","properties":{"records":{"items":{"allOf":[{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts"},{"type":"object","properties":{"criticality_level":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevelsForBulkUpload"}},"required":["criticality_level"]}]},"maxItems":1000,"minItems":1,"type":"array"}},"required":["records"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"example":{"errors":[{"index":0,"message":"Invalid ID field"}],"stats":{"failed":1,"successful":1,"total":2}},"type":"object","properties":{"errors":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem"},"type":"array"},"stats":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats"}},"required":["errors","stats"]}}},"description":"Bulk upload successful"},"413":{"description":"File too large"}},"summary":"Bulk upsert asset criticality records","tags":["Security Entity Analytics API"]}},"/api/asset_criticality/list":{"get":{"description":"List asset criticality records, paging, sorting and filtering as needed.","operationId":"FindAssetCriticalityRecords","parameters":[{"description":"The field to sort by.","in":"query","name":"sort_field","required":false,"schema":{"enum":["id_value","id_field","criticality_level","\\@timestamp"],"type":"string"}},{"description":"The order to sort by.","in":"query","name":"sort_direction","required":false,"schema":{"enum":["asc","desc"],"type":"string"}},{"description":"The page number to return.","in":"query","name":"page","required":false,"schema":{"minimum":1,"type":"integer"}},{"description":"The number of records to return per page.","in":"query","name":"per_page","required":false,"schema":{"maximum":1000,"minimum":1,"type":"integer"}},{"description":"The kuery to filter by.","in":"query","name":"kuery","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"example":{"page":1,"per_page":10,"records":[{"@timestamp":"2024-08-02T14:40:35.705Z","asset":{"criticality":"medium_impact"},"criticality_level":"medium_impact","host":{"asset":{"criticality":"medium_impact"},"name":"my_other_host"},"id_field":"host.name","id_value":"my_other_host"},{"@timestamp":"2024-08-02T11:15:34.290Z","asset":{"criticality":"high_impact"},"criticality_level":"high_impact","host":{"asset":{"criticality":"high_impact"},"name":"my_host"},"id_field":"host.name","id_value":"my_host"}],"total":2},"type":"object","properties":{"page":{"minimum":1,"type":"integer"},"per_page":{"maximum":1000,"minimum":1,"type":"integer"},"records":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord"},"type":"array"},"total":{"minimum":0,"type":"integer"}},"required":["records","page","per_page","total"]}}},"description":"Successfully retrieved asset criticality records"}},"summary":"List asset criticality records","tags":["Security Entity Analytics API"]}},"/api/cases":{"delete":{"description":"You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n","operationId":"deleteCaseDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"},{"$ref":"#/components/parameters/Cases_ids"}],"responses":{"204":{"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Delete cases","tags":["cases"]},"patch":{"description":"You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating.\n","operationId":"updateCaseDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"updateCaseRequest":{"$ref":"#/components/examples/Cases_update_case_request"}},"schema":{"$ref":"#/components/schemas/Cases_update_case_request"}}}},"responses":{"200":{"content":{"application/json":{"examples":{"updateCaseResponse":{"$ref":"#/components/examples/Cases_update_case_response"}},"schema":{"items":{"$ref":"#/components/schemas/Cases_case_response_properties"},"type":"array"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Update cases","tags":["cases"]},"post":{"description":"You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating.\n","operationId":"createCaseDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"createCaseRequest":{"$ref":"#/components/examples/Cases_create_case_request"}},"schema":{"$ref":"#/components/schemas/Cases_create_case_request"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"createCaseResponse":{"$ref":"#/components/examples/Cases_create_case_response"}},"schema":{"$ref":"#/components/schemas/Cases_case_response_properties"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Create a case","tags":["cases"]}},"/api/cases/_find":{"get":{"description":"You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n","operationId":"findCasesDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_assignees_filter"},{"$ref":"#/components/parameters/Cases_category"},{"$ref":"#/components/parameters/Cases_defaultSearchOperator"},{"$ref":"#/components/parameters/Cases_from"},{"$ref":"#/components/parameters/Cases_owner_filter"},{"$ref":"#/components/parameters/Cases_page_index"},{"$ref":"#/components/parameters/Cases_page_size"},{"$ref":"#/components/parameters/Cases_reporters"},{"$ref":"#/components/parameters/Cases_search"},{"$ref":"#/components/parameters/Cases_searchFields"},{"$ref":"#/components/parameters/Cases_severity"},{"$ref":"#/components/parameters/Cases_sortField"},{"$ref":"#/components/parameters/Cases_sort_order"},{"$ref":"#/components/parameters/Cases_status"},{"$ref":"#/components/parameters/Cases_tags"},{"$ref":"#/components/parameters/Cases_to"}],"responses":{"200":{"content":{"application/json":{"examples":{"findCaseResponse":{"$ref":"#/components/examples/Cases_find_case_response"}},"schema":{"type":"object","properties":{"cases":{"items":{"$ref":"#/components/schemas/Cases_case_response_properties"},"maxItems":10000,"type":"array"},"count_closed_cases":{"type":"integer"},"count_in_progress_cases":{"type":"integer"},"count_open_cases":{"type":"integer"},"page":{"type":"integer"},"per_page":{"type":"integer"},"total":{"type":"integer"}}}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Search cases","tags":["cases"]}},"/api/cases/{caseId}":{"get":{"description":"You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n","operationId":"getCaseDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_case_id"}],"responses":{"200":{"content":{"application/json":{"examples":{"getDefaultCaseResponse":{"$ref":"#/components/examples/Cases_get_case_response"},"getDefaultObservabilityCaseReponse":{"$ref":"#/components/examples/Cases_get_case_observability_response"}},"schema":{"$ref":"#/components/schemas/Cases_case_response_properties"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get case information","tags":["cases"]}},"/api/cases/{caseId}/alerts":{"get":{"description":"You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n","operationId":"getCaseAlertsDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_case_id"}],"responses":{"200":{"content":{"application/json":{"examples":{"getCaseAlertsResponse":{"$ref":"#/components/examples/Cases_get_case_alerts_response"}},"schema":{"items":{"$ref":"#/components/schemas/Cases_alert_response_properties"},"type":"array"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get all alerts for a case","tags":["cases"],"x-state":"Technical preview"}},"/api/cases/{caseId}/comments":{"delete":{"description":"Deletes all comments and alerts from a case. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n","operationId":"deleteCaseCommentsDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"},{"$ref":"#/components/parameters/Cases_case_id"}],"responses":{"204":{"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Delete all case comments and alerts","tags":["cases"]},"patch":{"description":"You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.\n","operationId":"updateCaseCommentDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"},{"$ref":"#/components/parameters/Cases_case_id"}],"requestBody":{"content":{"application/json":{"examples":{"updateCaseCommentRequest":{"$ref":"#/components/examples/Cases_update_comment_request"}},"schema":{"$ref":"#/components/schemas/Cases_update_case_comment_request"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"updateCaseCommentResponse":{"$ref":"#/components/examples/Cases_update_comment_response"}},"schema":{"$ref":"#/components/schemas/Cases_case_response_properties"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Update a case comment or alert","tags":["cases"]},"post":{"description":"You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.\n","operationId":"addCaseCommentDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"},{"$ref":"#/components/parameters/Cases_case_id"}],"requestBody":{"content":{"application/json":{"examples":{"createCaseCommentRequest":{"$ref":"#/components/examples/Cases_add_comment_request"}},"schema":{"$ref":"#/components/schemas/Cases_add_case_comment_request"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"createCaseCommentResponse":{"$ref":"#/components/examples/Cases_add_comment_response"}},"schema":{"$ref":"#/components/schemas/Cases_case_response_properties"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Add a case comment or alert","tags":["cases"]}},"/api/cases/{caseId}/comments/_find":{"get":{"description":"Retrieves a paginated list of comments for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n","operationId":"findCaseCommentsDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_case_id"},{"$ref":"#/components/parameters/Cases_page_index"},{"$ref":"#/components/parameters/Cases_page_size"},{"$ref":"#/components/parameters/Cases_sort_order"}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_case_response_properties"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Find case comments and alerts","tags":["cases"]}},"/api/cases/{caseId}/comments/{commentId}":{"delete":{"description":"You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.\n","operationId":"deleteCaseCommentDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"},{"$ref":"#/components/parameters/Cases_case_id"},{"$ref":"#/components/parameters/Cases_comment_id"}],"responses":{"204":{"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Delete a case comment or alert","tags":["cases"]},"get":{"description":"You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.\n","operationId":"getCaseCommentDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_case_id"},{"$ref":"#/components/parameters/Cases_comment_id"}],"responses":{"200":{"content":{"application/json":{"examples":{"getCaseCommentResponse":{"$ref":"#/components/examples/Cases_get_comment_response"}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Cases_alert_comment_response_properties"},{"$ref":"#/components/schemas/Cases_user_comment_response_properties"}]}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get a case comment or alert","tags":["cases"]}},"/api/cases/{caseId}/connector/{connectorId}/_push":{"post":{"description":"You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing.\n","operationId":"pushCaseDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_case_id"},{"$ref":"#/components/parameters/Cases_connector_id"},{"$ref":"#/components/parameters/Cases_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"schema":{"nullable":true,"type":"object"}}}},"responses":{"200":{"content":{"application/json":{"examples":{"pushCaseResponse":{"$ref":"#/components/examples/Cases_push_case_response"}},"schema":{"$ref":"#/components/schemas/Cases_case_response_properties"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Push a case to an external service","tags":["cases"]}},"/api/cases/{caseId}/files":{"post":{"description":"Attach a file to a case. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. The request must include:\n- The `Content-Type: multipart/form-data` HTTP header.\n- The location of the file that is being uploaded.\n","operationId":"addCaseFileDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"},{"$ref":"#/components/parameters/Cases_case_id"}],"requestBody":{"content":{"multipart/form-data":{"schema":{"$ref":"#/components/schemas/Cases_add_case_file_request"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"addCaseFileResponse":{"$ref":"#/components/examples/Cases_add_comment_response"}},"schema":{"$ref":"#/components/schemas/Cases_case_response_properties"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Attach a file to a case","tags":["cases"]}},"/api/cases/{caseId}/user_actions/_find":{"get":{"description":"Retrives a paginated list of user activity for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.\n","operationId":"findCaseActivityDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_case_id"},{"$ref":"#/components/parameters/Cases_page_index"},{"$ref":"#/components/parameters/Cases_page_size"},{"$ref":"#/components/parameters/Cases_sort_order"},{"$ref":"#/components/parameters/Cases_user_action_types"}],"responses":{"200":{"content":{"application/json":{"examples":{"findCaseActivityResponse":{"$ref":"#/components/examples/Cases_find_case_activity_response"}},"schema":{"type":"object","properties":{"page":{"type":"integer"},"perPage":{"type":"integer"},"total":{"type":"integer"},"userActions":{"items":{"$ref":"#/components/schemas/Cases_user_actions_find_response_properties"},"maxItems":10000,"type":"array"}}}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Find case activity","tags":["cases"]}},"/api/cases/alerts/{alertId}":{"get":{"description":"You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n","operationId":"getCasesByAlertDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_alert_id"},{"$ref":"#/components/parameters/Cases_owner_filter"}],"responses":{"200":{"content":{"application/json":{"schema":{"example":[{"id":"06116b80-e1c3-11ec-be9b-9b1838238ee6","title":"security_case"}],"items":{"type":"object","properties":{"id":{"description":"The case identifier.","type":"string"},"title":{"description":"The case title.","type":"string"}}},"maxItems":10000,"type":"array"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get cases for an alert","tags":["cases"],"x-state":"Technical preview"}},"/api/cases/configure":{"get":{"description":"Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created.\n","operationId":"getCaseConfigurationDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_owner_filter"}],"responses":{"200":{"content":{"application/json":{"examples":{"getConfigurationResponse":{"$ref":"#/components/examples/Cases_get_case_configuration_response"}},"schema":{"items":{"type":"object","properties":{"closure_type":{"$ref":"#/components/schemas/Cases_closure_types"},"connector":{"type":"object","properties":{"fields":{"description":"The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.","nullable":true,"type":"object"},"id":{"description":"The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.","example":"none","type":"string"},"name":{"description":"The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.","example":"none","type":"string"},"type":{"$ref":"#/components/schemas/Cases_connector_types"}}},"created_at":{"example":"2022-06-01T17:07:17.767Z","format":"date-time","type":"string"},"created_by":{"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"customFields":{"description":"Custom fields configuration details.","items":{"type":"object","properties":{"defaultValue":{"description":"A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n","oneOf":[{"type":"string"},{"type":"boolean"}]},"key":{"description":"A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.\n","maxLength":36,"minLength":1,"type":"string"},"label":{"description":"The custom field label that is displayed in the case.","maxLength":50,"minLength":1,"type":"string"},"type":{"description":"The type of the custom field.","enum":["text","toggle"],"type":"string"},"required":{"description":"Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.\n","type":"boolean"}}},"type":"array"},"error":{"example":null,"nullable":true,"type":"string"},"id":{"example":"4a97a440-e1cd-11ec-be9b-9b1838238ee6","type":"string"},"mappings":{"items":{"type":"object","properties":{"action_type":{"example":"overwrite","type":"string"},"source":{"example":"title","type":"string"},"target":{"example":"summary","type":"string"}}},"type":"array"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"templates":{"$ref":"#/components/schemas/Cases_templates"},"updated_at":{"example":"2022-06-01T19:58:48.169Z","format":"date-time","nullable":true,"type":"string"},"updated_by":{"nullable":true,"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"version":{"example":"WzIwNzMsMV0=","type":"string"}}},"type":"array"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get case settings","tags":["cases"]},"post":{"description":"Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases.\n","operationId":"setCaseConfigurationDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"setCaseConfigRequest":{"$ref":"#/components/examples/Cases_set_case_configuration_request"}},"schema":{"$ref":"#/components/schemas/Cases_set_case_configuration_request"}}}},"responses":{"200":{"content":{"application/json":{"examples":{"setCaseConfigResponse":{"$ref":"#/components/examples/Cases_set_case_configuration_response"}},"schema":{"type":"object","properties":{"closure_type":{"$ref":"#/components/schemas/Cases_closure_types"},"connector":{"type":"object","properties":{"fields":{"description":"The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.","nullable":true,"type":"object"},"id":{"description":"The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.","example":"none","type":"string"},"name":{"description":"The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.","example":"none","type":"string"},"type":{"$ref":"#/components/schemas/Cases_connector_types"}}},"created_at":{"example":"2022-06-01T17:07:17.767Z","format":"date-time","type":"string"},"created_by":{"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"customFields":{"description":"Custom fields configuration details.","items":{"type":"object","properties":{"defaultValue":{"description":"A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n","oneOf":[{"type":"string"},{"type":"boolean"}]},"key":{"description":"A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.\n","maxLength":36,"minLength":1,"type":"string"},"label":{"description":"The custom field label that is displayed in the case.","maxLength":50,"minLength":1,"type":"string"},"type":{"description":"The type of the custom field.","enum":["text","toggle"],"type":"string"},"required":{"description":"Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.\n","type":"boolean"}}},"type":"array"},"error":{"example":null,"nullable":true,"type":"string"},"id":{"example":"4a97a440-e1cd-11ec-be9b-9b1838238ee6","type":"string"},"mappings":{"items":{"type":"object","properties":{"action_type":{"example":"overwrite","type":"string"},"source":{"example":"title","type":"string"},"target":{"example":"summary","type":"string"}}},"type":"array"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"templates":{"$ref":"#/components/schemas/Cases_templates"},"updated_at":{"example":"2022-06-01T19:58:48.169Z","format":"date-time","nullable":true,"type":"string"},"updated_by":{"nullable":true,"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"version":{"example":"WzIwNzMsMV0=","type":"string"}}}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Add case settings","tags":["cases"]}},"/api/cases/configure/{configurationId}":{"patch":{"description":"Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created.\n","operationId":"updateCaseConfigurationDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_kbn_xsrf"},{"$ref":"#/components/parameters/Cases_configuration_id"}],"requestBody":{"content":{"application/json":{"examples":{"updateCaseConfigurationRequest":{"$ref":"#/components/examples/Cases_update_case_configuration_request"}},"schema":{"$ref":"#/components/schemas/Cases_update_case_configuration_request"}}}},"responses":{"200":{"content":{"application/json":{"examples":{"updateCaseConfigurationResponse":{"$ref":"#/components/examples/Cases_update_case_configuration_response"}},"schema":{"type":"object","properties":{"closure_type":{"$ref":"#/components/schemas/Cases_closure_types"},"connector":{"type":"object","properties":{"fields":{"description":"The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.","nullable":true,"type":"object"},"id":{"description":"The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.","example":"none","type":"string"},"name":{"description":"The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.","example":"none","type":"string"},"type":{"$ref":"#/components/schemas/Cases_connector_types"}}},"created_at":{"example":"2022-06-01T17:07:17.767Z","format":"date-time","type":"string"},"created_by":{"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"customFields":{"description":"Custom fields configuration details.","items":{"type":"object","properties":{"defaultValue":{"description":"A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n","oneOf":[{"type":"string"},{"type":"boolean"}]},"key":{"description":"A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.\n","maxLength":36,"minLength":1,"type":"string"},"label":{"description":"The custom field label that is displayed in the case.","maxLength":50,"minLength":1,"type":"string"},"type":{"description":"The type of the custom field.","enum":["text","toggle"],"type":"string"},"required":{"description":"Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.\n","type":"boolean"}}},"type":"array"},"error":{"example":null,"nullable":true,"type":"string"},"id":{"example":"4a97a440-e1cd-11ec-be9b-9b1838238ee6","type":"string"},"mappings":{"items":{"type":"object","properties":{"action_type":{"example":"overwrite","type":"string"},"source":{"example":"title","type":"string"},"target":{"example":"summary","type":"string"}}},"type":"array"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"templates":{"$ref":"#/components/schemas/Cases_templates"},"updated_at":{"example":"2022-06-01T19:58:48.169Z","format":"date-time","nullable":true,"type":"string"},"updated_by":{"nullable":true,"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"version":{"example":"WzIwNzMsMV0=","type":"string"}}}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Update case settings","tags":["cases"]}},"/api/cases/configure/connectors/_find":{"get":{"description":"Get information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.\n","operationId":"findCaseConnectorsDefaultSpace","responses":{"200":{"content":{"application/json":{"examples":{"findConnectorResponse":{"$ref":"#/components/examples/Cases_find_connector_response"}},"schema":{"items":{"type":"object","properties":{"actionTypeId":{"$ref":"#/components/schemas/Cases_connector_types"},"config":{"additionalProperties":true,"type":"object","properties":{"apiUrl":{"type":"string"},"projectKey":{"type":"string"}}},"id":{"type":"string"},"isDeprecated":{"type":"boolean"},"isMissingSecrets":{"type":"boolean"},"isPreconfigured":{"type":"boolean"},"name":{"type":"string"},"referencedByCount":{"type":"integer"}}},"maxItems":1000,"type":"array"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get case connectors","tags":["cases"]}},"/api/cases/reporters":{"get":{"description":"Returns information about the users who opened cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.\n","operationId":"getCaseReportersDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_owner_filter"}],"responses":{"200":{"content":{"application/json":{"examples":{"getReportersResponse":{"$ref":"#/components/examples/Cases_get_reporters_response"}},"schema":{"items":{"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"maxItems":10000,"type":"array"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get case creators","tags":["cases"]}},"/api/cases/tags":{"get":{"description":"Aggregates and returns a list of case tags. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.\n","operationId":"getCaseTagsDefaultSpace","parameters":[{"$ref":"#/components/parameters/Cases_owner_filter"}],"responses":{"200":{"content":{"application/json":{"examples":{"getTagsResponse":{"$ref":"#/components/examples/Cases_get_tags_response"}},"schema":{"items":{"type":"string"},"maxItems":10000,"type":"array"}}},"description":"Indicates a successful call."},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Cases_4xx_response"}}},"description":"Authorization information is missing or invalid."}},"summary":"Get case tags","tags":["cases"]}},"/api/dashboards/dashboard":{"get":{"description":"This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.","operationId":"get-dashboards-dashboard","parameters":[{"description":"The page number to return. Default is \"1\".","in":"query","name":"page","required":false,"schema":{"default":1,"minimum":1,"type":"number"}},{"description":"The number of dashboards to display on each page (max 1000). Default is \"20\".","in":"query","name":"perPage","required":false,"schema":{"maximum":1000,"minimum":1,"type":"number"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":true,"type":"object","properties":{"attributes":{"additionalProperties":false,"type":"object","properties":{"description":{"default":"","description":"A short description.","type":"string"},"tags":{"items":{"description":"An array of tags applied to this dashboard","type":"string"},"type":"array"},"timeRestore":{"default":false,"description":"Whether to restore time upon viewing this dashboard","type":"boolean"},"title":{"description":"A human-readable title for the dashboard","type":"string"}},"required":["title"]},"createdAt":{"type":"string"},"createdBy":{"type":"string"},"error":{"additionalProperties":false,"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"metadata":{"additionalProperties":true,"type":"object","properties":{}},"statusCode":{"type":"number"}},"required":["error","message","statusCode"]},"id":{"type":"string"},"managed":{"type":"boolean"},"namespaces":{"items":{"type":"string"},"type":"array"},"originId":{"type":"string"},"references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}},"required":["name","type","id"]},"type":"array"},"type":{"type":"string"},"updatedAt":{"type":"string"},"updatedBy":{"type":"string"},"version":{"type":"string"}},"required":["id","type","attributes","references"]},"type":"array"},"total":{"type":"number"}},"required":["items","total"]}}}}},"summary":"Get a list of dashboards","tags":["Dashboards"],"x-state":"Technical Preview"}},"/api/dashboards/dashboard/{id}":{"delete":{"description":"This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.","operationId":"delete-dashboards-dashboard-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"A unique identifier for the dashboard.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{},"summary":"Delete a dashboard","tags":["Dashboards"],"x-state":"Technical Preview"},"get":{"description":"This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.","operationId":"get-dashboards-dashboard-id","parameters":[{"description":"A unique identifier for the dashboard.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":true,"type":"object","properties":{"attributes":{"additionalProperties":false,"type":"object","properties":{"controlGroupInput":{"additionalProperties":false,"type":"object","properties":{"autoApplySelections":{"default":true,"description":"Show apply selections button in controls.","type":"boolean"},"chainingSystem":{"default":"HIERARCHICAL","description":"The chaining strategy for multiple controls. For example, \"HIERARCHICAL\" or \"NONE\".","enum":["NONE","HIERARCHICAL"],"type":"string"},"controls":{"default":[],"description":"An array of control panels and their state in the control group.","items":{"additionalProperties":true,"type":"object","properties":{"controlConfig":{"additionalProperties":{},"type":"object"},"grow":{"default":false,"description":"Expand width of the control panel to fit available space.","type":"boolean"},"id":{"description":"The unique ID of the control.","type":"string"},"order":{"description":"The order of the control panel in the control group.","type":"number"},"type":{"description":"The type of the control panel.","type":"string"},"width":{"default":"medium","description":"Minimum width of the control panel in the control group.","enum":["small","medium","large"],"type":"string"}},"required":["type","order"]},"type":"array"},"enhancements":{"additionalProperties":{},"type":"object"},"ignoreParentSettings":{"additionalProperties":false,"type":"object","properties":{"ignoreFilters":{"default":false,"description":"Ignore global filters in controls.","type":"boolean"},"ignoreQuery":{"default":false,"description":"Ignore the global query bar in controls.","type":"boolean"},"ignoreTimerange":{"default":false,"description":"Ignore the global time range in controls.","type":"boolean"},"ignoreValidations":{"default":false,"description":"Ignore validations in controls.","type":"boolean"}}},"labelPosition":{"default":"oneLine","description":"Position of the labels for controls. For example, \"oneLine\", \"twoLine\".","enum":["oneLine","twoLine"],"type":"string"}},"required":["ignoreParentSettings"]},"description":{"default":"","description":"A short description.","type":"string"},"kibanaSavedObjectMeta":{"additionalProperties":false,"default":{},"description":"A container for various metadata","type":"object","properties":{"searchSource":{"additionalProperties":true,"type":"object","properties":{"filter":{"items":{"additionalProperties":false,"description":"A filter for the search source.","type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState').","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":true,"type":"object","properties":{"alias":{"nullable":true,"type":"string"},"controlledBy":{"type":"string"},"disabled":{"type":"boolean"},"field":{"type":"string"},"group":{"type":"string"},"index":{"type":"string"},"isMultiIndex":{"type":"boolean"},"key":{"type":"string"},"negate":{"type":"boolean"},"params":{},"type":{"type":"string"},"value":{"type":"string"}},"required":["params"]},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"query":{"additionalProperties":false,"type":"object","properties":{"language":{"description":"The query language such as KQL or Lucene.","type":"string"},"query":{"anyOf":[{"description":"A text-based query such as Kibana Query Language (KQL) or Lucene query language.","type":"string"},{"additionalProperties":{},"type":"object"}]}},"required":["query","language"]},"sort":{"items":{"additionalProperties":{"anyOf":[{"enum":["asc","desc"],"type":"string"},{"additionalProperties":false,"type":"object","properties":{"format":{"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]},{"additionalProperties":false,"type":"object","properties":{"numeric_type":{"enum":["double","long","date","date_nanos"],"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]}]},"type":"object"},"type":"array"},"type":{"type":"string"}}}}},"options":{"additionalProperties":false,"type":"object","properties":{"hidePanelTitles":{"default":false,"description":"Hide the panel titles in the dashboard.","type":"boolean"},"syncColors":{"default":true,"description":"Synchronize colors between related panels in the dashboard.","type":"boolean"},"syncCursor":{"default":true,"description":"Synchronize cursor position between related panels in the dashboard.","type":"boolean"},"syncTooltips":{"default":true,"description":"Synchronize tooltips between related panels in the dashboard.","type":"boolean"},"useMargins":{"default":true,"description":"Show margins between panels in the dashboard layout.","type":"boolean"}}},"panels":{"default":[],"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y","i"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData","panelIndex"]},{"additionalProperties":false,"type":"object","properties":{"collapsed":{"description":"The collapsed state of the section.","type":"boolean"},"gridData":{"additionalProperties":false,"type":"object","properties":{"i":{"type":"string"},"y":{"description":"The y coordinate of the section in grid units","type":"number"}},"required":["y","i"]},"panels":{"items":{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y","i"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData","panelIndex"]},"type":"array"},"title":{"description":"The title of the section.","type":"string"}},"required":["title","gridData","panels"]}]},"type":"array"},"refreshInterval":{"additionalProperties":false,"description":"A container for various refresh interval settings","type":"object","properties":{"display":{"deprecated":true,"description":"A human-readable string indicating the refresh frequency. No longer used.","type":"string"},"pause":{"description":"Whether the refresh interval is set to be paused while viewing the dashboard.","type":"boolean"},"section":{"deprecated":true,"description":"No longer used.","type":"number"},"value":{"description":"A numeric value indicating refresh frequency in milliseconds.","type":"number"}},"required":["pause","value"]},"tags":{"items":{"description":"An array of tags applied to this dashboard","type":"string"},"type":"array"},"timeFrom":{"description":"An ISO string indicating when to restore time from","type":"string"},"timeRestore":{"default":false,"description":"Whether to restore time upon viewing this dashboard","type":"boolean"},"timeTo":{"description":"An ISO string indicating when to restore time from","type":"string"},"title":{"description":"A human-readable title for the dashboard","type":"string"},"version":{"deprecated":true,"type":"number"}},"required":["title","options"]},"createdAt":{"type":"string"},"createdBy":{"type":"string"},"error":{"additionalProperties":false,"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"metadata":{"additionalProperties":true,"type":"object","properties":{}},"statusCode":{"type":"number"}},"required":["error","message","statusCode"]},"id":{"type":"string"},"managed":{"type":"boolean"},"namespaces":{"items":{"type":"string"},"type":"array"},"originId":{"type":"string"},"references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}},"required":["name","type","id"]},"type":"array"},"type":{"type":"string"},"updatedAt":{"type":"string"},"updatedBy":{"type":"string"},"version":{"type":"string"}},"required":["id","type","attributes","references"]},"meta":{"additionalProperties":false,"type":"object","properties":{"aliasPurpose":{"enum":["savedObjectConversion","savedObjectImport"],"type":"string"},"aliasTargetId":{"type":"string"},"outcome":{"enum":["exactMatch","aliasMatch","conflict"],"type":"string"}},"required":["outcome"]}},"required":["item","meta"]}}}}},"summary":"Get a dashboard","tags":["Dashboards"],"x-state":"Technical Preview"},"post":{"description":"This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.","operationId":"post-dashboards-dashboard-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"A unique identifier for the dashboard.","in":"path","name":"id","required":false,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"attributes":{"additionalProperties":false,"type":"object","properties":{"controlGroupInput":{"additionalProperties":false,"type":"object","properties":{"autoApplySelections":{"default":true,"description":"Show apply selections button in controls.","type":"boolean"},"chainingSystem":{"default":"HIERARCHICAL","description":"The chaining strategy for multiple controls. For example, \"HIERARCHICAL\" or \"NONE\".","enum":["NONE","HIERARCHICAL"],"type":"string"},"controls":{"default":[],"description":"An array of control panels and their state in the control group.","items":{"additionalProperties":true,"type":"object","properties":{"controlConfig":{"additionalProperties":{},"type":"object"},"grow":{"default":false,"description":"Expand width of the control panel to fit available space.","type":"boolean"},"id":{"description":"The unique ID of the control.","type":"string"},"order":{"description":"The order of the control panel in the control group.","type":"number"},"type":{"description":"The type of the control panel.","type":"string"},"width":{"default":"medium","description":"Minimum width of the control panel in the control group.","enum":["small","medium","large"],"type":"string"}},"required":["type","order"]},"type":"array"},"enhancements":{"additionalProperties":{},"type":"object"},"ignoreParentSettings":{"additionalProperties":false,"type":"object","properties":{"ignoreFilters":{"default":false,"description":"Ignore global filters in controls.","type":"boolean"},"ignoreQuery":{"default":false,"description":"Ignore the global query bar in controls.","type":"boolean"},"ignoreTimerange":{"default":false,"description":"Ignore the global time range in controls.","type":"boolean"},"ignoreValidations":{"default":false,"description":"Ignore validations in controls.","type":"boolean"}}},"labelPosition":{"default":"oneLine","description":"Position of the labels for controls. For example, \"oneLine\", \"twoLine\".","enum":["oneLine","twoLine"],"type":"string"}},"required":["ignoreParentSettings"]},"description":{"default":"","description":"A short description.","type":"string"},"kibanaSavedObjectMeta":{"additionalProperties":false,"default":{},"description":"A container for various metadata","type":"object","properties":{"searchSource":{"additionalProperties":true,"type":"object","properties":{"filter":{"items":{"additionalProperties":false,"description":"A filter for the search source.","type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState').","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":true,"type":"object","properties":{"alias":{"nullable":true,"type":"string"},"controlledBy":{"type":"string"},"disabled":{"type":"boolean"},"field":{"type":"string"},"group":{"type":"string"},"index":{"type":"string"},"isMultiIndex":{"type":"boolean"},"key":{"type":"string"},"negate":{"type":"boolean"},"params":{},"type":{"type":"string"},"value":{"type":"string"}},"required":["params"]},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"query":{"additionalProperties":false,"type":"object","properties":{"language":{"description":"The query language such as KQL or Lucene.","type":"string"},"query":{"anyOf":[{"description":"A text-based query such as Kibana Query Language (KQL) or Lucene query language.","type":"string"},{"additionalProperties":{},"type":"object"}]}},"required":["query","language"]},"sort":{"items":{"additionalProperties":{"anyOf":[{"enum":["asc","desc"],"type":"string"},{"additionalProperties":false,"type":"object","properties":{"format":{"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]},{"additionalProperties":false,"type":"object","properties":{"numeric_type":{"enum":["double","long","date","date_nanos"],"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]}]},"type":"object"},"type":"array"},"type":{"type":"string"}}}}},"options":{"additionalProperties":false,"type":"object","properties":{"hidePanelTitles":{"default":false,"description":"Hide the panel titles in the dashboard.","type":"boolean"},"syncColors":{"default":true,"description":"Synchronize colors between related panels in the dashboard.","type":"boolean"},"syncCursor":{"default":true,"description":"Synchronize cursor position between related panels in the dashboard.","type":"boolean"},"syncTooltips":{"default":true,"description":"Synchronize tooltips between related panels in the dashboard.","type":"boolean"},"useMargins":{"default":true,"description":"Show margins between panels in the dashboard layout.","type":"boolean"}}},"panels":{"default":[],"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"description":"The unique identifier of the panel","type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"description":"The unique ID of the panel.","type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData"]},{"additionalProperties":false,"type":"object","properties":{"collapsed":{"description":"The collapsed state of the section.","type":"boolean"},"gridData":{"additionalProperties":false,"type":"object","properties":{"i":{"description":"The unique identifier of the section","type":"string"},"y":{"description":"The y coordinate of the section in grid units","type":"number"}},"required":["y"]},"panels":{"default":[],"description":"The panels that belong to the section.","items":{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"description":"The unique identifier of the panel","type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"description":"The unique ID of the panel.","type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData"]},"type":"array"},"title":{"description":"The title of the section.","type":"string"}},"required":["title","gridData"]}]},"type":"array"},"refreshInterval":{"additionalProperties":false,"description":"A container for various refresh interval settings","type":"object","properties":{"display":{"deprecated":true,"description":"A human-readable string indicating the refresh frequency. No longer used.","type":"string"},"pause":{"description":"Whether the refresh interval is set to be paused while viewing the dashboard.","type":"boolean"},"section":{"deprecated":true,"description":"No longer used.","type":"number"},"value":{"description":"A numeric value indicating refresh frequency in milliseconds.","type":"number"}},"required":["pause","value"]},"tags":{"items":{"description":"An array of tags applied to this dashboard","type":"string"},"type":"array"},"timeFrom":{"description":"An ISO string indicating when to restore time from","type":"string"},"timeRestore":{"default":false,"description":"Whether to restore time upon viewing this dashboard","type":"boolean"},"timeTo":{"description":"An ISO string indicating when to restore time from","type":"string"},"title":{"description":"A human-readable title for the dashboard","type":"string"},"version":{"deprecated":true,"type":"number"}},"required":["title","options"]},"references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}},"required":["name","type","id"]},"type":"array"},"spaces":{"items":{"type":"string"},"type":"array"}},"required":["attributes"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":true,"type":"object","properties":{"attributes":{"additionalProperties":false,"type":"object","properties":{"controlGroupInput":{"additionalProperties":false,"type":"object","properties":{"autoApplySelections":{"default":true,"description":"Show apply selections button in controls.","type":"boolean"},"chainingSystem":{"default":"HIERARCHICAL","description":"The chaining strategy for multiple controls. For example, \"HIERARCHICAL\" or \"NONE\".","enum":["NONE","HIERARCHICAL"],"type":"string"},"controls":{"default":[],"description":"An array of control panels and their state in the control group.","items":{"additionalProperties":true,"type":"object","properties":{"controlConfig":{"additionalProperties":{},"type":"object"},"grow":{"default":false,"description":"Expand width of the control panel to fit available space.","type":"boolean"},"id":{"description":"The unique ID of the control.","type":"string"},"order":{"description":"The order of the control panel in the control group.","type":"number"},"type":{"description":"The type of the control panel.","type":"string"},"width":{"default":"medium","description":"Minimum width of the control panel in the control group.","enum":["small","medium","large"],"type":"string"}},"required":["type","order"]},"type":"array"},"enhancements":{"additionalProperties":{},"type":"object"},"ignoreParentSettings":{"additionalProperties":false,"type":"object","properties":{"ignoreFilters":{"default":false,"description":"Ignore global filters in controls.","type":"boolean"},"ignoreQuery":{"default":false,"description":"Ignore the global query bar in controls.","type":"boolean"},"ignoreTimerange":{"default":false,"description":"Ignore the global time range in controls.","type":"boolean"},"ignoreValidations":{"default":false,"description":"Ignore validations in controls.","type":"boolean"}}},"labelPosition":{"default":"oneLine","description":"Position of the labels for controls. For example, \"oneLine\", \"twoLine\".","enum":["oneLine","twoLine"],"type":"string"}},"required":["ignoreParentSettings"]},"description":{"default":"","description":"A short description.","type":"string"},"kibanaSavedObjectMeta":{"additionalProperties":false,"default":{},"description":"A container for various metadata","type":"object","properties":{"searchSource":{"additionalProperties":true,"type":"object","properties":{"filter":{"items":{"additionalProperties":false,"description":"A filter for the search source.","type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState').","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":true,"type":"object","properties":{"alias":{"nullable":true,"type":"string"},"controlledBy":{"type":"string"},"disabled":{"type":"boolean"},"field":{"type":"string"},"group":{"type":"string"},"index":{"type":"string"},"isMultiIndex":{"type":"boolean"},"key":{"type":"string"},"negate":{"type":"boolean"},"params":{},"type":{"type":"string"},"value":{"type":"string"}},"required":["params"]},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"query":{"additionalProperties":false,"type":"object","properties":{"language":{"description":"The query language such as KQL or Lucene.","type":"string"},"query":{"anyOf":[{"description":"A text-based query such as Kibana Query Language (KQL) or Lucene query language.","type":"string"},{"additionalProperties":{},"type":"object"}]}},"required":["query","language"]},"sort":{"items":{"additionalProperties":{"anyOf":[{"enum":["asc","desc"],"type":"string"},{"additionalProperties":false,"type":"object","properties":{"format":{"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]},{"additionalProperties":false,"type":"object","properties":{"numeric_type":{"enum":["double","long","date","date_nanos"],"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]}]},"type":"object"},"type":"array"},"type":{"type":"string"}}}}},"options":{"additionalProperties":false,"type":"object","properties":{"hidePanelTitles":{"default":false,"description":"Hide the panel titles in the dashboard.","type":"boolean"},"syncColors":{"default":true,"description":"Synchronize colors between related panels in the dashboard.","type":"boolean"},"syncCursor":{"default":true,"description":"Synchronize cursor position between related panels in the dashboard.","type":"boolean"},"syncTooltips":{"default":true,"description":"Synchronize tooltips between related panels in the dashboard.","type":"boolean"},"useMargins":{"default":true,"description":"Show margins between panels in the dashboard layout.","type":"boolean"}}},"panels":{"default":[],"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y","i"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData","panelIndex"]},{"additionalProperties":false,"type":"object","properties":{"collapsed":{"description":"The collapsed state of the section.","type":"boolean"},"gridData":{"additionalProperties":false,"type":"object","properties":{"i":{"type":"string"},"y":{"description":"The y coordinate of the section in grid units","type":"number"}},"required":["y","i"]},"panels":{"items":{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y","i"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData","panelIndex"]},"type":"array"},"title":{"description":"The title of the section.","type":"string"}},"required":["title","gridData","panels"]}]},"type":"array"},"refreshInterval":{"additionalProperties":false,"description":"A container for various refresh interval settings","type":"object","properties":{"display":{"deprecated":true,"description":"A human-readable string indicating the refresh frequency. No longer used.","type":"string"},"pause":{"description":"Whether the refresh interval is set to be paused while viewing the dashboard.","type":"boolean"},"section":{"deprecated":true,"description":"No longer used.","type":"number"},"value":{"description":"A numeric value indicating refresh frequency in milliseconds.","type":"number"}},"required":["pause","value"]},"tags":{"items":{"description":"An array of tags applied to this dashboard","type":"string"},"type":"array"},"timeFrom":{"description":"An ISO string indicating when to restore time from","type":"string"},"timeRestore":{"default":false,"description":"Whether to restore time upon viewing this dashboard","type":"boolean"},"timeTo":{"description":"An ISO string indicating when to restore time from","type":"string"},"title":{"description":"A human-readable title for the dashboard","type":"string"},"version":{"deprecated":true,"type":"number"}},"required":["title","options"]},"createdAt":{"type":"string"},"createdBy":{"type":"string"},"error":{"additionalProperties":false,"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"metadata":{"additionalProperties":true,"type":"object","properties":{}},"statusCode":{"type":"number"}},"required":["error","message","statusCode"]},"id":{"type":"string"},"managed":{"type":"boolean"},"namespaces":{"items":{"type":"string"},"type":"array"},"originId":{"type":"string"},"references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}},"required":["name","type","id"]},"type":"array"},"type":{"type":"string"},"updatedAt":{"type":"string"},"updatedBy":{"type":"string"},"version":{"type":"string"}},"required":["id","type","attributes","references"]}},"required":["item"]}}}}},"summary":"Create a dashboard","tags":["Dashboards"],"x-state":"Technical Preview"},"put":{"description":"This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.","operationId":"put-dashboards-dashboard-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"A unique identifier for the dashboard.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"attributes":{"additionalProperties":false,"type":"object","properties":{"controlGroupInput":{"additionalProperties":false,"type":"object","properties":{"autoApplySelections":{"default":true,"description":"Show apply selections button in controls.","type":"boolean"},"chainingSystem":{"default":"HIERARCHICAL","description":"The chaining strategy for multiple controls. For example, \"HIERARCHICAL\" or \"NONE\".","enum":["NONE","HIERARCHICAL"],"type":"string"},"controls":{"default":[],"description":"An array of control panels and their state in the control group.","items":{"additionalProperties":true,"type":"object","properties":{"controlConfig":{"additionalProperties":{},"type":"object"},"grow":{"default":false,"description":"Expand width of the control panel to fit available space.","type":"boolean"},"id":{"description":"The unique ID of the control.","type":"string"},"order":{"description":"The order of the control panel in the control group.","type":"number"},"type":{"description":"The type of the control panel.","type":"string"},"width":{"default":"medium","description":"Minimum width of the control panel in the control group.","enum":["small","medium","large"],"type":"string"}},"required":["type","order"]},"type":"array"},"enhancements":{"additionalProperties":{},"type":"object"},"ignoreParentSettings":{"additionalProperties":false,"type":"object","properties":{"ignoreFilters":{"default":false,"description":"Ignore global filters in controls.","type":"boolean"},"ignoreQuery":{"default":false,"description":"Ignore the global query bar in controls.","type":"boolean"},"ignoreTimerange":{"default":false,"description":"Ignore the global time range in controls.","type":"boolean"},"ignoreValidations":{"default":false,"description":"Ignore validations in controls.","type":"boolean"}}},"labelPosition":{"default":"oneLine","description":"Position of the labels for controls. For example, \"oneLine\", \"twoLine\".","enum":["oneLine","twoLine"],"type":"string"}},"required":["ignoreParentSettings"]},"description":{"default":"","description":"A short description.","type":"string"},"kibanaSavedObjectMeta":{"additionalProperties":false,"default":{},"description":"A container for various metadata","type":"object","properties":{"searchSource":{"additionalProperties":true,"type":"object","properties":{"filter":{"items":{"additionalProperties":false,"description":"A filter for the search source.","type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState').","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":true,"type":"object","properties":{"alias":{"nullable":true,"type":"string"},"controlledBy":{"type":"string"},"disabled":{"type":"boolean"},"field":{"type":"string"},"group":{"type":"string"},"index":{"type":"string"},"isMultiIndex":{"type":"boolean"},"key":{"type":"string"},"negate":{"type":"boolean"},"params":{},"type":{"type":"string"},"value":{"type":"string"}},"required":["params"]},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"query":{"additionalProperties":false,"type":"object","properties":{"language":{"description":"The query language such as KQL or Lucene.","type":"string"},"query":{"anyOf":[{"description":"A text-based query such as Kibana Query Language (KQL) or Lucene query language.","type":"string"},{"additionalProperties":{},"type":"object"}]}},"required":["query","language"]},"sort":{"items":{"additionalProperties":{"anyOf":[{"enum":["asc","desc"],"type":"string"},{"additionalProperties":false,"type":"object","properties":{"format":{"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]},{"additionalProperties":false,"type":"object","properties":{"numeric_type":{"enum":["double","long","date","date_nanos"],"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]}]},"type":"object"},"type":"array"},"type":{"type":"string"}}}}},"options":{"additionalProperties":false,"type":"object","properties":{"hidePanelTitles":{"default":false,"description":"Hide the panel titles in the dashboard.","type":"boolean"},"syncColors":{"default":true,"description":"Synchronize colors between related panels in the dashboard.","type":"boolean"},"syncCursor":{"default":true,"description":"Synchronize cursor position between related panels in the dashboard.","type":"boolean"},"syncTooltips":{"default":true,"description":"Synchronize tooltips between related panels in the dashboard.","type":"boolean"},"useMargins":{"default":true,"description":"Show margins between panels in the dashboard layout.","type":"boolean"}}},"panels":{"default":[],"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"description":"The unique identifier of the panel","type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"description":"The unique ID of the panel.","type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData"]},{"additionalProperties":false,"type":"object","properties":{"collapsed":{"description":"The collapsed state of the section.","type":"boolean"},"gridData":{"additionalProperties":false,"type":"object","properties":{"i":{"description":"The unique identifier of the section","type":"string"},"y":{"description":"The y coordinate of the section in grid units","type":"number"}},"required":["y"]},"panels":{"default":[],"description":"The panels that belong to the section.","items":{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"description":"The unique identifier of the panel","type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"description":"The unique ID of the panel.","type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData"]},"type":"array"},"title":{"description":"The title of the section.","type":"string"}},"required":["title","gridData"]}]},"type":"array"},"refreshInterval":{"additionalProperties":false,"description":"A container for various refresh interval settings","type":"object","properties":{"display":{"deprecated":true,"description":"A human-readable string indicating the refresh frequency. No longer used.","type":"string"},"pause":{"description":"Whether the refresh interval is set to be paused while viewing the dashboard.","type":"boolean"},"section":{"deprecated":true,"description":"No longer used.","type":"number"},"value":{"description":"A numeric value indicating refresh frequency in milliseconds.","type":"number"}},"required":["pause","value"]},"tags":{"items":{"description":"An array of tags applied to this dashboard","type":"string"},"type":"array"},"timeFrom":{"description":"An ISO string indicating when to restore time from","type":"string"},"timeRestore":{"default":false,"description":"Whether to restore time upon viewing this dashboard","type":"boolean"},"timeTo":{"description":"An ISO string indicating when to restore time from","type":"string"},"title":{"description":"A human-readable title for the dashboard","type":"string"},"version":{"deprecated":true,"type":"number"}},"required":["title","options"]},"references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}},"required":["name","type","id"]},"type":"array"}},"required":["attributes"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":true,"type":"object","properties":{"attributes":{"additionalProperties":false,"type":"object","properties":{"controlGroupInput":{"additionalProperties":false,"type":"object","properties":{"autoApplySelections":{"default":true,"description":"Show apply selections button in controls.","type":"boolean"},"chainingSystem":{"default":"HIERARCHICAL","description":"The chaining strategy for multiple controls. For example, \"HIERARCHICAL\" or \"NONE\".","enum":["NONE","HIERARCHICAL"],"type":"string"},"controls":{"default":[],"description":"An array of control panels and their state in the control group.","items":{"additionalProperties":true,"type":"object","properties":{"controlConfig":{"additionalProperties":{},"type":"object"},"grow":{"default":false,"description":"Expand width of the control panel to fit available space.","type":"boolean"},"id":{"description":"The unique ID of the control.","type":"string"},"order":{"description":"The order of the control panel in the control group.","type":"number"},"type":{"description":"The type of the control panel.","type":"string"},"width":{"default":"medium","description":"Minimum width of the control panel in the control group.","enum":["small","medium","large"],"type":"string"}},"required":["type","order"]},"type":"array"},"enhancements":{"additionalProperties":{},"type":"object"},"ignoreParentSettings":{"additionalProperties":false,"type":"object","properties":{"ignoreFilters":{"default":false,"description":"Ignore global filters in controls.","type":"boolean"},"ignoreQuery":{"default":false,"description":"Ignore the global query bar in controls.","type":"boolean"},"ignoreTimerange":{"default":false,"description":"Ignore the global time range in controls.","type":"boolean"},"ignoreValidations":{"default":false,"description":"Ignore validations in controls.","type":"boolean"}}},"labelPosition":{"default":"oneLine","description":"Position of the labels for controls. For example, \"oneLine\", \"twoLine\".","enum":["oneLine","twoLine"],"type":"string"}},"required":["ignoreParentSettings"]},"description":{"default":"","description":"A short description.","type":"string"},"kibanaSavedObjectMeta":{"additionalProperties":false,"default":{},"description":"A container for various metadata","type":"object","properties":{"searchSource":{"additionalProperties":true,"type":"object","properties":{"filter":{"items":{"additionalProperties":false,"description":"A filter for the search source.","type":"object","properties":{"$state":{"additionalProperties":false,"type":"object","properties":{"store":{"description":"Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState').","enum":["appState","globalState"],"type":"string"}},"required":["store"]},"meta":{"additionalProperties":true,"type":"object","properties":{"alias":{"nullable":true,"type":"string"},"controlledBy":{"type":"string"},"disabled":{"type":"boolean"},"field":{"type":"string"},"group":{"type":"string"},"index":{"type":"string"},"isMultiIndex":{"type":"boolean"},"key":{"type":"string"},"negate":{"type":"boolean"},"params":{},"type":{"type":"string"},"value":{"type":"string"}},"required":["params"]},"query":{"additionalProperties":{},"type":"object"}},"required":["meta"]},"type":"array"},"query":{"additionalProperties":false,"type":"object","properties":{"language":{"description":"The query language such as KQL or Lucene.","type":"string"},"query":{"anyOf":[{"description":"A text-based query such as Kibana Query Language (KQL) or Lucene query language.","type":"string"},{"additionalProperties":{},"type":"object"}]}},"required":["query","language"]},"sort":{"items":{"additionalProperties":{"anyOf":[{"enum":["asc","desc"],"type":"string"},{"additionalProperties":false,"type":"object","properties":{"format":{"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]},{"additionalProperties":false,"type":"object","properties":{"numeric_type":{"enum":["double","long","date","date_nanos"],"type":"string"},"order":{"enum":["asc","desc"],"type":"string"}},"required":["order"]}]},"type":"object"},"type":"array"},"type":{"type":"string"}}}}},"options":{"additionalProperties":false,"type":"object","properties":{"hidePanelTitles":{"default":false,"description":"Hide the panel titles in the dashboard.","type":"boolean"},"syncColors":{"default":true,"description":"Synchronize colors between related panels in the dashboard.","type":"boolean"},"syncCursor":{"default":true,"description":"Synchronize cursor position between related panels in the dashboard.","type":"boolean"},"syncTooltips":{"default":true,"description":"Synchronize tooltips between related panels in the dashboard.","type":"boolean"},"useMargins":{"default":true,"description":"Show margins between panels in the dashboard layout.","type":"boolean"}}},"panels":{"default":[],"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y","i"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData","panelIndex"]},{"additionalProperties":false,"type":"object","properties":{"collapsed":{"description":"The collapsed state of the section.","type":"boolean"},"gridData":{"additionalProperties":false,"type":"object","properties":{"i":{"type":"string"},"y":{"description":"The y coordinate of the section in grid units","type":"number"}},"required":["y","i"]},"panels":{"items":{"additionalProperties":false,"type":"object","properties":{"gridData":{"additionalProperties":false,"type":"object","properties":{"h":{"default":15,"description":"The height of the panel in grid units","minimum":1,"type":"number"},"i":{"type":"string"},"w":{"default":24,"description":"The width of the panel in grid units","maximum":48,"minimum":1,"type":"number"},"x":{"description":"The x coordinate of the panel in grid units","type":"number"},"y":{"description":"The y coordinate of the panel in grid units","type":"number"}},"required":["x","y","i"]},"id":{"description":"The saved object id for by reference panels","type":"string"},"panelConfig":{"additionalProperties":true,"type":"object","properties":{"description":{"description":"The description of the panel","type":"string"},"enhancements":{"additionalProperties":{},"type":"object"},"hidePanelTitles":{"description":"Set to true to hide the panel title in its container.","type":"boolean"},"savedObjectId":{"description":"The unique id of the library item to construct the embeddable.","type":"string"},"title":{"description":"The title of the panel","type":"string"},"version":{"description":"The version of the embeddable in the panel.","type":"string"}}},"panelIndex":{"type":"string"},"panelRefName":{"type":"string"},"title":{"description":"The title of the panel","type":"string"},"type":{"description":"The embeddable type","type":"string"},"version":{"deprecated":true,"description":"The version was used to store Kibana version information from versions 7.3.0 -\u003e 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type).","type":"string"}},"required":["panelConfig","type","gridData","panelIndex"]},"type":"array"},"title":{"description":"The title of the section.","type":"string"}},"required":["title","gridData","panels"]}]},"type":"array"},"refreshInterval":{"additionalProperties":false,"description":"A container for various refresh interval settings","type":"object","properties":{"display":{"deprecated":true,"description":"A human-readable string indicating the refresh frequency. No longer used.","type":"string"},"pause":{"description":"Whether the refresh interval is set to be paused while viewing the dashboard.","type":"boolean"},"section":{"deprecated":true,"description":"No longer used.","type":"number"},"value":{"description":"A numeric value indicating refresh frequency in milliseconds.","type":"number"}},"required":["pause","value"]},"tags":{"items":{"description":"An array of tags applied to this dashboard","type":"string"},"type":"array"},"timeFrom":{"description":"An ISO string indicating when to restore time from","type":"string"},"timeRestore":{"default":false,"description":"Whether to restore time upon viewing this dashboard","type":"boolean"},"timeTo":{"description":"An ISO string indicating when to restore time from","type":"string"},"title":{"description":"A human-readable title for the dashboard","type":"string"},"version":{"deprecated":true,"type":"number"}},"required":["title","options"]},"createdAt":{"type":"string"},"createdBy":{"type":"string"},"error":{"additionalProperties":false,"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"metadata":{"additionalProperties":true,"type":"object","properties":{}},"statusCode":{"type":"number"}},"required":["error","message","statusCode"]},"id":{"type":"string"},"managed":{"type":"boolean"},"namespaces":{"items":{"type":"string"},"type":"array"},"originId":{"type":"string"},"references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}},"required":["name","type","id"]},"type":"array"},"type":{"type":"string"},"updatedAt":{"type":"string"},"updatedBy":{"type":"string"},"version":{"type":"string"}},"required":["id","type","attributes","references"]}},"required":["item"]}}}}},"summary":"Update an existing dashboard","tags":["Dashboards"],"x-state":"Technical Preview"}},"/api/data_views":{"get":{"operationId":"getAllDataViewsDefault","responses":{"200":{"content":{"application/json":{"examples":{"getAllDataViewsResponse":{"$ref":"#/components/examples/Data_views_get_data_views_response"}},"schema":{"type":"object","properties":{"data_view":{"items":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"namespaces":{"items":{"type":"string"},"type":"array"},"title":{"type":"string"},"typeMeta":{"type":"object"}}},"type":"array"}}}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_400_response"}}},"description":"Bad request"}},"summary":"Get all data views","tags":["data views"]}},"/api/data_views/data_view":{"post":{"operationId":"createDataViewDefaultw","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"createDataViewRequest":{"$ref":"#/components/examples/Data_views_create_data_view_request"}},"schema":{"$ref":"#/components/schemas/Data_views_create_data_view_request_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_data_view_response_object"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_400_response"}}},"description":"Bad request"}},"summary":"Create a data view","tags":["data views"]}},"/api/data_views/data_view/{viewId}":{"delete":{"description":"WARNING: When you delete a data view, it cannot be recovered.\n","operationId":"deleteDataViewDefault","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"},{"$ref":"#/components/parameters/Data_views_view_id"}],"responses":{"204":{"description":"Indicates a successful call."},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_404_response"}}},"description":"Object is not found."}},"summary":"Delete a data view","tags":["data views"]},"get":{"operationId":"getDataViewDefault","parameters":[{"$ref":"#/components/parameters/Data_views_view_id"}],"responses":{"200":{"content":{"application/json":{"examples":{"getDataViewResponse":{"$ref":"#/components/examples/Data_views_get_data_view_response"}},"schema":{"$ref":"#/components/schemas/Data_views_data_view_response_object"}}},"description":"Indicates a successful call."},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_404_response"}}},"description":"Object is not found."}},"summary":"Get a data view","tags":["data views"]},"post":{"operationId":"updateDataViewDefault","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"},{"$ref":"#/components/parameters/Data_views_view_id"}],"requestBody":{"content":{"application/json":{"examples":{"updateDataViewRequest":{"$ref":"#/components/examples/Data_views_update_data_view_request"}},"schema":{"$ref":"#/components/schemas/Data_views_update_data_view_request_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_data_view_response_object"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_400_response"}}},"description":"Bad request"}},"summary":"Update a data view","tags":["data views"]}},"/api/data_views/data_view/{viewId}/fields":{"post":{"description":"Update fields presentation metadata such as count, customLabel, customDescription, and format.\n","operationId":"updateFieldsMetadataDefault","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"},{"$ref":"#/components/parameters/Data_views_view_id"}],"requestBody":{"content":{"application/json":{"examples":{"updateFieldsMetadataRequest":{"$ref":"#/components/examples/Data_views_update_field_metadata_request"}},"schema":{"type":"object","properties":{"fields":{"description":"The field object.","type":"object"}},"required":["fields"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"acknowledged":{"type":"boolean"}}}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_400_response"}}},"description":"Bad request"}},"summary":"Update data view fields metadata","tags":["data views"]}},"/api/data_views/data_view/{viewId}/runtime_field":{"post":{"operationId":"createRuntimeFieldDefault","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"},{"$ref":"#/components/parameters/Data_views_view_id"}],"requestBody":{"content":{"application/json":{"examples":{"createRuntimeFieldRequest":{"$ref":"#/components/examples/Data_views_create_runtime_field_request"}},"schema":{"type":"object","properties":{"name":{"description":"The name for a runtime field.\n","type":"string"},"runtimeField":{"description":"The runtime field definition object.\n","type":"object"}},"required":["name","runtimeField"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."}},"summary":"Create a runtime field","tags":["data views"]},"put":{"operationId":"createUpdateRuntimeFieldDefault","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"},{"description":"The ID of the data view fields you want to update.\n","in":"path","name":"viewId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"examples":{"updateRuntimeFieldRequest":{"$ref":"#/components/examples/Data_views_create_runtime_field_request"}},"schema":{"type":"object","properties":{"name":{"description":"The name for a runtime field.\n","type":"string"},"runtimeField":{"description":"The runtime field definition object.\n","type":"object"}},"required":["name","runtimeField"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"data_view":{"type":"object"},"fields":{"items":{"type":"object"},"type":"array"}}}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_400_response"}}},"description":"Bad request"}},"summary":"Create or update a runtime field","tags":["data views"]}},"/api/data_views/data_view/{viewId}/runtime_field/{fieldName}":{"delete":{"operationId":"deleteRuntimeFieldDefault","parameters":[{"$ref":"#/components/parameters/Data_views_field_name"},{"$ref":"#/components/parameters/Data_views_view_id"}],"responses":{"200":{"description":"Indicates a successful call."},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_404_response"}}},"description":"Object is not found."}},"summary":"Delete a runtime field from a data view","tags":["data views"]},"get":{"operationId":"getRuntimeFieldDefault","parameters":[{"$ref":"#/components/parameters/Data_views_field_name"},{"$ref":"#/components/parameters/Data_views_view_id"}],"responses":{"200":{"content":{"application/json":{"examples":{"getRuntimeFieldResponse":{"$ref":"#/components/examples/Data_views_get_runtime_field_response"}},"schema":{"type":"object","properties":{"data_view":{"type":"object"},"fields":{"items":{"type":"object"},"type":"array"}}}}},"description":"Indicates a successful call."},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_404_response"}}},"description":"Object is not found."}},"summary":"Get a runtime field","tags":["data views"]},"post":{"operationId":"updateRuntimeFieldDefault","parameters":[{"$ref":"#/components/parameters/Data_views_field_name"},{"$ref":"#/components/parameters/Data_views_view_id"}],"requestBody":{"content":{"application/json":{"examples":{"updateRuntimeFieldRequest":{"$ref":"#/components/examples/Data_views_update_runtime_field_request"}},"schema":{"type":"object","properties":{"runtimeField":{"description":"The runtime field definition object.\n\nYou can update following fields:\n\n- `type`\n- `script`\n","type":"object"}},"required":["runtimeField"]}}},"required":true},"responses":{"200":{"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_400_response"}}},"description":"Bad request"}},"summary":"Update a runtime field","tags":["data views"]}},"/api/data_views/default":{"get":{"operationId":"getDefaultDataViewDefault","responses":{"200":{"content":{"application/json":{"examples":{"getDefaultDataViewResponse":{"$ref":"#/components/examples/Data_views_get_default_data_view_response"}},"schema":{"type":"object","properties":{"data_view_id":{"type":"string"}}}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_400_response"}}},"description":"Bad request"}},"summary":"Get the default data view","tags":["data views"]},"post":{"operationId":"setDefaultDatailViewDefault","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"setDefaultDataViewRequest":{"$ref":"#/components/examples/Data_views_set_default_data_view_request"}},"schema":{"type":"object","properties":{"data_view_id":{"description":"The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view.\n","nullable":true,"type":"string"},"force":{"default":false,"description":"Update an existing default data view identifier.","type":"boolean"}},"required":["data_view_id"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"acknowledged":{"type":"boolean"}}}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Data_views_400_response"}}},"description":"Bad request"}},"summary":"Set the default data view","tags":["data views"]}},"/api/data_views/swap_references":{"post":{"description":"Changes saved object references from one data view identifier to another. WARNING: Misuse can break large numbers of saved objects! Practicing with a backup is recommended.\n","operationId":"swapDataViewsDefault","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"swapDataViewRequest":{"$ref":"#/components/examples/Data_views_swap_data_view_request"}},"schema":{"$ref":"#/components/schemas/Data_views_swap_data_view_request_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"deleteStatus":{"type":"object","properties":{"deletePerformed":{"type":"boolean"},"remainingRefs":{"type":"integer"}}},"result":{"items":{"type":"object","properties":{"id":{"description":"A saved object identifier.","type":"string"},"type":{"description":"The saved object type.","type":"string"}}},"type":"array"}}}}},"description":"Indicates a successful call."}},"summary":"Swap saved object references","tags":["data views"]}},"/api/data_views/swap_references/_preview":{"post":{"description":"Preview the impact of swapping saved object references from one data view identifier to another.\n","operationId":"previewSwapDataViewsDefault","parameters":[{"$ref":"#/components/parameters/Data_views_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"examples":{"previewSwapDataViewRequest":{"$ref":"#/components/examples/Data_views_preview_swap_data_view_request"}},"schema":{"$ref":"#/components/schemas/Data_views_swap_data_view_request_object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"result":{"items":{"type":"object","properties":{"id":{"description":"A saved object identifier.","type":"string"},"type":{"description":"The saved object type.","type":"string"}}},"type":"array"}}}}},"description":"Indicates a successful call."}},"summary":"Preview a saved object reference swap","tags":["data views"]}},"/api/detection_engine/index":{"delete":{"operationId":"DeleteAlertsIndex","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"acknowledged":{"type":"boolean"}},"required":["acknowledged"]}}},"description":"Successful response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Not enough permissions response"},"404":{"content":{"application/json":{"schema":{"type":"string"}}},"description":"Index does not exist response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Delete an alerts index","tags":["Security Detections API"]},"get":{"operationId":"ReadAlertsIndex","responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"index_mapping_outdated":false,"name":".alerts-security.alerts-default"}}},"schema":{"type":"object","properties":{"index_mapping_outdated":{"nullable":true,"type":"boolean"},"name":{"type":"string"}},"required":["name","index_mapping_outdated"]}}},"description":"Successful response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Not enough permissions response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Not found"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Reads the alert index name if it exists","tags":["Security Detections API"]},"post":{"operationId":"CreateAlertsIndex","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"acknowledged":{"type":"boolean"}},"required":["acknowledged"]}}},"description":"Successful response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Not enough permissions response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Not found"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Create an alerts index","tags":["Security Detections API"]}},"/api/detection_engine/privileges":{"get":{"description":"Retrieves whether or not the user is authenticated, and the user's Kibana\nspace and index privileges, which determine if the user can create an\nindex for the Elastic Security alerts generated by\ndetection engine rules.\n","operationId":"ReadPrivileges","responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"application":{},"cluster":{"all":true,"manage":true,"manage_api_key":true,"manage_index_templates":true,"manage_ml":true,"manage_own_api_key":true,"manage_pipeline":true,"manage_security":true,"manage_transform":true,"monitor":true,"monitor_ml":true,"monitor_transform":true},"has_all_requested":true,"has_encryption_key":true,"index":{".alerts-security.alerts-default":{"all":true,"create":true,"create_doc":true,"create_index":true,"delete":true,"delete_index":true,"index":true,"maintenance":true,"manage":true,"monitor":true,"read":true,"view_index_metadata":true,"write":true}},"is_authenticated":true,"username":"elastic"}}},"schema":{"type":"object","properties":{"has_encryption_key":{"type":"boolean"},"is_authenticated":{"type":"boolean"}},"required":["is_authenticated","has_encryption_key"]}}},"description":"Successful response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Returns user privileges for the Kibana space","tags":["Security Detections API"]}},"/api/detection_engine/rules":{"delete":{"description":"Delete a detection rule using the `rule_id` or `id` field.\n\nThe URL query must include one of the following:\n\n* `id` - `DELETE /api/detection_engine/rules?id=\u003cid\u003e`\n* `rule_id`- `DELETE /api/detection_engine/rules?rule_id=\u003crule_id\u003e`\n\nThe difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation.\n","operationId":"DeleteRule","parameters":[{"description":"The rule's `id` value.","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"}},{"description":"The rule's `rule_id` value.","in":"query","name":"rule_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"}}},"description":"Indicates a successful call."}},"summary":"Delete a detection rule","tags":["Security Detections API"],"x-codeSamples":[{"lang":"cURL","source":"curl \\\n --request DELETE https://localhost:5601/api/detection_engine/rules?rule_id=bfeaf89b-a2a7-48a3-817f-e41829dc61ee \\\n --header \"Content-Type: application/json; Elastic-Api-Version=2023-10-31\"\n"}]},"get":{"description":"Retrieve a detection rule using the `rule_id` or `id` field.\n\nThe URL query must include one of the following:\n\n* `id` - `GET /api/detection_engine/rules?id=\u003cid\u003e`\n* `rule_id` - `GET /api/detection_engine/rules?rule_id=\u003crule_id\u003e`\n\nThe difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation.\n","operationId":"ReadRule","parameters":[{"description":"The rule's `id` value.","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"}},{"description":"The rule's `rule_id` value.","in":"query","name":"rule_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"}}],"responses":{"200":{"content":{"application/json":{"examples":{"example1":{"summary":"Example response for a retrieved rule","value":{"created_at":"2020-02-03T11:19:04.259Z","created_by":"elastic","description":"Process started by MS Office program in user folder","enabled":false,"execution_summary":{"last_execution":{"date":"2022-03-23T16:06:12.787Z","message":"This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.","metrics":{"execution_gap_duration_s":0,"total_indexing_duration_ms":15,"total_search_duration_ms":135},"status":"partial failure","status_order":20}},"false_positives":[],"filters":[{"query":{"match":{"event.action":{"query":"Process Create (rule: ProcessCreate)","type":"phrase"}}}}],"from":"now-4200s","id":"c41d170b-8ba6-4de6-b8ec-76440a35ace3","immutable":false,"interval":"1h","language":"kuery","max_signals":100,"name":"MS Office child process","query":"process.parent.name:EXCEL.EXE or process.parent.name:MSPUB.EXE or process.parent.name:OUTLOOK.EXE or process.parent.name:POWERPNT.EXE or process.parent.name:VISIO.EXE or process.parent.name:WINWORD.EXE","references":[],"related_integrations":[{"package":"o365","version":"^2.3.2"}],"required_fields":[{"ecs":true,"name":"process.name","type":"keyword"},{"ecs":true,"name":"process.parent.name","type":"keyword"}],"risk_score":21,"rule_id":"process_started_by_ms_office_user_folder","setup":"","severity":"low","tags":["child process","ms office"],"threat":[{"framework":"MITRE ATT\u0026CK","tactic":{"id":"TA0001","name":"Initial Access","reference":"https://attack.mitre.org/tactics/TA0001"},"technique":[{"id":"T1193","name":"Spearphishing Attachment","reference":"https://attack.mitre.org/techniques/T1193"}]}],"to":"now-300s","type":"query","updated_at":"2020-02-03T11:19:04.462Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"}}},"description":"Indicates a successful call.\n\u003e info\n\u003e These fields are under development and their usage or schema may change: execution_summary.\n"}},"summary":"Retrieve a detection rule","tags":["Security Detections API"],"x-codeSamples":[{"lang":"cURL","source":"curl \\\n --request GET https://localhost:5601/api/detection_engine/rules?rule_id=bfeaf89b-a2a7-48a3-817f-e41829dc61ee \\\n --header \"Content-Type: application/json; Elastic-Api-Version=2023-10-31\"\n"}]},"patch":{"description":"Update specific fields of an existing detection rule using the `rule_id` or `id` field.\n\nThe difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation.\n\u003e warn\n\u003e When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.\n\n\u003e If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.\n","operationId":"PatchRule","requestBody":{"content":{"application/json":{"examples":{"example1":{"summary":"Patch query rule","value":{"id":"14b7b513-3d8d-4b22-b7da-a7ae632f7e76","name":"New name"}},"example2":{"summary":"Patch EQL rule","value":{"rule_id":"process_started_by_ms_office_program_possible_payload","threat":[{"framework":"MITRE ATT\u0026CK","tactic":{"id":"TA0001","name":"Initial Access","reference":"https://attack.mitre.org/tactics/TA0001"},"technique":[{"id":"T1193","name":"Spearphishing Attachment","reference":"https://attack.mitre.org/techniques/T1193"}]}]}},"example3":{"summary":"Patch threshold rule","value":{"id":"005d2c4f-51ca-493d-a2bd-20ef076339b1","query":"agent.version : * and agent.id : \"243d9b4f-ca01-4311-8e5c-9abbee91afd8\"","threshold":{"cardinality":[],"field":[],"value":600}}},"example4":{"summary":"Patch new terms rule","value":{"history_window_start":"now-3d","id":"569aac91-40dc-4807-a8ae-a2c8698089c4","new_terms_fields":["Endpoint.policy.applied.artifacts.global.identifiers.name"]}},"example5":{"summary":"Patch esql rule","value":{"id":"0b15e8a2-49b6-47e0-a8e6-d63a6cc335bd","query":"FROM logs-abc*\n| STATS count = COUNT(*), min_timestamp = MIN(@timestamp)\n| EVAL event_rate = count / DATE_DIFF(\"seconds\", min_timestamp, NOW()) \n| KEEP event_rate\n"}},"example6":{"summary":"Patch indicator match rule","value":{"id":"462f1986-10fe-40a3-a22c-2b1c9c4c48fd","threat_query":"@timestamp \u003e= \"now-30d/d\" and event.module:(threatintel or ti_*) and threat.indicator.ip:* and not labels.is_ioc_transform_source:\"false\""}},"example7":{"summary":"Patch machine learning rule","value":{"anomaly_threshold":50,"id":"60b13926-289b-41b1-a537-197ef1fa5059","machine_learning_job_id":["auth_high_count_logon_events"]}}},"schema":{"$ref":"#/components/schemas/Security_Detections_API_RulePatchProps"}}},"description":"\u003e info\n\u003e You cannot modify the `id` or `rule_id` values.\n","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"example1":{"summary":"Example response for an updated rule","value":{"actions":[],"created_at":"2020-04-07T14:51:09.755Z","created_by":"elastic","description":"Updated description for the rule.","enabled":false,"false_positives":[],"filters":[{"query":null}],"from":"now-70m","id":"6541b99a-dee9-4f6d-a86d-dbd1869d73b1","immutable":false,"interval":"1h","language":"kuery","max_signals":100,"name":"Updated Rule Name","query":"process.parent.name:EXCEL.EXE or process.parent.name:MSPUB.EXE or process.parent.name:OUTLOOK.EXE or process.parent.name:POWERPNT.EXE or process.parent.name:VISIO.EXE or process.parent.name:WINWORD.EXE","references":[],"related_integrations":[{"package":"o365"}],"required_fields":[{"name":"process.parent.name"}],"risk_score":50,"rule_id":"process_started_by_ms_office_program","setup":"","severity":"low","tags":["child process","ms office"],"threat":[],"to":"now","type":"query","updated_at":"2020-04-07T14:51:09.970Z","updated_by":"elastic","version":2}}},"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"}}},"description":"Indicates a successful call."}},"summary":"Patch a detection rule","tags":["Security Detections API"]},"post":{"description":"Create a new detection rule.\n\u003e warn\n\u003e When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.\n\n\u003e If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.\n\nYou can create the following types of rules:\n\n* **Custom query**: Searches the defined indices and creates an alert when a document matches the rule's KQL query.\n* **Event correlation**: Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) query.\n* **Threshold**: Searches the defined indices and creates an alert when the number of times the specified field's value meets the threshold during a single execution. When there are multiple values that meet the threshold, an alert is generated for each value.\n For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule's search results. If you're interested, see [Terms Aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) for more information.\n* **Indicator match**: Creates an alert when fields match values defined in the specified [Elasticsearch index](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html). For example, you can create an index for IP addresses and use this index to create an alert whenever an event's `destination.ip` equals a value in the index. The index's field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html).\n* **New terms**: Generates an alert for each new term detected in source documents within a specified time range.\n* **ES|QL**: Uses [Elasticsearch Query Language (ES|QL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html) to find events and aggregate search results.\n* **Machine learning rules**: Creates an alert when a machine learning job discovers an anomaly above the defined threshold.\n\u003e info\n\u003e To create machine learning rules, you must have the [appropriate license](https://www.elastic.co/subscriptions) or use a [cloud deployment](https://cloud.elastic.co/registration). Additionally, for the machine learning rule to function correctly, the associated machine learning job must be running.\n\nTo retrieve machine learning job IDs, which are required to create machine learning jobs, call the [Elasticsearch Get jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html). Machine learning jobs that contain `siem` in the `groups` field can be used to create rules:\n\n```json\n...\n\"job_id\": \"linux_anomalous_network_activity_ecs\",\n\"job_type\": \"anomaly_detector\",\n\"job_version\": \"7.7.0\",\n\"groups\": [\n \"auditbeat\",\n \"process\",\n \"siem\"\n],\n...\n```\n\nAdditionally, you can set up notifications for when rules create alerts. The notifications use the [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html). Each action type requires a connector. Connectors store the information required to send notifications via external systems. The following connector types are supported for rule notifications:\n\n* Slack\n* Email\n* PagerDuty\n* Webhook\n* Microsoft Teams\n* IBM Resilient\n* Jira\n* ServiceNow ITSM\n\u003e info\n\u003e For more information on PagerDuty fields, see [Send a v2 Event](https://developer.pagerduty.com/docs/events-api-v2/trigger-events/).\n\nTo retrieve connector IDs, which are required to configure rule notifications, call the [Find objects API](https://www.elastic.co/guide/en/kibana/current/saved-objects-api-find.html) with `\"type\": \"action\"` in the request payload.\n\nFor detailed information on Kibana actions and alerting, and additional API calls, see:\n\n* [Alerting API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting)\n* [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html)\n* [Connectors API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-connectors)\n","operationId":"CreateRule","requestBody":{"content":{"application/json":{"examples":{"example1":{"description":"Query rule that searches for processes started by MS Office","summary":"Query rule","value":{"description":"Process started by MS Office program - possible payload","enabled":false,"filters":[{"query":{"match":{"event.action":{"query":"Process Create (rule: ProcessCreate)","type":"phrase"}}}}],"from":"now-70m","interval":"1h","language":"kuery","name":"MS Office child process","query":"process.parent.name:EXCEL.EXE or process.parent.name:MSPUB.EXE or process.parent.name:OUTLOOK.EXE or process.parent.name:POWERPNT.EXE or process.parent.name:VISIO.EXE or process.parent.name:WINWORD.EXE","related_integrations":[{"package":"o365","version":"^2.3.2"}],"required_fields":[{"name":"process.parent.name","type":"keyword"}],"risk_score":50,"rule_id":"process_started_by_ms_office_program","severity":"low","tags":["child process","ms office"],"type":"query"}},"example2":{"description":"Threshold rule that detects multiple failed login attempts to a Windows host from the same external source IP address","summary":"Threshold rule","value":{"description":"Detects when there are 20 or more failed login attempts from the same IP address with a 2 minute time frame.","enabled":true,"exceptions_list":[{"id":"int-ips","namespace_type":"single","type":"detection"}],"from":"now-180s","index":["winlogbeat-*"],"interval":"2m","name":"Windows server prml-19","query":"host.name:prml-19 and event.category:authentication and event.outcome:failure","required_fields":[{"name":"source.ip","type":"ip"}],"risk_score":30,"rule_id":"liv-win-ser-logins","severity":"low","severity_mapping":[{"field":"source.geo.city_name","operator":"equals","severity":"low","value":"Manchester"},{"field":"source.geo.city_name","operator":"equals","severity":"medium","value":"London"},{"field":"source.geo.city_name","operator":"equals","severity":"high","value":"Birmingham"},{"field":"source.geo.city_name","operator":"equals","severity":"critical","value":"Wallingford"}],"tags":["Brute force"],"threshold":{"field":"source.ip","value":20},"type":"threshold"}},"example3":{"description":"Machine learning rule that creates alerts, and sends Slack notifications, when the linux_anomalous_network_activity_ecs machine learning job discovers anomalies with a threshold of 70 or above.","summary":"Machine learning rule","value":{"actions":[{"action_type_id":".slack","group":"default","id":"5ad22cd5-5e6e-4c6c-a81a-54b626a4cec5","params":{"message":"Urgent: {{context.rule.description}}"}}],"anomaly_threshold":70,"description":"Generates alerts when the job discovers anomalies over 70","enabled":true,"from":"now-6m","interval":"5m","machine_learning_job_id":"linux_anomalous_network_activity_ecs","name":"Anomalous Linux network activity","note":"Shut down the internet.","risk_score":70,"rule_id":"ml_linux_network_high_threshold","setup":"This rule requires data coming in from Elastic Defend.","severity":"high","tags":["machine learning","Linux"],"type":"machine_learning"}},"example4":{"description":"Event correlation rule that creates alerts when the Windows rundll32.exe process makes unusual network connections","summary":"EQL rule","value":{"description":"Unusual rundll32.exe network connection","language":"eql","name":"rundll32.exe network connection","query":"sequence by process.entity_id with maxspan=2h [process where event.type in (\"start\", \"process_started\") and (process.name == \"rundll32.exe\" or process.pe.original_file_name == \"rundll32.exe\") and ((process.args == \"rundll32.exe\" and process.args_count == 1) or (process.args != \"rundll32.exe\" and process.args_count == 0))] [network where event.type == \"connection\" and (process.name == \"rundll32.exe\" or process.pe.original_file_name == \"rundll32.exe\")]","required_fields":[{"name":"event.type","type":"keyword"},{"name":"process.args","type":"keyword"},{"name":"process.args_count","type":"long"},{"name":"process.entity_id","type":"keyword"},{"name":"process.name","type":"keyword"},{"name":"process.pe.original_file_name","type":"keyword"}],"risk_score":21,"rule_id":"eql-outbound-rundll32-connections","severity":"low","tags":["EQL","Windows","rundll32.exe"],"type":"eql"}},"example5":{"description":"Indicator match rule that creates an alert when one of the following is true: The event's destination IP address and port number matches destination IP and port values in the threat_index index; The event's source IP address matches a host IP address value in the threat_index index.\n","summary":"Indicator match rule","value":{"actions":[],"description":"Checks for bad IP addresses listed in the ip-threat-list index","index":["packetbeat-*"],"name":"Bad IP threat match","query":"destination.ip:* or host.ip:*","required_fields":[{"name":"destination.ip","type":"ip"},{"name":"destination.port","type":"long"},{"name":"host.ip","type":"ip"}],"risk_score":50,"severity":"medium","threat_index":["ip-threat-list"],"threat_mapping":[{"entries":[{"field":"destination.ip","type":"mapping","value":"destination.ip"},{"field":"destination.port","type":"mapping","value":"destination.port"}]},{"entries":[{"field":"source.ip","type":"mapping","value":"host.ip"}]}],"threat_query":"*:*","type":"threat_match"}},"example6":{"description":"New terms rule that creates alerts a new IP address is detected for a user","summary":"New terms rule","value":{"description":"Detects a user associated with a new IP address","history_window_start":"now-30d","index":["auditbeat*"],"language":"kuery","name":"New User IP Detected","new_terms_fields":["user.id","source.ip"],"query":"*","required_fields":[{"name":"user.id","type":"keyword"},{"name":"source.ip","type":"ip"}],"risk_score":21,"severity":"medium","type":"new_terms"}},"example7":{"description":"esql rule that creates alerts from events that match an Excel parent process","summary":"Esql rule","value":{"description":"Find Excel events","enabled":false,"from":"now-360s","interval":"5m","language":"esql","name":"Find Excel events","query":"from auditbeat-8.10.2 METADATA _id, _version, _index | where process.parent.name == \"EXCEL.EXE\"","required_fields":[{"name":"process.parent.name","type":"keyword"}],"risk_score":21,"severity":"low","tags":[],"to":"now","type":"esql"}},"example8":{"description":"Query rule that searches for processes started by MS Office and suppresses alerts by the process.parent.name field within a 5-hour time period","summary":"Query rule 2","value":{"alert_suppression":{"duration":{"unit":"h","value":5},"group_by":["process.parent.name"],"missing_fields_strategy":"suppress"},"description":"Process started by MS Office program - possible payload","enabled":false,"filters":[{"query":{"match":{"event.action":{"query":"Process Create (rule: ProcessCreate)","type":"phrase"}}}}],"from":"now-70m","interval":"1h","language":"kuery","name":"MS Office child process","query":"process.parent.name:EXCEL.EXE or process.parent.name:MSPUB.EXE or process.parent.name:OUTLOOK.EXE or process.parent.name:POWERPNT.EXE or process.parent.name:VISIO.EXE or process.parent.name:WINWORD.EXE","risk_score":50,"rule_id":"process_started_by_ms_office_program","severity":"low","tags":["child process","ms office"],"type":"query"}}},"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleCreateProps"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"example1":{"description":"Example response for a query rule","summary":"Query rule response","value":{"actions":[],"created_at":"2020-04-07T14:51:09.755Z","created_by":"elastic","description":"Process started by MS Office program - possible payload","enabled":false,"false_positives":[],"filters":[{"query":{"match":{"event.action":{"query":"Process Create (rule: ProcessCreate)","type":"phrase"}}}}],"from":"now-70m","id":"6541b99a-dee9-4f6d-a86d-dbd1869d73b1","immutable":false,"interval":"1h","language":"kuery","max_signals":100,"name":"MS Office child process","query":"process.parent.name:EXCEL.EXE or process.parent.name:MSPUB.EXE or process.parent.name:OUTLOOK.EXE or process.parent.name:POWERPNT.EXE or process.parent.name:VISIO.EXE or process.parent.name:WINWORD.EXE","references":[],"related_integrations":[{"package":"o365","version":"^2.3.2"},{"integration":"graphactivitylogs","package":"azure","version":"^1.11.4"}],"required_fields":[{"ecs":true,"name":"process.parent.name","type":"keyword"}],"risk_score":50,"rule_id":"process_started_by_ms_office_program","setup":"","severity":"low","tags":["child process","ms office"],"threat":[],"to":"now","type":"query","updated_at":"2020-04-07T14:51:09.970Z","updated_by":"elastic","version":1}},"example2":{"description":"Example response for a machine learning job rule","summary":"Machine learning response","value":{"actions":[{"action_type_id":".slack","frequency":{"notifyWhen":"onActiveAlert","summary":true,"throttle":null},"group":"default","id":"5ad22cd5-5e6e-4c6c-a81a-54b626a4cec5","params":{"message":"Urgent: {{context.rule.description}}"}}],"anomaly_threshold":70,"created_at":"2020-04-07T14:45:15.679Z","created_by":"elastic","description":"Generates alerts when the job discovers anomalies over 70","enabled":true,"false_positives":[],"from":"now-6m","id":"83876f66-3a57-4a99-bf37-416494c80f3b","immutable":false,"interval":"5m","machine_learning_job_id":"linux_anomalous_network_activity_ecs","max_signals":100,"name":"Anomalous Linux network activity","note":"Shut down the internet.","references":[],"related_integrations":[],"required_fields":[],"risk_score":70,"rule_id":"ml_linux_network_high_threshold","setup":"","severity":"high","status":"going to run","status_date":"2020-04-07T14:45:21.685Z","tags":["machine learning","Linux"],"threat":[],"to":"now","type":"machine_learning","updated_at":"2020-04-07T14:45:15.892Z","updated_by":"elastic","version":1}},"example3":{"description":"Example response for a threshold rule","summary":"Threshold rule response","value":{"actions":[],"author":[],"created_at":"2020-07-22T10:27:23.486Z","created_by":"elastic","description":"Detects when there are 20 or more failed login attempts from the same IP address with a 2 minute time frame.","enabled":true,"exceptions_list":[{"id":"int-ips","namespace_type":"single","type":"detection"}],"false_positives":[],"from":"now-180s","id":"15dbde26-b627-4d74-bb1f-a5e0ed9e4993","immutable":false,"index":["winlogbeat-*"],"interval":"2m","language":"kuery","max_signals":100,"name":"Windows server prml-19","query":"host.name:prml-19 and event.category:authentication and event.outcome:failure","references":[],"related_integrations":[{"package":"o365","version":"^2.3.2"}],"required_fields":[{"ecs":true,"name":"source.ip","type":"ip"}],"risk_score":30,"risk_score_mapping":[],"rule_id":"liv-win-ser-logins","setup":"","severity":"low","severity_mapping":[{"field":"source.geo.city_name","operator":"equals","severity":"low","value":"Manchester"},{"field":"source.geo.city_name","operator":"equals","severity":"medium","value":"London"},{"field":"source.geo.city_name","operator":"equals","severity":"high","value":"Birmingham"},{"field":"source.geo.city_name","operator":"equals","severity":"critical","value":"Wallingford"}],"tags":["Brute force"],"threat":[],"threshold":{"field":"source.ip","value":20},"to":"now","type":"threshold","updated_at":"2020-07-22T10:27:23.673Z","updated_by":"elastic","version":1}},"example4":{"description":"Example response for an EQL rule","summary":"EQL rule response","value":{"author":[],"created_at":"2020-10-05T09:06:16.392Z","created_by":"elastic","description":"Unusual rundll32.exe network connection","enabled":true,"exceptions_list":[],"false_positives":[],"from":"now-6m","id":"93808cae-b05b-4dc9-8479-73574b50f8b1","immutable":false,"interval":"5m","language":"eql","max_signals":100,"name":"rundll32.exe network connection","query":"sequence by process.entity_id with maxspan=2h [process where event.type in (\"start\", \"process_started\") and (process.name == \"rundll32.exe\" or process.pe.original_file_name == \"rundll32.exe\") and ((process.args == \"rundll32.exe\" and process.args_count == 1) or (process.args != \"rundll32.exe\" and process.args_count == 0))] [network where event.type == \"connection\" and (process.name == \"rundll32.exe\" or process.pe.original_file_name == \"rundll32.exe\")]","references":[],"related_integrations":[{"package":"o365","version":"^2.3.2"}],"required_fields":[{"ecs":true,"name":"event.type","type":"keyword"},{"ecs":true,"name":"process.args","type":"keyword"},{"ecs":true,"name":"process.args_count","type":"long"},{"ecs":true,"name":"process.entity_id","type":"keyword"},{"ecs":true,"name":"process.name","type":"keyword"},{"ecs":true,"name":"process.pe.original_file_name","type":"keyword"}],"risk_score":21,"risk_score_mapping":[],"rule_id":"eql-outbound-rundll32-connections","setup":"","severity":"low","severity_mapping":[],"tags":["EQL","Windows","rundll32.exe"],"threat":[],"throttle":"no_actions","to":"now","type":"eql","updated_at":"2020-10-05T09:06:16.403Z","updated_by":"elastic","version":1}},"example5":{"description":"Example response for an indicator match rule","summary":"Indicator match rule response","value":{"author":[],"created_at":"2020-10-06T07:07:58.227Z","created_by":"elastic","description":"Checks for bad IP addresses listed in the ip-threat-list index","enabled":true,"exceptions_list":[],"false_positives":[],"from":"now-6m","id":"d5daa13f-81fb-4b13-be2f-31011e1d9ae1","immutable":false,"index":["packetbeat-*"],"interval":"5m","language":"kuery","max_signals":100,"name":"Bad IP threat match","query":"destination.ip:* or host.ip:*","references":[],"related_integrations":[{"package":"o365","version":"^2.3.2"}],"required_fields":[{"ecs":true,"name":"destination.ip","type":"ip"},{"ecs":true,"name":"destination.port","type":"long"},{"ecs":true,"name":"host.ip","type":"ip"}],"risk_score":50,"risk_score_mapping":[],"rule_id":"608501e4-c768-4f64-9326-cec55b5d439b","setup":"","severity":"medium","severity_mapping":[],"tags":[],"threat":[],"threat_index":["ip-threat-list"],"threat_mapping":[{"entries":[{"field":"destination.ip","type":"mapping","value":"destination.ip"},{"field":"destination.port","type":"mapping","value":"destination.port"}]},{"entries":[{"field":"source.ip","type":"mapping","value":"host.ip"}]}],"threat_query":"*:*","to":"now","type":"threat_match","updated_at":"2020-10-06T07:07:58.237Z","updated_by":"elastic","version":1}},"example6":{"description":"Example response for a new terms rule","summary":"New terms rule response","value":{"author":[],"created_at":"2020-10-06T07:07:58.227Z","created_by":"elastic","description":"Detects a user associated with a new IP address","enabled":true,"exceptions_list":[],"false_positives":[],"from":"now-6m","history_window_start":"now-30d","id":"eb7225c0-566b-11ee-8b4f-bbf3afdeb9f4","immutable":false,"index":["auditbeat*"],"interval":"5m","language":"kuery","max_signals":100,"name":"New User IP Detected","new_terms_fields":["user.id","source.ip"],"query":"*","references":[],"related_integrations":[{"package":"o365","version":"^2.3.2"}],"required_fields":[{"ecs":true,"name":"user.id","type":"keyword"},{"ecs":true,"name":"source.ip","type":"ip"}],"risk_score":21,"risk_score_mapping":[],"rule_id":"c6f5d0bc-7be9-47d4-b2f3-073d22641e30","setup":"","severity":"medium","severity_mapping":[],"tags":[],"threat":[],"to":"now","type":"new_terms","updated_at":"2020-10-06T07:07:58.237Z","updated_by":"elastic","version":1}},"example7":{"description":"Example response for an Esql rule","summary":"Esql rule response","value":{"actions":[],"author":[],"created_at":"2023-10-18T10:55:14.269Z","created_by":"elastic","description":"Find Excel events","enabled":false,"exceptions_list":[],"false_positives":[],"from":"now-360s","id":"d0f20490-6da4-11ee-b85e-09e9b661f2e2","immutable":false,"interval":"5m","language":"esql","max_signals":100,"name":"Find Excel events","output_index":"","query":"from auditbeat-8.10.2 METADATA _id | where process.parent.name == \"EXCEL.EXE\"","references":[],"related_integrations":[{"package":"o365","version":"^2.3.2"}],"required_fields":[{"ecs":true,"name":"process.parent.name","type":"keyword"}],"revision":0,"risk_score":21,"risk_score_mapping":[],"rule_id":"e4b53a89-debd-4a0d-a3e3-20606952e589","setup":"","severity":"low","severity_mapping":[],"tags":[],"threat":[],"to":"now","type":"esql","updated_at":"2023-10-18T10:55:14.269Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"}}},"description":"Indicates a successful call."}},"summary":"Create a detection rule","tags":["Security Detections API"]},"put":{"description":"Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted.\n\nThe difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation.\n\u003e warn\n\u003e When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.\n\n\u003e If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.\n","operationId":"UpdateRule","requestBody":{"content":{"application/json":{"examples":{"example1":{"summary":"Update query rule","value":{"description":"A new description","id":"14b7b513-3d8d-4b22-b7da-a7ae632f7e76","name":"A new name for the rule","risk_score":22,"severity":"medium","type":"query"}},"example2":{"summary":"Update EQL rule","value":{"description":"eql rule test","id":"9b684efb-acf9-4323-9bff-8335b3867d14","index":["apm-*-transaction*"],"language":"eql","name":"New name for EQL rule","query":"process where process.name == \"regsvr32.exe\"","risk_score":21,"severity":"low","type":"eql"}},"example3":{"summary":"Update threshold rule","value":{"description":"Description of threat rule test","id":"005d2c4f-51ca-493d-a2bd-20ef076339b1","language":"kuery","name":"New name for threat rule","query":"agent.version : * and agent.id : \"243d9b4f-ca01-4311-8e5c-9abbee91afd8\"","risk_score":21,"severity":"low","tags":["new_tag"],"threshold":{"cardinality":[],"field":[],"value":400},"type":"threshold"}},"example4":{"summary":"Update new terms rule","value":{"description":"New description","history_window_start":"now-7d","id":"569aac91-40dc-4807-a8ae-a2c8698089c4","interval":"5m","name":"New terms rule name","new_terms_fields":["Endpoint.policy.applied.artifacts.global.identifiers.name"],"query":"agent.version : \"9.1.0\"","risk_score":21,"severity":"low","type":"new_terms"}},"example5":{"summary":"Update esql rule","value":{"description":"New description for esql rule","id":"0b15e8a2-49b6-47e0-a8e6-d63a6cc335bd","language":"esql","name":"New name for esql rule","query":"FROM logs*\n| STATS count = COUNT(*), min_timestamp = MIN(@timestamp) /* MIN(dateField) finds the earliest timestamp in the dataset. */\n| EVAL event_rate = count / DATE_DIFF(\"seconds\", min_timestamp, NOW()) /* Calculates the event rate by dividing the total count of events by the time difference (in seconds) between the earliest event and the current time. */\n| KEEP event_rate\n","risk_score":21,"severity":"low","type":"esql"}},"example6":{"summary":"Update indicator match rule","value":{"description":"New description","id":"462f1986-10fe-40a3-a22c-2b1c9c4c48fd","name":"New name for Indicator Match rule","query":"source.ip:* or destination.ip:*\\n","risk_score":99,"severity":"critical","threat_index":["filebeat-*","logs-ti_*"],"threat_mapping":[{"entries":[{"field":"source.ip","type":"mapping","value":"threat.indicator.ip"}]},{"entries":[{"field":"destination.ip","type":"mapping","value":"threat.indicator.ip"}]}],"threat_query":"@timestamp \u003e= \"now-30d/d\" and event.module:(threatintel or ti_*) and threat.indicator.ip:* and not labels.is_ioc_transform_source:\"true\"","type":"threat_match"}},"example7":{"summary":"Update machine learning rule","value":{"anomaly_threshold":50,"description":"New description of ml rule","id":"60b13926-289b-41b1-a537-197ef1fa5059","machine_learning_job_id":["auth_high_count_logon_events"],"name":"New name of ml rule","risk_score":21,"severity":"low","type":"machine_learning"}}},"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleUpdateProps"}}},"description":"\u003e info\n\u003e All unspecified fields are deleted. You cannot modify the `id` or `rule_id` values.\n","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"example1":{"summary":"Example response for an updated rule","value":{"actions":[],"created_at":"2020-04-07T14:51:09.755Z","created_by":"elastic","description":"Updated description for the rule.","enabled":false,"false_positives":[],"filters":[{"query":null}],"from":"now-70m","id":"6541b99a-dee9-4f6d-a86d-dbd1869d73b1","immutable":false,"interval":"1h","language":"kuery","max_signals":100,"name":"Updated Rule Name","query":"process.parent.name:EXCEL.EXE or process.parent.name:MSPUB.EXE or process.parent.name:OUTLOOK.EXE or process.parent.name:POWERPNT.EXE or process.parent.name:VISIO.EXE or process.parent.name:WINWORD.EXE","references":[],"related_integrations":[{"package":"o365"}],"required_fields":[{"name":"process.parent.name"}],"risk_score":50,"rule_id":"process_started_by_ms_office_program","setup":"","severity":"low","tags":["child process","ms office"],"threat":[],"to":"now","type":"query","updated_at":"2020-04-07T14:51:09.970Z","updated_by":"elastic","version":2}}},"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"}}},"description":"Indicates a successful call."}},"summary":"Update a detection rule","tags":["Security Detections API"]}},"/api/detection_engine/rules/_bulk_action":{"post":{"description":"Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs.\n\nThe edit action allows you to add, delete, or set tags, index patterns, investigation fields, rule actions and schedules for multiple rules at once. \nThe edit action is idempotent, meaning that if you add a tag to a rule that already has that tag, no changes are made. The same is true for other edit actions, for example removing an index pattern that is not specified in a rule will not result in any changes. The only exception is the `add_rule_actions` and `set_rule_actions` action, which is non-idempotent. This means that if you add or set a rule action to a rule that already has that action, a new action is created with a new unique ID.\n\u003e warn\n\u003e When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.\n\n\u003e If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.\n","operationId":"PerformRulesBulkAction","parameters":[{"description":"Enables dry run mode for the request call.\n\nEnable dry run mode to verify that bulk actions can be applied to specified rules. Certain rules, such as prebuilt Elastic rules on a Basic subscription, can’t be edited and will return errors in the request response. Error details will contain an explanation, the rule name and/or ID, and additional troubleshooting information.\n\nTo enable dry run mode on a request, add the query parameter `dry_run=true` to the end of the request URL. Rules specified in the request will be temporarily updated. These updates won’t be written to Elasticsearch.\n\u003e info\n\u003e Dry run mode is not supported for the `export` bulk action. A 400 error will be returned in the request response.\n","in":"query","name":"dry_run","required":false,"schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"examples":{"example01":{"description":"The following request activates all rules with the test tag.","summary":"Enable - Enable all rules with the test tag","value":{"action":"enable","query":"alert.attributes.tags: \"test\""}},"example02":{"description":"The following request enables the rule with the specified ID.","summary":"Enable - Enable a specific rule by ID.","value":{"action":"enable","ids":["748694f0-6977-4ea5-8384-cd2e39730779"]}},"example03":{"description":"The following request disables the rule with the specified ID.","summary":"Disable - Disable a specific rule by ID","value":{"action":"disable","ids":["748694f0-6977-4ea5-8384-cd2e39730779"]}},"example04":{"description":"The following request duplicates rules with the specified IDs, including exceptions but not expired exceptions.","summary":"Duplicate - Duplicate rules with specific IDs","value":{"action":"duplicate","duplicate":{"include_exceptions":true,"include_expired_exceptions":false},"ids":["748694f0-6977-4ea5-8384-cd2e39730779","461a4c22-416e-4009-a9a7-cf79656454bf"]}},"example05":{"description":"The following request deletes the rule with the specified ID.","summary":"Delete - Delete a specific rule by ID","value":{"action":"delete","ids":["cf4abfd1-7c37-4519-ab0f-5ea5c75fac60"]}},"example06":{"description":"The following request runs the rule with the specified ID within the given date range.","summary":"Run - Run a specific rule by ID","value":{"action":"run","ids":["748694f0-6977-4ea5-8384-cd2e39730779"],"run":{"end_date":"2025-03-10T23:59:59.999Z","start_date":"2025-03-01T00:00:00.000Z"}}},"example07":{"description":"The following request exports the rules with the specified IDs.","summary":"Export - Export specific rules by ID","value":{"action":"export","ids":["748694f0-6977-4ea5-8384-cd2e39730779"]}},"example08":{"description":"The following request will validate that the add_index_patterns bulk action can be successfully applied to three rules. The dry_run parameter is specified in query parameters, e.g. POST api/detection_engine/rules/_bulk_action?dry_run=true","summary":"Edit - dry run - Validate add_index_patterns bulk action","value":{"action":"edit","edit":[{"type":"add_index_patterns","value":["test-*"]}],"ids":["81aa0480-06af-11ed-94fb-dd1a0597d8d2","dc015d10-0831-11ed-ac8b-05a222bd8d4a","de8f5af0-0831-11ed-ac8b-05a222bd8d4a"]}},"example09":{"description":"The following request adds the tag \"tag-1\" to the rules with the specified IDs. If the tag already exists for a rule, no changes are made.","summary":"Edit - Add a tag to rules (idempotent)","value":{"action":"edit","edit":[{"type":"add_tags","value":["tag-1"]}],"ids":["8bc7dad0-9320-11ec-9265-8b772383a08d","8e5c1a40-9320-11ec-9265-8b772383a08d"]}},"example10":{"description":"The following request adds two tags at the same time, tag-1 and tag-2, to the rules that have the IDs sent in the payload. If the tags already exist for a rule, no changes are made.","summary":"Edit - Add two tags to rules (idempotent)","value":{"action":"edit","edit":[{"type":"add_tags","value":["tag-1","tag-2"]}],"ids":["8bc7dad0-9320-11ec-9265-8b772383a08d","8e5c1a40-9320-11ec-9265-8b772383a08d"]}},"example11":{"description":"The following request removes the tag \"tag-1\" from the rules with the specified IDs. If the tag does not exist for a rule, no changes are made.","summary":"Edit - Delete a tag from rules (idempotent)","value":{"action":"edit","edit":[{"type":"delete_tags","value":["tag-1"]}],"ids":["8bc7dad0-9320-11ec-9265-8b772383a08d","8e5c1a40-9320-11ec-9265-8b772383a08d"]}},"example12":{"description":"The following request sets the tags \"tag-1\" and \"tag-2\" for the rules with the specified IDs, overwriting any existing tags. If the set of tags is the same as the existing tags, no changes are made.","summary":"Edit - Set (overwrite existing) tags for rules (idempotent)","value":{"action":"edit","edit":[{"type":"set_tags","value":["tag-1","tag-2"]}],"ids":["8bc7dad0-9320-11ec-9265-8b772383a08d","8e5c1a40-9320-11ec-9265-8b772383a08d"]}},"example13":{"description":"The following request adds the index pattern \"test-*\" to the rules with the specified IDs. If the index pattern already exists for a rule, no changes are made.","summary":"Edit - Add index patterns to rules (idempotent)","value":{"action":"edit","edit":[{"type":"add_index_patterns","value":["test-*"]}],"ids":["81aa0480-06af-11ed-94fb-dd1a0597d8d2","dc015d10-0831-11ed-ac8b-05a222bd8d4a"]}},"example14":{"description":"The following request removes the index pattern \"test-*\" from the rules with the specified IDs. If the index pattern does not exist for a rule, no changes are made.","summary":"Edit - Remove index patterns from rules (idempotent)","value":{"action":"edit","edit":[{"type":"delete_index_patterns","value":["test-*"]}],"ids":["81aa0480-06af-11ed-94fb-dd1a0597d8d2","dc015d10-0831-11ed-ac8b-05a222bd8d4a"]}},"example15":{"description":"The following request sets the index patterns \"test-*\" and \"prod-*\" for the rules with the specified IDs, overwriting any existing index patterns. If the set of index patterns is the same as the existing index patterns, no changes are made.","summary":"Edit - Set (overwrite existing) index patterns for rules patterns (idempotent)","value":{"action":"edit","edit":[{"type":"set_index_patterns","value":["test-*"]}],"ids":["81aa0480-06af-11ed-94fb-dd1a0597d8d2","dc015d10-0831-11ed-ac8b-05a222bd8d4a"]}},"example16":{"description":"The following request adds investigation field to the rules with the specified IDs.","summary":"Edit - Add investigation field to rules","value":{"action":"edit","edit":[{"type":"add_investigation_fields","value":{"field_names":["alert.status"]}}],"ids":["12345678-1234-1234-1234-1234567890ab","87654321-4321-4321-4321-0987654321ba"]}},"example17":{"description":"The following request deletes investigation fields from the rules with the specified IDs. If the field does not exist for a rule, no changes are made.","summary":"Edit - Delete investigation fields from rules (idempotent)","value":{"action":"edit","edit":[{"type":"delete_investigation_fields"}],"ids":["12345678-1234-1234-1234-1234567890ab","87654321-4321-4321-4321-0987654321ba"],"value":["field1","field2"]}},"example18":{"description":"The following request sets investigation fields for the rules with the specified IDs, overwriting any existing investigation fields. If the set of investigation fields is the same as the existing investigation fields, no changes are made.","summary":"Edit - Set (overwrite existing) investigation fields for rules (idempotent)","value":{"action":"edit","edit":[{"type":"set_investigation_fields","value":["field1","field2"]}],"ids":["12345678-1234-1234-1234-1234567890ab","87654321-4321-4321-4321-0987654321ba"]}},"example19":{"description":"The following request sets a timeline template for the rules with the specified IDs. If the same timeline template is already set for a rule, no changes are made.","summary":"Edit - Set (overwrite existing) timeline template for rules (idempotent)","value":{"action":"edit","edit":[{"type":"set_timeline","value":{"timeline_id":"3e827bab-838a-469f-bd1e-5e19a2bff2fd","timeline_title":"Alerts Involving a Single User Timeline"}}],"ids":["eacdfc95-e007-41c9-986e-4b2cbdfdc71b"]}},"example20":{"description":"The following request sets a schedule for the rules with the specified IDs. If the same schedule is already set for a rule, no changes are made.","summary":"Edit - Set (overwrite existing) schedule for rules (idempotent)","value":{"action":"edit","edit":[{"type":"set_schedule","value":{"interval":"1h","lookback":"30m"}}],"ids":["99887766-5544-3322-1100-aabbccddeeff"]}},"example21":{"description":"The following request adds rule actions to the rules with the specified IDs. Each new action receives its own unique ID.","summary":"Edit - Add rule actions to rules (non-idempotent)","value":{"action":"edit","edit":[{"type":"add_rule_actions","value":{"actions":[{"group":"default","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"body":"The message body"}}]}}],"ids":["9e946bfc-3118-4c77-bb25-67d781191928"]}},"example22":{"description":"The following request sets rule actions for the rules with the specified IDs. Each action receives its own unique ID.","summary":"Edit - Set (overwrite existing) rule actions for rules (non-idempotent)","value":{"action":"edit","edit":[{"type":"set_rule_actions","value":{"actions":[{"group":"default","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"body":"The message body"}}]}}],"ids":["9e946bfc-3118-4c77-bb25-67d781191928"]}},"example23":{"description":"The following request adds rule actions to the rules with the specified IDs. Each new action receives its own unique ID.","summary":"Edit - Add rule actions to rules for a webhook connector","value":{"action":"edit","edit":[{"type":"add_rule_actions","value":{"actions":[{"group":"default3","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"body":"The message body"}}]}}],"ids":["9e946bfc-3118-4c77-bb25-67d781191921"]}},"example24":{"description":"The following request adds rule actions to the rules with the specified IDs. Each new action receives its own unique ID.","summary":"Edit - Add rule actions to rules for an email connector","value":{"action":"edit","edit":[{"type":"add_rule_actions","value":{"actions":[{"group":"default3","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"message":"The message body","subject":"Subject","to":"address@domain.com"}}]}}],"ids":["9e946bfc-3118-4c77-bb25-67d781191921"]}},"example25":{"description":"The following request adds rule actions to the rules with the specified IDs. Each new action receives its own unique ID.","summary":"Edit - Add rule actions to rules for a slack connector","value":{"action":"edit","edit":[{"type":"add_rule_actions","value":{"actions":[{"group":"default3","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"message":"The content of the message"}}]}}],"ids":["9e946bfc-3118-4c77-bb25-67d781191921"]}},"example26":{"description":"The following request adds rule actions to the rules with the specified IDs. Each new action receives its own unique ID.","summary":"Edit - Add rule actions to rules for a PagerDuty connector","value":{"action":"edit","edit":[{"type":"add_rule_actions","value":{"actions":[{"group":"default3","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"eventAction":"trigger","severity":"critical","summary":"The message body","timestamp":"2023-10-31T00:00:00.000Z"}}]}}],"ids":["9e946bfc-3118-4c77-bb25-67d781191921"]}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_BulkDeleteRules"},{"$ref":"#/components/schemas/Security_Detections_API_BulkDisableRules"},{"$ref":"#/components/schemas/Security_Detections_API_BulkEnableRules"},{"$ref":"#/components/schemas/Security_Detections_API_BulkExportRules"},{"$ref":"#/components/schemas/Security_Detections_API_BulkDuplicateRules"},{"$ref":"#/components/schemas/Security_Detections_API_BulkManualRuleRun"},{"$ref":"#/components/schemas/Security_Detections_API_BulkEditRules"}]}}}},"responses":{"200":{"content":{"application/json":{"examples":{"example01":{"description":"In this response one rule was updated and one was skipped. Objects returned in attributes.results.skipped will only include rules' id, name, and skip_reason.","summary":"Successful response","value":{"attributes":{"results":{"created":[],"deleted":[],"skipped":[{"id":"51658332-a15e-4c9e-912a-67214e2e2359","name":"Skipped rule","skip_reason":"RULE_NOT_MODIFIED"}],"updated":[{"anomaly_threshold":50,"author":["Elastic"],"created_at":"2022-02-21T14:14:13.801Z","created_by":"elastic","description":"A machine learning job detected unusually large numbers of DNS queries for a single top-level DNS domain, which is often used for DNS tunneling. DNS tunneling can be used for command-and-control, persistence, or data exfiltration activity. For example, dnscat tends to generate many DNS questions for a top-level domain as it uses the DNS protocol to tunnel data.","enabled":true,"exceptions_list":[],"execution_summary":{"last_execution":{"date":"2022-03-23T16:06:12.787Z","message":"This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.","metrics":{"execution_gap_duration_s":0,"total_indexing_duration_ms":15,"total_search_duration_ms":135},"status":"partial failure","status_order":20}},"false_positives":["DNS domains that use large numbers of child domains, such as software or content distribution networks, can trigger this alert and such parent domains can be excluded."],"from":"now-45m","id":"8bc7dad0-9320-11ec-9265-8b772383a08d","immutable":false,"interval":"15m","license":"Elastic License v2","machine_learning_job_id":["packetbeat_dns_tunneling"],"max_signals":100,"name":"DNS Tunneling [Duplicate]","references":["https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"],"related_integrations":[],"required_fields":[],"risk_score":21,"risk_score_mapping":[],"rule_id":"7289bf08-4e91-4c70-bf01-e04c4c5d7756","setup":"","severity":"low","severity_mapping":[],"tags":["Elastic","Network","Threat Detection","ML"],"threat":[],"to":"now","type":"machine_learning","updated_at":"2022-02-21T17:05:50.883Z","updated_by":"elastic","version":6}]},"summary":{"failed":0,"skipped":1,"succeeded":1,"total":2}},"rules_count":1,"success":true}},"example02":{"description":"If processing of any rule fails, a partial error outputs the ID and/or name of the affected rule and the corresponding error, as well as successfully processed rules (in the same format as a successful 200 request).","summary":"Partial failure","value":{"value":{"attributes":{"errors":[{"message":"Index patterns can't be added. Machine learning rule doesn't have index patterns property","rules":[{"id":"8bc7dad0-9320-11ec-9265-8b772383a08d","name":"DNS Tunneling [Duplicate]"}],"status_code":500}],"results":{"created":[],"deleted":[],"skipped":[],"updated":[{"actions":[],"author":["Elastic"],"created_at":"2022-02-21T14:14:17.883Z","created_by":"elastic","description":"Generates a detection alert for each external alert written to the configured indices. Enabling this rule allows you to immediately begin investigating external alerts in the app.","enabled":true,"exceptions_list":[],"execution_summary":{"last_execution":{"date":"2022-03-23T16:06:12.787Z","message":"This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.","metrics":{"execution_gap_duration_s":0,"total_indexing_duration_ms":15,"total_search_duration_ms":135},"status":"partial failure","status_order":20}},"false_positives":[],"from":"now-6m","id":"8e5c1a40-9320-11ec-9265-8b772383a08d","immutable":false,"index":["apm-*-transaction*","traces-apm*","auditbeat-*","filebeat-*","logs-*","packetbeat-*","winlogbeat-*","added-by-id-*"],"interval":"5m","language":"kuery","license":"Elastic License v2","max_signals":10000,"name":"External Alerts [Duplicate]","query":"event.kind:alert and not event.module:(endgame or endpoint)\n","references":[],"related_integrations":[],"required_fields":[],"risk_score":47,"risk_score_mapping":[{"field":"event.risk_score","operator":"equals","value":""}],"rule_id":"941faf98-0cdc-4569-b16d-4af962914d61","rule_name_override":"message","setup":"","severity":"medium","severity_mapping":[{"field":"event.severity","operator":"equals","severity":"low","value":"21"},{"field":"event.severity","operator":"equals","severity":"medium","value":"47"},{"field":"event.severity","operator":"equals","severity":"high","value":"73"},{"field":"event.severity","operator":"equals","severity":"critical","value":"99"}],"tags":["Elastic","Network","Windows","APM","macOS","Linux"],"threat":[],"timestamp_override":"event.ingested","to":"now","type":"query","updated_at":"2022-02-21T16:56:22.818Z","updated_by":"elastic","version":5}]},"summary":{"failed":1,"skipped":0,"succeeded":1,"total":2}},"message":"Bulk edit partially failed","rules_count":2,"status_code":500,"success":false}}},"example03":{"description":"The attributes.errors section of the response shows that two rules failed to update and one succeeded. The same results would be returned if you ran the request without dry run mode enabled. Notice that there are no arrays in attributes.results. In dry run mode, rule updates are not applied and saved to Elasticsearch, so the endpoint wouldn’t return results for rules that have been updated, created, or deleted.","summary":"Dry run","value":{"attributes":{"errors":[{"err_code":"IMMUTABLE","message":"Elastic rule can't be edited","rules":[{"id":"81aa0480-06af-11ed-94fb-dd1a0597d8d2","name":"Unusual AWS Command for a User"}],"status_code":500},{"err_code":"MACHINE_LEARNING_INDEX_PATTERN","message":"Machine learning rule doesn't have index patterns","rules":[{"id":"dc015d10-0831-11ed-ac8b-05a222bd8d4a","name":"Suspicious Powershell Script [Duplicate]"}],"status_code":500}],"results":{"created":[],"deleted":[],"skipped":[],"updated":[]},"summary":{"failed":2,"skipped":0,"succeeded":1,"total":3}},"message":"Bulk edit partially failed","status_code":500}},"example04":{"description":"This example presents the successful setting of tags for 2 rules. There was a difference between the set of tags that were being added and the tags that were already set in the rules, that's why the rules were updated.","summary":"Set tags successsully for 2 rules","value":{"attributes":{"results":{"created":[],"deleted":[],"skipped":[],"updated":[{"actions":[],"author":[],"created_at":"2025-03-25T11:46:41.899Z","created_by":"elastic","description":"test","enabled":false,"exceptions_list":[],"false_positives":[],"filters":[],"from":"now-6m","id":"738112cd-6cfa-414a-8457-2a658845d6ba","immutable":false,"index":["apm-*-transaction*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","traces-apm*","winlogbeat-*","-*elastic-cloud-logs-*"],"interval":"5m","language":"kuery","license":"","max_signals":100,"meta":{"kibana_siem_app_url":"http://localhost:5601/kbn/app/security"},"name":"Rule 1","output_index":"","query":"*","references":[],"related_integrations":[],"required_fields":[],"revision":1,"risk_score":21,"risk_score_mapping":[],"rule_id":"6fb746a0-dfe5-40fa-b03f-5cbb84f3e32e","rule_source":{"type":"internal"},"setup":"","severity":"low","severity_mapping":[],"tags":["tag-1","tag-2"],"threat":[],"to":"now","type":"query","updated_at":"2025-03-25T11:47:11.350Z","updated_by":"elastic","version":2},{"actions":[{"action_type_id":".webhook","frequency":{"notifyWhen":"onActiveAlert","summary":true,"throttle":null},"group":"default","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"body":"Hello"},"uuid":"580e2e16-5e91-411c-999b-7b75a11ed441"}],"author":[],"created_at":"2025-03-25T09:49:08.343Z","created_by":"elastic","description":"test","enabled":false,"exceptions_list":[],"false_positives":[],"filters":[],"from":"now-360s","id":"eacdfc95-e007-41c9-986e-4b2cbdfdc71b","immutable":false,"index":["apm-*-transaction*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","traces-apm*","winlogbeat-*","-*elastic-cloud-logs-*"],"interval":"3m","investigation_fields":{"field_names":["alert.status","Endpoint.policy.applied.artifacts.global.channel"]},"language":"kuery","license":"","max_signals":100,"meta":{"from":"3m","kibana_siem_app_url":"http://localhost:5601/kbn/app/security"},"name":"Rule 2","output_index":"","query":"*","references":[],"related_integrations":[],"required_fields":[],"revision":33,"risk_score":21,"risk_score_mapping":[],"rule_id":"43250a55-53a3-4ddd-96cb-82a1bd720180","rule_source":{"type":"internal"},"setup":"","severity":"low","severity_mapping":[],"tags":["tag-1","tag-2"],"threat":[],"timeline_id":"3e827bab-838a-469f-bd1e-5e19a2bff2fd","timeline_title":"Alerts Involving a Single User Timeline","to":"now","type":"query","updated_at":"2025-03-25T11:47:11.357Z","updated_by":"elastic","version":24}]},"summary":{"failed":0,"skipped":0,"succeeded":2,"total":2}},"rules_count":2,"success":true}},"example05":{"description":"This example presents the idempotent behavior of the edit action with set_tags request. Both rules already had exactly the same tags that were being added, so no changes were made in any of them.","summary":"Idempotent behavior of set_tags","value":{"attributes":{"results":{"created":[],"deleted":[],"skipped":[{"id":"eacdfc95-e007-41c9-986e-4b2cbdfdc71b","name":"Rule 1","skip_reason":"RULE_NOT_MODIFIED"},{"id":"738112cd-6cfa-414a-8457-2a658845d6ba","name":"Rule 2","skip_reason":"RULE_NOT_MODIFIED"}],"updated":[]},"summary":{"failed":0,"skipped":2,"succeeded":0,"total":2}},"rules_count":2,"success":true}},"example06":{"description":"This example presents the idempotent behavior of the edit action with add_tags request. One rule was updated and one was skipped. The rule that was skipped already had all the tags that were being added.","summary":"Idempotent behavior of add_tags","value":{"attributes":{"results":{"created":[],"deleted":[],"skipped":[{"id":"738112cd-6cfa-414a-8457-2a658845d6ba","name":"Test Rule 2","skip_reason":"RULE_NOT_MODIFIED"}],"updated":[{"actions":[{"action_type_id":".webhook","frequency":{"notifyWhen":"onActiveAlert","summary":true,"throttle":null},"group":"default","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"body":"Hello"},"uuid":"580e2e16-5e91-411c-999b-7b75a11ed441"}],"author":[],"created_at":"2025-03-25T09:49:08.343Z","created_by":"elastic","description":"test","enabled":false,"exceptions_list":[],"false_positives":[],"filters":[],"from":"now-360s","id":"eacdfc95-e007-41c9-986e-4b2cbdfdc71b","immutable":false,"index":["apm-*-transaction*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","traces-apm*","winlogbeat-*","-*elastic-cloud-logs-*"],"interval":"3m","investigation_fields":{"field_names":["alert.status","Endpoint.policy.applied.artifacts.global.channel"]},"language":"kuery","license":"","max_signals":100,"meta":{"from":"3m","kibana_siem_app_url":"http://localhost:5601/kbn/app/security"},"name":"Test rule","output_index":"","query":"*","references":[],"related_integrations":[],"required_fields":[],"revision":34,"risk_score":21,"risk_score_mapping":[],"rule_id":"43250a55-53a3-4ddd-96cb-82a1bd720180","rule_source":{"type":"internal"},"setup":"","severity":"low","severity_mapping":[],"tags":["tag-1","tag-2","tag-4"],"threat":[],"timeline_id":"3e827bab-838a-469f-bd1e-5e19a2bff2fd","timeline_title":"Alerts Involving a Single User Timeline","to":"now","type":"query","updated_at":"2025-03-25T11:55:12.752Z","updated_by":"elastic","version":25}]},"summary":{"failed":0,"skipped":1,"succeeded":1,"total":2}},"rules_count":2,"success":true}},"example07":{"description":"This example shows a non-idempotent nature of the set_rule_actions requests. Regardless if the actions are the same as the existing actions for a rule, the actions are always set in the rule and receive a new unique ID.","summary":"Non-idempotent behavior for set_rule_actions","value":{"attributes":{"results":{"created":[],"deleted":[],"skipped":[],"updated":[{"actions":[{"action_type_id":".webhook","frequency":{"notifyWhen":"onActiveAlert","summary":true,"throttle":null},"group":"default","id":"20fbf986-a270-460e-80f3-7b83c08b430f","params":{"body":"Hello"},"uuid":"e48428e5-efac-4856-b8ad-b271c14eaa91"}],"author":[],"created_at":"2025-03-25T09:49:08.343Z","created_by":"elastic","description":"test","enabled":false,"exceptions_list":[],"false_positives":[],"filters":[],"from":"now-360s","id":"eacdfc95-e007-41c9-986e-4b2cbdfdc71b","immutable":false,"index":["apm-*-transaction*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","traces-apm*","winlogbeat-*","-*elastic-cloud-logs-*"],"interval":"3m","investigation_fields":{"field_names":["alert.status","Endpoint.policy.applied.artifacts.global.channel"]},"language":"kuery","license":"","max_signals":100,"meta":{"from":"3m","kibana_siem_app_url":"http://localhost:5601/kbn/app/security"},"name":"Test rule","output_index":"","query":"*","references":[],"related_integrations":[],"required_fields":[],"revision":39,"risk_score":21,"risk_score_mapping":[],"rule_id":"43250a55-53a3-4ddd-96cb-82a1bd720180","rule_source":{"type":"internal"},"setup":"","severity":"low","severity_mapping":[],"tags":["tag-1","tag-2","tag-4"],"threat":[],"timeline_id":"3e827bab-838a-469f-bd1e-5e19a2bff2fd","timeline_title":"Alerts Involving a Single User Timeline","to":"now","type":"query","updated_at":"2025-03-25T12:17:40.528Z","updated_by":"elastic","version":30}]},"summary":{"failed":0,"skipped":0,"succeeded":1,"total":1}},"rules_count":1,"success":true}},"example08":{"description":"This example shows a non-idempotent nature of the add_rule_actions requests. Regardless if the added action is the same as another existing action for a rule, the new action is added to the rule and receives a new unique ID.","summary":"Non-idempotent behavior for add_rule_actions","value":{"attributes":{"results":{"created":[],"deleted":[],"skipped":[],"updated":[{"actions":[{"action_type_id":".webhook","frequency":{"notifyWhen":"onActiveAlert","summary":true,"throttle":null},"group":"default","id":"76af173d-38d8-4a9a-b2cc-a3c695b845b4","params":{"body":"Message body"},"uuid":"0309347e-3954-429c-9168-5da2663389af"},{"action_type_id":".webhook","frequency":{"notifyWhen":"onActiveAlert","summary":true,"throttle":null},"group":"default","id":"76af173d-38d8-4a9a-b2cc-a3c695b845b4","params":{"body":"Message body"},"uuid":"49ddaa94-d63d-410e-90dc-8c1bad9552bd"}],"author":[],"created_at":"2025-04-02T12:42:03.400Z","created_by":"elastic","description":"test","enabled":false,"exceptions_list":[],"false_positives":[],"filters":[],"from":"now-6m","id":"0d3eb0cd-88c4-4651-ac87-6d9f0cb87217","immutable":false,"index":["apm-*-transaction*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","traces-apm*","winlogbeat-*","-*elastic-cloud-logs-*"],"interval":"5m","language":"kuery","license":"","max_signals":100,"meta":{"kibana_siem_app_url":"http://localhost:5601/kbn/app/security"},"name":"Jacek test rule","output_index":"","query":"*","references":[],"related_integrations":[],"required_fields":[],"revision":2,"risk_score":21,"risk_score_mapping":[],"rule_id":"2684c020-1370-4719-ac27-eafe6428fe10","rule_source":{"type":"internal"},"setup":"","severity":"low","severity_mapping":[],"tags":[],"threat":[],"to":"now","type":"query","updated_at":"2025-04-02T12:51:40.215Z","updated_by":"elastic","version":2}]},"summary":{"failed":0,"skipped":0,"succeeded":1,"total":1}},"rules_count":1,"success":true}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_BulkEditActionResponse"},{"$ref":"#/components/schemas/Security_Detections_API_BulkExportActionResponse"}]}}},"description":"OK"}},"summary":"Apply a bulk action to detection rules","tags":["Security Detections API"]}},"/api/detection_engine/rules/_export":{"post":{"description":"Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file:\n- Actions\n- Exception lists\n\u003e info\n\u003e Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules.\n\n\u003e You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules.\n\n\u003e Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately.\n","operationId":"ExportRules","parameters":[{"description":"Determines whether a summary of the exported rules is returned.","in":"query","name":"exclude_export_details","required":false,"schema":{"default":false,"type":"boolean"}},{"description":"File name for saving the exported rules.\n\u003e info\n\u003e When using cURL to export rules to a file, use the -O and -J options to save the rules to the file name specified in the URL.\n","in":"query","name":"file_name","required":false,"schema":{"default":"export.ndjson","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"nullable":true,"type":"object","properties":{"objects":{"description":"Array of `rule_id` fields. Exports all rules when unspecified.","items":{"type":"object","properties":{"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"}},"required":["rule_id"]},"type":"array"}},"required":["objects"]}}},"required":false},"responses":{"200":{"content":{"application/ndjson":{"schema":{"description":"An `.ndjson` file containing the returned rules.\n\nEach line in the file represents an object (a rule, exception list parent container, or exception list item), and the last line includes a summary of what was exported.\n","format":"binary","type":"string"}}},"description":"Indicates a successful call."}},"summary":"Export detection rules","tags":["Security Detections API"],"x-codeSamples":[{"lang":"cURL","source":"curl -X POST \"localhost:5601/api/detection_engine/rules/_export?exclude_export_details=true\u0026file_name=exported_rules.ndjson\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\n{\n \"objects\": [\n {\n \"rule_id\":\"343580b5-c811-447c-8d2d-2ccf052c6900\"\n },\n {\n \"rule_id\":\"2938c9fa-53eb-4c04-b79c-33cbf041b18d\"\n }\n ]\n}\n"}]}},"/api/detection_engine/rules/_find":{"get":{"description":"Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page.","operationId":"FindRules","parameters":[{"in":"query","name":"fields","required":false,"schema":{"items":{"type":"string"},"type":"array"}},{"description":"Search query\n\nFilters the returned results according to the value of the specified field, using the alert.attributes.\u003cfield name\u003e:\u003cfield value\u003e syntax, where \u003cfield name\u003e can be:\n- name\n- enabled\n- tags\n- createdBy\n- interval\n- updatedBy\n\u003e info\n\u003e Even though the JSON rule object uses created_by and updated_by fields, you must use createdBy and updatedBy fields in the filter.\n","in":"query","name":"filter","required":false,"schema":{"type":"string"}},{"description":"Field to sort by","in":"query","name":"sort_field","required":false,"schema":{"$ref":"#/components/schemas/Security_Detections_API_FindRulesSortField"}},{"description":"Sort order","in":"query","name":"sort_order","required":false,"schema":{"$ref":"#/components/schemas/Security_Detections_API_SortOrder"}},{"description":"Page number","in":"query","name":"page","required":false,"schema":{"default":1,"minimum":1,"type":"integer"}},{"description":"Rules per page","in":"query","name":"per_page","required":false,"schema":{"default":20,"minimum":0,"type":"integer"}},{"description":"Gaps range start","in":"query","name":"gaps_range_start","required":false,"schema":{"type":"string"}},{"description":"Gaps range end","in":"query","name":"gaps_range_end","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"example1":{"value":{"data":[{"created_at":"2020-02-02T10:05:19.613Z","created_by":"elastic","description":"Identifies a PowerShell process launched by either cscript.exe or wscript.exe. Observing Windows scripting processes executing a PowerShell script, may be indicative of malicious activity.","enabled":false,"execution_summary":{"last_execution":{"date":"2022-03-23T16:06:12.787Z","message":"This rule attempted to query data from Elasticsearch indices listed in the \"Index pattern\" section of the rule definition, but no matching index was found.","metrics":{"execution_gap_duration_s":0,"total_indexing_duration_ms":15,"total_search_duration_ms":135},"status":"partial failure","status_order":20}},"false_positives":[],"from":"now-6m","id":"89761517-fdb0-4223-b67b-7621acc48f9e","immutable":true,"index":["winlogbeat-*"],"interval":"5m","language":"kuery","max_signals":33,"name":"Windows Script Executing PowerShell","query":"event.action:\"Process Create (rule: ProcessCreate)\" and process.parent.name:(\"wscript.exe\" or \"cscript.exe\") and process.name:\"powershell.exe\"","references":[],"related_integrations":[{"package":"o365","version":"^2.3.2"}],"required_fields":[{"ecs":true,"name":"event.action","type":"keyword"},{"ecs":true,"name":"process.name","type":"keyword"},{"ecs":true,"name":"process.parent.name","type":"keyword"}],"risk_score":21,"rule_id":"f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc","setup":"","severity":"low","tags":["Elastic","Windows"],"threat":[{"framework":"MITRE ATT\u0026CK","tactic":{"id":"TA0002","name":"Execution","reference":"https://attack.mitre.org/tactics/TA0002/"},"technique":[{"id":"T1193","name":"Spearphishing Attachment","reference":"https://attack.mitre.org/techniques/T1193/"}]}],"to":"now","type":"query","updated_at":"2020-02-02T10:05:19.830Z","updated_by":"elastic"}],"page":1,"perPage":5,"total":4}}},"schema":{"type":"object","properties":{"data":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"},"type":"array"},"page":{"type":"integer"},"perPage":{"type":"integer"},"total":{"type":"integer"}},"required":["page","perPage","total","data"]}}},"description":"Successful response\n\u003e info\n\u003e These fields are under development and their usage or schema may change: execution_summary.\n"}},"summary":"List all detection rules","tags":["Security Detections API"],"x-codeSamples":[{"lang":"cURL","source":"curl -X GET \"localhost:5601/api/detection_engine/rules/_find?page=1\u0026per_page=5\u0026sort_field=enabled\u0026sort_order=asc\u0026filter=alert.attributes.name:windows\" -H 'kbn-xsrf: true'\n"}]}},"/api/detection_engine/rules/_import":{"post":{"description":"Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include:\n- The `Content-Type: multipart/form-data` HTTP header.\n- A link to the `.ndjson` file containing the rules.\n\u003e warn\n\u003e When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.\n\n\u003e If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.\n\u003e info\n\u003e To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information.\n\n\u003e info\n\u003e Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules.\n\n\u003e You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules.\n\n\u003e Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately.\n","operationId":"ImportRules","parameters":[{"description":"Determines whether existing rules with the same `rule_id` are overwritten.","in":"query","name":"overwrite","required":false,"schema":{"default":false,"type":"boolean"}},{"description":"Determines whether existing exception lists with the same `list_id` are overwritten. Both the exception list container and its items are overwritten.","in":"query","name":"overwrite_exceptions","required":false,"schema":{"default":false,"type":"boolean"}},{"description":"Determines whether existing actions with the same `kibana.alert.rule.actions.id` are overwritten.","in":"query","name":"overwrite_action_connectors","required":false,"schema":{"default":false,"type":"boolean"}},{"description":"Generates a new list ID for each imported exception list.","in":"query","name":"as_new_list","required":false,"schema":{"default":false,"type":"boolean"}}],"requestBody":{"content":{"multipart/form-data":{"schema":{"type":"object","properties":{"file":{"description":"The `.ndjson` file containing the rules.","format":"binary","type":"string"}}}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"example1":{"summary":"Import rules with success","value":{"errors":[],"exceptions_errors":[],"exceptions_success":true,"exceptions_success_count":0,"rules_count":1,"success":true,"success_count":1}}},"schema":{"additionalProperties":false,"type":"object","properties":{"action_connectors_errors":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ErrorSchema"},"type":"array"},"action_connectors_success":{"type":"boolean"},"action_connectors_success_count":{"minimum":0,"type":"integer"},"action_connectors_warnings":{"items":{"$ref":"#/components/schemas/Security_Detections_API_WarningSchema"},"type":"array"},"errors":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ErrorSchema"},"type":"array"},"exceptions_errors":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ErrorSchema"},"type":"array"},"exceptions_success":{"type":"boolean"},"exceptions_success_count":{"minimum":0,"type":"integer"},"rules_count":{"minimum":0,"type":"integer"},"success":{"type":"boolean"},"success_count":{"minimum":0,"type":"integer"}},"required":["exceptions_success","exceptions_success_count","exceptions_errors","rules_count","success","success_count","errors","action_connectors_errors","action_connectors_warnings","action_connectors_success","action_connectors_success_count"]}}},"description":"Indicates a successful call."}},"summary":"Import detection rules","tags":["Security Detections API"],"x-codeSamples":[{"lang":"cURL","source":"curl -X POST \"\u003cKibanaURL\u003e/api/detection_engine/rules/_import\"\n-u \u003cusername\u003e:\u003cpassword\u003e -H 'kbn-xsrf: true'\n-H 'Content-Type: multipart/form-data'\n--form \"file=@\u003clink to file\u003e\"\n"}]}},"/api/detection_engine/rules/{id}/exceptions":{"post":{"description":"Create exception items that apply to a single detection rule.","operationId":"CreateRuleExceptionListItems","parameters":[{"description":"Detection rule's identifier","examples":{"id":{"value":"330bdd28-eedf-40e1-bed0-f10176c7f9e0"}},"in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_RuleId"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"items":[{"description":"This is a sample detection type exception item.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"},{"field":"host.name","operator":"included","type":"match_any","value":["saturn","jupiter"]}],"item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"type":"simple"}]},"type":"object","properties":{"items":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps"},"type":"array"}},"required":["items"]}}},"description":"Rule exception items.","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"ruleExceptionItems":{"value":[{"_version":"WzQsMV0=","comments":[],"created_at":"2025-01-07T20:07:33.119Z","created_by":"elastic","description":"This is a sample detection type exception item.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"},{"field":"host.name","operator":"included","type":"match_any","value":["saturn","jupiter"]}],"id":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"09434836-9db9-4942-a234-5a9268e0b34c","type":"simple","updated_at":"2025-01-07T20:07:33.119Z","updated_by":"elastic"}]}},"schema":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItem"},"type":"array"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badPayload":{"value":{"error":"Bad Request","message":"Invalid request payload JSON format","statusCode":400}},"badRequest":{"value":{"error":"Bad Request","message":"[request params]: id: Invalid uuid","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"message":"Unable to create exception-list","status_code":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Create rule exception items","tags":["Security Exceptions API"]}},"/api/detection_engine/rules/prepackaged":{"put":{"description":"Install and update all Elastic prebuilt detection rules and Timelines.\n\nThis endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. \nWhen you call this endpoint, it will:\n- Install any new prebuilt detection rules that are not currently installed in your system.\n- Update any existing prebuilt detection rules that have been modified or improved by Elastic.\n- Install any new prebuilt Timelines that are not currently installed in your system.\n- Update any existing prebuilt Timelines that have been modified or improved by Elastic.\n\nThis ensures that your detection engine is always up-to-date with the latest rules and Timelines, \nproviding you with the most current and effective threat detection capabilities.\n","operationId":"InstallPrebuiltRulesAndTimelines","responses":{"200":{"content":{"application/json":{"examples":{"example1":{"value":{"rules_installed":112,"rules_updated":0,"timelines_installed":5,"timelines_updated":2}}},"schema":{"additionalProperties":false,"type":"object","properties":{"rules_installed":{"description":"The number of rules installed","minimum":0,"type":"integer"},"rules_updated":{"description":"The number of rules updated","minimum":0,"type":"integer"},"timelines_installed":{"description":"The number of timelines installed","minimum":0,"type":"integer"},"timelines_updated":{"description":"The number of timelines updated","minimum":0,"type":"integer"}},"required":["rules_installed","rules_updated","timelines_installed","timelines_updated"]}}},"description":"Indicates a successful call"}},"summary":"Install prebuilt detection rules and Timelines","tags":["Security Detections API"]}},"/api/detection_engine/rules/prepackaged/_status":{"get":{"description":"Retrieve the status of all Elastic prebuilt detection rules and Timelines. \n\nThis endpoint provides detailed information about the number of custom rules, installed prebuilt rules, available prebuilt rules that are not installed, outdated prebuilt rules, installed prebuilt timelines, available prebuilt timelines that are not installed, and outdated prebuilt timelines.\n","operationId":"ReadPrebuiltRulesAndTimelinesStatus","responses":{"200":{"content":{"application/json":{"examples":{"example1":{"value":{"rules_custom_installed":0,"rules_installed":0,"rules_not_installed":112,"rules_not_updated":0,"timelines_installed":0,"timelines_not_installed":0,"timelines_not_updated":0}}},"schema":{"additionalProperties":false,"type":"object","properties":{"rules_custom_installed":{"description":"The total number of custom rules","minimum":0,"type":"integer"},"rules_installed":{"description":"The total number of installed prebuilt rules","minimum":0,"type":"integer"},"rules_not_installed":{"description":"The total number of available prebuilt rules that are not installed","minimum":0,"type":"integer"},"rules_not_updated":{"description":"The total number of outdated prebuilt rules","minimum":0,"type":"integer"},"timelines_installed":{"description":"The total number of installed prebuilt timelines","minimum":0,"type":"integer"},"timelines_not_installed":{"description":"The total number of available prebuilt timelines that are not installed","minimum":0,"type":"integer"},"timelines_not_updated":{"description":"The total number of outdated prebuilt timelines","minimum":0,"type":"integer"}},"required":["rules_custom_installed","rules_installed","rules_not_installed","rules_not_updated","timelines_installed","timelines_not_installed","timelines_not_updated"]}}},"description":"Indicates a successful call"}},"summary":"Retrieve the status of prebuilt detection rules and Timelines","tags":["Security Detections API"]}},"/api/detection_engine/rules/preview":{"post":{"operationId":"RulePreview","parameters":[{"description":"Enables logging and returning in response ES queries, performed during rule execution","in":"query","name":"enable_logged_requests","required":false,"schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_EqlRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewParams"}]},{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewParams"}]},{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewParams"}]},{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewParams"}]},{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewParams"}]},{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewParams"}]},{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewParams"}]},{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewParams"}]}],"discriminator":{"propertyName":"type"}}}},"description":"An object containing tags to add or remove and alert ids the changes will be applied","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"isAborted":{"type":"boolean"},"logs":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewLogs"},"type":"array"},"previewId":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"}},"required":["logs"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Preview rule alerts generated on specified time range","tags":["Security Detections API"]}},"/api/detection_engine/signals/assignees":{"post":{"description":"Assign users to detection alerts, and unassign them from alerts.\n\u003e info\n\u003e You cannot add and remove the same assignee in the same request.\n","operationId":"SetAlertAssignees","requestBody":{"content":{"application/json":{"examples":{"add":{"value":{"assignees":{"add":["u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0"],"remove":[]},"ids":["681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6"]}},"remove":{"value":{"assignees":{"add":[],"remove":["u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0"]},"ids":["681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6"]}}},"schema":{"type":"object","properties":{"assignees":{"$ref":"#/components/schemas/Security_Detections_API_AlertAssignees","description":"Details about the assignees to assign and unassign."},"ids":{"$ref":"#/components/schemas/Security_Detections_API_AlertIds"}},"required":["assignees","ids"]}}},"required":true},"responses":{"200":{"content":{"application/ndjson":{"examples":{"add":{"value":{"batches":"1,","deleted":"0,","failures":[],"noops":"0,","requests_per_second":"-1,","retries":[{"bulk":"0,"},{"search":0}],"throttled_millis":"0,","throttled_until_millis":"0,","timed_out":"false,","took":"76,","total":"1,","updated":"1,","version_conflicts":"0,"}}}}},"description":"Indicates a successful call."},"400":{"description":"Invalid request."}},"summary":"Assign and unassign users from detection alerts","tags":["Security Detections API"]}},"/api/detection_engine/signals/finalize_migration":{"post":{"deprecated":true,"description":"Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias.\nThe endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion,\nfinalize it.\n","operationId":"FinalizeAlertsMigration","requestBody":{"content":{"application/json":{"schema":{"example":{"migration_ids":["924f7c50-505f-11eb-ae0a-3fa2e626a51d"]},"type":"object","properties":{"migration_ids":{"description":"Array of `migration_id`s to finalize.","items":{"type":"string"},"minItems":1,"type":"array"}},"required":["migration_ids"]}}},"description":"Array of `migration_id`s to finalize","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"migrations":[{"completed":true,"destinationIndex":".siem-signals-default-000002-r000016","id":"924f7c50-505f-11eb-ae0a-3fa2e626a51d","sourceIndex":".siem-signals-default-000002","status":"success","updated":"2021-01-06T22:05:56.859Z","version":16}]}}},"schema":{"items":{"$ref":"#/components/schemas/Security_Detections_API_MigrationFinalizationResult"},"type":"array"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Finalize detection alert migrations","tags":["Security Detections API"]}},"/api/detection_engine/signals/migration":{"delete":{"deprecated":true,"description":"Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of\nthe migration process. A successful migration will result in both the old and new indices being present.\nAs such, the old, orphaned index can (and likely should) be deleted.\n\nWhile you can delete these indices manually,\nthe endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted\nafter 30 days. It also deletes other artifacts specific to the migration implementation.\n","operationId":"AlertsMigrationCleanup","requestBody":{"content":{"application/json":{"schema":{"example":{"migration_ids":["924f7c50-505f-11eb-ae0a-3fa2e626a51d"]},"type":"object","properties":{"migration_ids":{"description":"Array of `migration_id`s to cleanup.","items":{"type":"string"},"minItems":1,"type":"array"}},"required":["migration_ids"]}}},"description":"Array of `migration_id`s to cleanup","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"migrations":[{"destinationIndex":".siem-signals-default-000002-r000016","id":"924f7c50-505f-11eb-ae0a-3fa2e626a51d","sourceIndex":".siem-signals-default-000002","status":"success","updated":"2021-01-06T22:05:56.859Z","version":16}]}}},"schema":{"items":{"$ref":"#/components/schemas/Security_Detections_API_MigrationCleanupResult"},"type":"array"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Clean up detection alert migrations","tags":["Security Detections API"]},"post":{"deprecated":true,"description":"Initiate a migration of detection alerts.\nMigrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly.\n","operationId":"CreateAlertsMigration","requestBody":{"content":{"application/json":{"examples":{"singleIndex":{"value":{"index":[".siem-signals-default-000001"]}}},"schema":{"allOf":[{"type":"object","properties":{"index":{"description":"Array of index names to migrate.","items":{"format":"nonempty","minLength":1,"type":"string"},"minItems":1,"type":"array"}},"required":["index"]},{"$ref":"#/components/schemas/Security_Detections_API_AlertsReindexOptions"}]}}},"description":"Alerts migration parameters","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"indices":[{"index":".siem-signals-default-000001,","migration_id":"923f7c50-505f-11eb-ae0a-3fa2e626a51d","migration_index":".siem-signals-default-000001-r000016"}]}}},"schema":{"type":"object","properties":{"indices":{"items":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess"},{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexMigrationError"},{"$ref":"#/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration"}]},"type":"array"}},"required":["indices"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Initiate a detection alert migration","tags":["Security Detections API"]}},"/api/detection_engine/signals/migration_status":{"get":{"deprecated":true,"description":"Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices.","operationId":"ReadAlertsMigrationStatus","parameters":[{"description":"Maximum age of qualifying detection alerts","in":"query","name":"from","required":true,"schema":{"description":"Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes\nbefore its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).\n","example":"now-30d","format":"date-math","type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"indices":[{"index":".siem-signals-default-000002","is_outdated":true,"migrations":[{"id":"924f7c50-505f-11eb-ae0a-3fa2e626a51d","status":"pending","updated":"2021-01-06T20:41:37.173Z","version":16}],"signal_versions":[{"count":100,"version":15},{"count":87,"version":16}],"version":15},{"index":".siem-signals-default-000003","is_outdated":false,"migrations":[],"signal_versions":[{"count":54,"version":16}],"version":16}]}}},"schema":{"type":"object","properties":{"indices":{"items":{"$ref":"#/components/schemas/Security_Detections_API_IndexMigrationStatus"},"type":"array"}},"required":["indices"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Retrieve the status of detection alert migrations","tags":["Security Detections API"]}},"/api/detection_engine/signals/search":{"post":{"description":"Find and/or aggregate detection alerts that match the given query.","operationId":"SearchAlerts","requestBody":{"content":{"application/json":{"examples":{"query":{"value":{"aggs":{"alertsByGrouping":{"terms":{"field":"host.name","size":10}},"missingFields":{"missing":{"field":"host.name"}}},"query":{"bool":{"filter":[{"bool":{"filter":[{"match_phrase":{"kibana.alert.workflow_status":"open"}}],"must":[],"must_not":[{"exists":{"field":"kibana.alert.building_block_type"}}],"should":[]}},{"range":{"@timestamp":{"gte":"2025-01-17T08:00:00.000Z","lte":"2025-01-18T07:59:59.999Z"}}}]}},"runtime_mappings":{},"size":0}}},"schema":{"description":"Elasticsearch query and aggregation request","type":"object","properties":{"_source":{"oneOf":[{"type":"boolean"},{"type":"string"},{"items":{"type":"string"},"type":"array"}]},"aggs":{"additionalProperties":true,"type":"object"},"fields":{"items":{"type":"string"},"type":"array"},"query":{"additionalProperties":true,"type":"object"},"runtime_mappings":{"additionalProperties":true,"type":"object"},"size":{"minimum":0,"type":"integer"},"sort":{"$ref":"#/components/schemas/Security_Detections_API_AlertsSort"},"track_total_hits":{"type":"boolean"}}}}},"description":"Search and/or aggregation query","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"_shards":{"failed":0,"skipped":0,"successful":1,"total":1},"aggregations":{"alertsByGrouping":{"buckets":[{"doc_count":5,"key":"Host-f43kkddfyc"}],"doc_count_error_upper_bound":0,"sum_other_doc_count":0},"missingFields":{"doc_count":0}},"hits":{"hits":[],"max_score":null,"total":{"relation":"eq","value":5}},"timed_out":false,"took":0}}},"schema":{"additionalProperties":true,"description":"Elasticsearch search response","type":"object"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Find and/or aggregate detection alerts","tags":["Security Detections API"]}},"/api/detection_engine/signals/status":{"post":{"description":"Set the status of one or more detection alerts.","operationId":"SetAlertsStatus","requestBody":{"content":{"application/json":{"examples":{"byId":{"value":{"signal_ids":["80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1"],"status":"closed"}},"byQuery":{"value":{"conflicts":"proceed","query":{"bool":{"filter":[{"@timestamp":{"format":"strict_date_optional_time","gte":"2024-10-23T07:00:00.000Z","lte":"2025-01-21T20:12:11.704Z"},"range":null},{"bool":{"filter":{"bool":{"filter":[{"match_phrase":{"kibana.alert.workflow_status":"open"}},{"@timestamp":{"format":"strict_date_optional_time","gte":"2024-10-23T07:00:00.000Z","lte":"2025-01-21T20:12:11.704Z"},"range":null}],"must":[],"must_not":[{"exists":{"field":"kibana.alert.building_block_type"}}],"should":[]}}}}],"must":[],"must_not":[],"should":[]}},"status":"closed"}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_SetAlertsStatusByIds"},{"$ref":"#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery"}]}}},"description":"An object containing desired status and explicit alert ids or a query to select alerts","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"byId":{"value":{"batches":1,"deleted":0,"failures":[],"noops":0,"requests_per_second":-1,"retries":{"bulk":0,"search":0},"throttled_millis":0,"throttled_until_millis":0,"timed_out":false,"took":81,"total":1,"updated":1,"version_conflicts":0}},"byQuery":{"value":{"batches":1,"deleted":0,"failures":[],"noops":0,"requests_per_second":-1,"retries":{"bulk":0,"search":0},"throttled_millis":0,"throttled_until_millis":0,"timed_out":false,"took":100,"total":17,"updated":17,"version_conflicts":0}}},"schema":{"additionalProperties":true,"description":"Elasticsearch update by query response","type":"object"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Set a detection alert status","tags":["Security Detections API"]}},"/api/detection_engine/signals/tags":{"post":{"description":"And tags to detection alerts, and remove them from alerts.\n\u003e info\n\u003e You cannot add and remove the same alert tag in the same request.\n","operationId":"SetAlertTags","requestBody":{"content":{"application/json":{"examples":{"add":{"value":{"ids":["549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e"],"tags":{"tags_to_add":["Duplicate"],"tags_to_remove":[]}}},"remove":{"value":{"ids":["549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e"],"tags":{"tags_to_add":[],"tags_to_remove":["Duplicate"]}}}},"schema":{"type":"object","properties":{"ids":{"$ref":"#/components/schemas/Security_Detections_API_AlertIds"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_SetAlertTags"}},"required":["ids","tags"]}}},"description":"An object containing tags to add or remove and alert ids the changes will be applied","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"batches":"1,","deleted":"0,","failures":[],"noops":"0,","requests_per_second":"-1,","retries":{"bulk":"0,","search":0},"throttled_millis":"0,","throttled_until_millis":"0,","timed_out":"false,","took":"68,","total":"1,","updated":"1,","version_conflicts":"0,"}}},"schema":{"additionalProperties":true,"description":"Elasticsearch update by query response","type":"object"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Detections_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Add and remove detection alert tags","tags":["Security Detections API"]}},"/api/detection_engine/tags":{"get":{"description":"List all unique tags from all detection rules.","operationId":"ReadTags","responses":{"200":{"content":{"application/json":{"examples":{"example1":{"value":["zeek","suricata","windows","linux","network","initial access","remote access","phishing"]}},"schema":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"}}},"description":"Indicates a successful call"}},"summary":"List all detection rule tags","tags":["Security Detections API"]}},"/api/encrypted_saved_objects/_rotate_key":{"post":{"description":"Superuser role required.\n\nIf a saved object cannot be decrypted using the primary encryption key, then Kibana will attempt to decrypt it using the specified decryption-only keys. In most of the cases this overhead is negligible, but if you're dealing with a large number of saved objects and experiencing performance issues, you may want to rotate the encryption key.\n\nThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n","operationId":"rotateEncryptionKey","parameters":[{"description":"Specifies a maximum number of saved objects that Kibana can process in a single batch. Bulk key rotation is an iterative process since Kibana may not be able to fetch and process all required saved objects in one go and splits processing into consequent batches. By default, the batch size is 10000, which is also a maximum allowed value.\n","in":"query","name":"batch_size","required":false,"schema":{"default":10000,"type":"number"}},{"description":"Limits encryption key rotation only to the saved objects with the specified type. By default, Kibana tries to rotate the encryption key for all saved object types that may contain encrypted attributes.\n","in":"query","name":"type","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"rotateEncryptionKeyResponse":{"$ref":"#/components/examples/Saved_objects_key_rotation_response"}},"schema":{"type":"object","properties":{"failed":{"description":"Indicates the number of the saved objects that were still encrypted with one of the old encryption keys that Kibana failed to re-encrypt with the primary key.\n","type":"number"},"successful":{"description":"Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption.\n\nNOTE: In most cases, `total` will be greater than `successful` even if `failed` is zero. The reason is that Kibana may not need or may not be able to rotate encryption keys for all encrypted saved objects.\n","type":"number"},"total":{"description":"Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption.\n","type":"number"}}}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request"},"429":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Already in progress."}},"summary":"Rotate a key for encrypted saved objects","tags":["saved objects"]}},"/api/endpoint_list":{"post":{"description":"Create an endpoint exception list, which groups endpoint exception list items. If an endpoint exception list already exists, an empty response is returned.","operationId":"CreateEndpointList","responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Insufficient privileges"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error"}},"summary":"Create an endpoint exception list","tags":["Security Endpoint Exceptions API"]}},"/api/endpoint_list/items":{"delete":{"description":"Delete an endpoint exception list item using the `id` or `item_id` field.","operationId":"DeleteEndpointListItem","parameters":[{"description":"Either `id` or `item_id` must be specified","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId"}},{"description":"Either `id` or `item_id` must be specified","in":"query","name":"item_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Insufficient privileges"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Endpoint list item not found"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error"}},"summary":"Delete an endpoint exception list item","tags":["Security Endpoint Exceptions API"]},"get":{"description":"Get the details of an endpoint exception list item using the `id` or `item_id` field.","operationId":"ReadEndpointListItem","parameters":[{"description":"Either `id` or `item_id` must be specified","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId"}},{"description":"Either `id` or `item_id` must be specified","in":"query","name":"item_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId"}}],"responses":{"200":{"content":{"application/json":{"schema":{"items":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem"},"type":"array"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Insufficient privileges"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Endpoint list item not found"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error"}},"summary":"Get an endpoint exception list item","tags":["Security Endpoint Exceptions API"]},"post":{"description":"Create an endpoint exception list item, and associate it with the endpoint exception list.","operationId":"CreateEndpointListItem","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"comments":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray","default":[]},"description":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription"},"entries":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray"},"item_id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId"},"meta":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta"},"name":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName"},"os_types":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray","default":[]},"tags":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags","default":[]},"type":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType"}},"required":["type","name","description","entries"]}}},"description":"Exception list item's properties","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Insufficient privileges"},"409":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Endpoint list item already exists"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error"}},"summary":"Create an endpoint exception list item","tags":["Security Endpoint Exceptions API"]},"put":{"description":"Update an endpoint exception list item using the `id` or `item_id` field.","operationId":"UpdateEndpointListItem","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"_version":{"type":"string"},"comments":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray","default":[]},"description":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription"},"entries":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray"},"id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId","description":"Either `id` or `item_id` must be specified"},"item_id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId","description":"Either `id` or `item_id` must be specified"},"meta":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta"},"name":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName"},"os_types":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray","default":[]},"tags":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags"},"type":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType"}},"required":["type","name","description","entries"]}}},"description":"Exception list item's properties","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Insufficient privileges"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Endpoint list item not found"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error"}},"summary":"Update an endpoint exception list item","tags":["Security Endpoint Exceptions API"]}},"/api/endpoint_list/items/_find":{"get":{"description":"Get a list of all endpoint exception list items.","operationId":"FindEndpointListItems","parameters":[{"description":"Filters the returned results according to the value of the specified field,\nusing the `\u003cfield name\u003e:\u003cfield value\u003e` syntax.\n","in":"query","name":"filter","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter"}},{"description":"The page number to return","in":"query","name":"page","required":false,"schema":{"minimum":0,"type":"integer"}},{"description":"The number of exception list items to return per page","in":"query","name":"per_page","required":false,"schema":{"minimum":0,"type":"integer"}},{"description":"Determines which field is used to sort the results","in":"query","name":"sort_field","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"}},{"description":"Determines the sort order, which can be `desc` or `asc`","in":"query","name":"sort_order","required":false,"schema":{"enum":["desc","asc"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"data":{"items":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem"},"type":"array"},"page":{"minimum":0,"type":"integer"},"per_page":{"minimum":0,"type":"integer"},"pit":{"type":"string"},"total":{"minimum":0,"type":"integer"}},"required":["data","page","per_page","total"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse"}}},"description":"Insufficient privileges"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Endpoint list not found"},"500":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error"}},"summary":"Get endpoint exception list items","tags":["Security Endpoint Exceptions API"]}},"/api/endpoint/action":{"get":{"description":"Get a list of all response actions.","operationId":"EndpointGetActionsList","parameters":[{"in":"query","name":"page","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Page"}},{"in":"query","name":"pageSize","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PageSize"}},{"in":"query","name":"commands","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Commands"}},{"in":"query","name":"agentIds","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentIds"}},{"in":"query","name":"userIds","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_UserIds"}},{"in":"query","name":"startDate","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_StartDate"}},{"in":"query","name":"endDate","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndDate"}},{"in":"query","name":"agentTypes","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"}},{"in":"query","name":"withOutputs","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_WithOutputs"}},{"in":"query","name":"types","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Types"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListResponse"}}},"description":"OK"}},"summary":"Get response actions","tags":["Security Endpoint Management API"]}},"/api/endpoint/action_status":{"get":{"description":"Get the status of response actions for the specified agent IDs.","operationId":"EndpointGetActionsStatus","parameters":[{"in":"query","name":"query","required":true,"schema":{"type":"object","properties":{"agent_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentIds"}}}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse"}}},"description":"OK"}},"summary":"Get response actions status","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/{action_id}":{"get":{"description":"Get the details of a response action using the action ID.","operationId":"EndpointGetActionsDetails","parameters":[{"in":"path","name":"action_id","required":true,"schema":{"description":"The ID of the action to retrieve.","example":"fr518850-681a-4y60-aa98-e22640cae2b8","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionResponse"}}},"description":"OK"}},"summary":"Get action details","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/{action_id}/file/{file_id}":{"get":{"description":"Get information for the specified file using the file ID.","operationId":"EndpointFileInfo","parameters":[{"in":"path","name":"action_id","required":true,"schema":{"type":"string"}},{"in":"path","name":"file_id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_SuccessResponse"}}},"description":"OK"}},"summary":"Get file information","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/{action_id}/file/{file_id}/download":{"get":{"description":"Download a file from an endpoint.","operationId":"EndpointFileDownload","parameters":[{"in":"path","name":"action_id","required":true,"schema":{"type":"string"}},{"in":"path","name":"file_id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_SuccessResponse"}}},"description":"OK"}},"summary":"Download a file","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/execute":{"post":{"description":"Run a shell command on an endpoint.","operationId":"EndpointExecuteAction","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteResponse"}}},"description":"OK"}},"summary":"Run a command","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/get_file":{"post":{"description":"Get a file from an endpoint.","operationId":"EndpointGetFileAction","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_GetFileRouteResponse"}}},"description":"OK"}},"summary":"Get a file","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/isolate":{"post":{"description":"Isolate an endpoint from the network. The endpoint remains isolated until it's released.","operationId":"EndpointIsolateAction","requestBody":{"content":{"application/json":{"examples":{"multiple_endpoints":{"summary":"Isolates several hosts; includes a comment","value":{"comment":"Locked down, pending further investigation","endpoint_ids":["9972d10e-4b9e-41aa-a534-a85e2a28ea42","bc0e4f0c-3bca-4633-9fee-156c0b505d16","fa89271b-b9d4-43f2-a684-307cffddeb5a"]}},"single_endpoint":{"summary":"Isolates a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8","value":{"endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"]}},"with_case_id":{"summary":"Isolates a single host with a case_id value of 1234","value":{"case_ids":["4976be38-c134-4554-bd5e-0fd89ce63667"],"comment":"Isolating as initial response","endpoint_ids":["1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0","b30a11bf-1395-4707-b508-fbb45ef9793e"]}}},"schema":{"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_IsolateRouteResponse"}}},"description":"OK"}},"summary":"Isolate an endpoint","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/kill_process":{"post":{"description":"Terminate a running process on an endpoint.","operationId":"EndpointKillProcessAction","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteResponse"}}},"description":"OK"}},"summary":"Terminate a process","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/running_procs":{"post":{"description":"Get a list of all processes running on an endpoint.","operationId":"EndpointGetProcessesAction","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteResponse"}}},"description":"OK"}},"summary":"Get running processes","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/runscript":{"post":{"description":"Run a shell command on an endpoint.","operationId":"RunScriptAction","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_SuccessResponse"}}},"description":"OK"}},"summary":"Run a script","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/scan":{"post":{"description":"Scan a specific file or directory on an endpoint for malware.","operationId":"EndpointScanAction","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_ScanRouteResponse"}}},"description":"OK"}},"summary":"Scan a file or directory","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/state":{"get":{"description":"Get a response actions state, which reports whether encryption is enabled.","operationId":"EndpointGetActionsState","responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse"}}},"description":"OK"}},"summary":"Get actions state","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/suspend_process":{"post":{"description":"Suspend a running process on an endpoint.","operationId":"EndpointSuspendProcessAction","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteResponse"}}},"description":"OK"}},"summary":"Suspend a process","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/unisolate":{"post":{"description":"Release an isolated endpoint, allowing it to rejoin a network.","operationId":"EndpointUnisolateAction","requestBody":{"content":{"application/json":{"examples":{"multipleHosts":{"summary":"Releases several hosts; includes a comment:","value":{"comment":"Benign process identified, releasing group","endpoint_ids":["9972d10e-4b9e-41aa-a534-a85e2a28ea42","bc0e4f0c-3bca-4633-9fee-156c0b505d16","fa89271b-b9d4-43f2-a684-307cffddeb5a"]}},"singleHost":{"summary":"Releases a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8","value":{"endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"]}},"withCaseId":{"summary":"Releases hosts with an associated case; includes a comment.","value":{"case_ids":["4976be38-c134-4554-bd5e-0fd89ce63667"],"comment":"Remediation complete, restoring network","endpoint_ids":["1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0","b30a11bf-1395-4707-b508-fbb45ef9793e"]}}},"schema":{"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteResponse"}}},"description":"OK"}},"summary":"Release an isolated endpoint","tags":["Security Endpoint Management API"]}},"/api/endpoint/action/upload":{"post":{"description":"Upload a file to an endpoint.","operationId":"EndpointUploadAction","requestBody":{"content":{"multipart/form-data":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_UploadRouteResponse"}}},"description":"OK"}},"summary":"Upload a file","tags":["Security Endpoint Management API"]}},"/api/endpoint/metadata":{"get":{"operationId":"GetEndpointMetadataList","parameters":[{"in":"query","name":"page","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Page"}},{"in":"query","name":"pageSize","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PageSize"}},{"in":"query","name":"kuery","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Kuery"}},{"in":"query","name":"hostStatuses","required":true,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_HostStatuses"}},{"in":"query","name":"sortField","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_SortField"}},{"in":"query","name":"sortDirection","required":false,"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_SortDirection"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_MetadataListResponse"}}},"description":"OK"}},"summary":"Get a metadata list","tags":["Security Endpoint Management API"]}},"/api/endpoint/metadata/{id}":{"get":{"operationId":"GetEndpointMetadata","parameters":[{"in":"path","name":"id","required":true,"schema":{"example":"ed518850-681a-4d60-bb98-e22640cae2a8","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointMetadataResponse"}}},"description":"OK"}},"summary":"Get metadata","tags":["Security Endpoint Management API"]}},"/api/endpoint/policy_response":{"get":{"operationId":"GetPolicyResponse","parameters":[{"in":"query","name":"query","required":true,"schema":{"type":"object","properties":{"agentId":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentId"}}}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_SuccessResponse"}}},"description":"OK"}},"summary":"Get a policy response","tags":["Security Endpoint Management API"]}},"/api/endpoint/protection_updates_note/{package_policy_id}":{"get":{"operationId":"GetProtectionUpdatesNote","parameters":[{"in":"path","name":"package_policy_id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse"}}},"description":"OK"}},"summary":"Get a protection updates note","tags":["Security Endpoint Management API"]},"post":{"operationId":"CreateUpdateProtectionUpdatesNote","parameters":[{"in":"path","name":"package_policy_id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"note":{"type":"string"}}}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse"}}},"description":"OK"}},"summary":"Create or update a protection updates note","tags":["Security Endpoint Management API"]}},"/api/entity_analytics/monitoring/engine/init":{"post":{"operationId":"InitMonitoringEngine","responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_MonitoringEngineDescriptor"}}},"description":"Successful response"}},"summary":"Initialize the Privilege Monitoring Engine","tags":["Security Entity Analytics API"]}},"/api/entity_analytics/monitoring/privileges/health":{"get":{"operationId":"PrivMonHealth","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}}}}},"description":"Successful response"}},"summary":"Health check on Privilege Monitoring","tags":["Security Entity Analytics API"]}},"/api/entity_analytics/monitoring/users":{"post":{"operationId":"CreatePrivMonUser","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_UserName"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc"}}},"description":"User created successfully"}},"summary":"Create a new monitored user","tags":["Security Entity Analytics API"]}},"/api/entity_analytics/monitoring/users/_csv":{"post":{"operationId":"BulkUploadUsersCSV","requestBody":{"content":{"text/csv":{"schema":{"type":"string"}}},"description":"CSV file containing users to upsert","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"upserted_count":{"type":"integer"}}}}},"description":"Successful response"}},"summary":"Upsert multiple monitored users via CSV upload","tags":["Security Entity Analytics API"]}},"/api/entity_analytics/monitoring/users/_json":{"post":{"operationId":"BulkUploadUsersJSON","requestBody":{"content":{"text/json":{"schema":{"type":"object","properties":{"users":{"items":{"type":"object","properties":{"is_monitored":{"type":"boolean"},"user_name":{"type":"string"}}},"type":"array"}}}}},"description":"JSON file containing users to upsert","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"upserted_count":{"type":"integer"}}}}},"description":"Successful response"}},"summary":"Upsert multiple monitored users via JSON upload","tags":["Security Entity Analytics API"]}},"/api/entity_analytics/monitoring/users/{id}":{"delete":{"operationId":"DeletePrivMonUser","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"aknowledged":{"description":"Indicates if the deletion was successful","type":"boolean"},"message":{"description":"A message providing additional information about the deletion status","type":"string"}},"required":["success"]}}},"description":"User deleted successfully"}},"summary":"Delete a monitored user","tags":["Security Entity Analytics API"]},"get":{"operationId":"GetPrivMonUser","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc"}}},"description":"User details retrieved"}},"summary":"Retrieve a monitored user by ID","tags":["Security Entity Analytics API"]},"put":{"operationId":"UpdatePrivMonUser","parameters":[{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc"}}},"description":"User updated successfully"}},"summary":"Update a monitored user","tags":["Security Entity Analytics API"]}},"/api/entity_analytics/monitoring/users/list":{"get":{"operationId":"ListPrivMonUsers","parameters":[{"description":"KQL query to filter the list of monitored users","in":"query","name":"kql","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc"},"type":"array"}}},"description":"List of monitored users"}},"summary":"List all monitored users","tags":["Security Entity Analytics API"]}},"/api/entity_store/enable":{"post":{"operationId":"InitEntityStore","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"delay":{"default":"1m","description":"The delay before the transform will run.","pattern":"[smdh]$","type":"string"},"docsPerSecond":{"description":"The number of documents per second to process.","type":"integer"},"enrichPolicyExecutionInterval":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_Interval"},"entityTypes":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityType"},"type":"array"},"fieldHistoryLength":{"default":10,"description":"The number of historical values to keep for each field.","type":"integer"},"filter":{"type":"string"},"frequency":{"default":"1m","description":"The frequency at which the transform will run.","pattern":"[smdh]$","type":"string"},"indexPattern":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_IndexPattern"},"lookbackPeriod":{"default":"24h","description":"The amount of time the transform looks back to calculate the aggregations.","pattern":"[smdh]$","type":"string"},"timeout":{"default":"180s","description":"The timeout for initializing the aggregating transform.","pattern":"[smdh]$","type":"string"},"timestampField":{"default":"@timestamp","description":"The field to use as the timestamp.","type":"string"}}}}},"description":"Schema for the entity store initialization","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"engines":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor"},"type":"array"},"succeeded":{"type":"boolean"}}}}},"description":"Successful response"},"400":{"description":"Invalid request"}},"summary":"Initialize the Entity Store","tags":["Security Entity Analytics API"]}},"/api/entity_store/engines":{"get":{"operationId":"ListEntityEngines","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"count":{"type":"integer"},"engines":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor"},"type":"array"}}}}},"description":"Successful response"}},"summary":"List the Entity Engines","tags":["Security Entity Analytics API"]}},"/api/entity_store/engines/{entityType}":{"delete":{"operationId":"DeleteEntityEngine","parameters":[{"description":"The entity type of the engine (either 'user' or 'host').","in":"path","name":"entityType","required":true,"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityType"}},{"description":"Control flag to also delete the entity data.","in":"query","name":"data","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"deleted":{"type":"boolean"}}}}},"description":"Successful response"}},"summary":"Delete the Entity Engine","tags":["Security Entity Analytics API"]},"get":{"operationId":"GetEntityEngine","parameters":[{"description":"The entity type of the engine (either 'user' or 'host').","in":"path","name":"entityType","required":true,"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityType"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor"}}},"description":"Successful response"}},"summary":"Get an Entity Engine","tags":["Security Entity Analytics API"]}},"/api/entity_store/engines/{entityType}/init":{"post":{"operationId":"InitEntityEngine","parameters":[{"description":"The entity type of the engine (either 'user' or 'host').","in":"path","name":"entityType","required":true,"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityType"}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"delay":{"default":"1m","description":"The delay before the transform will run.","pattern":"[smdh]$","type":"string"},"docsPerSecond":{"description":"The number of documents per second to process.","type":"integer"},"enrichPolicyExecutionInterval":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_Interval"},"fieldHistoryLength":{"default":10,"description":"The number of historical values to keep for each field.","type":"integer"},"filter":{"type":"string"},"frequency":{"default":"1m","description":"The frequency at which the transform will run.","pattern":"[smdh]$","type":"string"},"indexPattern":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_IndexPattern"},"lookbackPeriod":{"default":"24h","description":"The amount of time the transform looks back to calculate the aggregations.","pattern":"[smdh]$","type":"string"},"timeout":{"default":"180s","description":"The timeout for initializing the aggregating transform.","pattern":"[smdh]$","type":"string"},"timestampField":{"default":"@timestamp","description":"The field to use as the timestamp for the entity type.","type":"string"}}}}},"description":"Schema for the engine initialization","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor"}}},"description":"Successful response"},"400":{"description":"Invalid request"}},"summary":"Initialize an Entity Engine","tags":["Security Entity Analytics API"]}},"/api/entity_store/engines/{entityType}/start":{"post":{"operationId":"StartEntityEngine","parameters":[{"description":"The entity type of the engine","in":"path","name":"entityType","required":true,"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityType"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"started":{"type":"boolean"}}}}},"description":"Successful response"}},"summary":"Start an Entity Engine","tags":["Security Entity Analytics API"]}},"/api/entity_store/engines/{entityType}/stop":{"post":{"operationId":"StopEntityEngine","parameters":[{"description":"The entity type of the engine (either 'user' or 'host').","in":"path","name":"entityType","required":true,"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityType"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"stopped":{"type":"boolean"}}}}},"description":"Successful response"}},"summary":"Stop an Entity Engine","tags":["Security Entity Analytics API"]}},"/api/entity_store/engines/apply_dataview_indices":{"post":{"operationId":"ApplyEntityEngineDataviewIndices","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"result":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult"},"type":"array"},"success":{"type":"boolean"}}}}},"description":"Successful response"},"207":{"content":{"application/json":{"schema":{"type":"object","properties":{"errors":{"items":{"type":"string"},"type":"array"},"result":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult"},"type":"array"},"success":{"type":"boolean"}}}}},"description":"Partial successful response"},"500":{"content":{"application/json":{"schema":{"type":"object","properties":{"body":{"type":"string"},"statusCode":{"type":"number"}}}}},"description":"Error response"}},"summary":"Apply DataView indices to all installed engines","tags":["Security Entity Analytics API"]}},"/api/entity_store/entities/list":{"get":{"description":"List entities records, paging, sorting and filtering as needed.","operationId":"ListEntities","parameters":[{"in":"query","name":"sort_field","required":false,"schema":{"type":"string"}},{"in":"query","name":"sort_order","required":false,"schema":{"enum":["asc","desc"],"type":"string"}},{"in":"query","name":"page","required":false,"schema":{"minimum":1,"type":"integer"}},{"in":"query","name":"per_page","required":false,"schema":{"maximum":10000,"minimum":1,"type":"integer"}},{"description":"An ES query to filter by.","in":"query","name":"filterQuery","required":false,"schema":{"type":"string"}},{"in":"query","name":"entity_types","required":true,"schema":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityType"},"type":"array"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"inspect":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_InspectQuery"},"page":{"minimum":1,"type":"integer"},"per_page":{"maximum":1000,"minimum":1,"type":"integer"},"records":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_Entity"},"type":"array"},"total":{"minimum":0,"type":"integer"}},"required":["records","page","per_page","total"]}}},"description":"Entities returned successfully"}},"summary":"List Entity Store Entities","tags":["Security Entity Analytics API"]}},"/api/entity_store/status":{"get":{"operationId":"GetEntityStoreStatus","parameters":[{"description":"If true returns a detailed status of the engine including all it's components","in":"query","name":"include_components","schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"engines":{"items":{"allOf":[{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor"},{"type":"object","properties":{"components":{"items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineComponentStatus"},"type":"array"}}}]},"type":"array"},"status":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_StoreStatus"}},"required":["status","engines"]}}},"description":"Successful response"}},"summary":"Get the status of the Entity Store","tags":["Security Entity Analytics API"]}},"/api/exception_lists":{"delete":{"description":"Delete an exception list using the `id` or `list_id` field.","operationId":"DeleteExceptionList","parameters":[{"description":"Exception list's identifier. Either `id` or `list_id` must be specified.","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListId"}},{"description":"Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified.","examples":{"autogeneratedId":{"value":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2"},"list_id":{"value":"simple_list"}},"in":"query","name":"list_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"}},{"examples":{"agnostic":{"value":"agnostic"},"single":{"value":"single"}},"in":"query","name":"namespace_type","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"}}],"responses":{"200":{"content":{"application/json":{"examples":{"detectionExceptionList":{"value":{"_version":"WzIsMV0=","created_at":"2025-01-07T19:34:27.942Z","created_by":"elastic","description":"This is a sample detection type exception list.","id":"9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3","type":"detection","updated_at":"2025-01-07T19:34:27.942Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionList"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [DELETE /api/exception_lists?list_id=simple_list\u0026namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"exception list list_id: \"foo\" does not exist","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Delete an exception list","tags":["Security Exceptions API"]},"get":{"description":"Get the details of an exception list using the `id` or `list_id` field.","operationId":"ReadExceptionList","parameters":[{"description":"Exception list's identifier. Either `id` or `list_id` must be specified.","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListId"}},{"description":"Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified.","in":"query","name":"list_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"}},{"examples":{"agnostic":{"value":"agnostic"},"single":{"value":"single"}},"in":"query","name":"namespace_type","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"}}],"responses":{"200":{"content":{"application/json":{"examples":{"detectionType":{"value":{"_version":"WzIsMV0=","created_at":"2025-01-07T19:34:27.942Z","created_by":"elastic","description":"This is a sample detection type exception list.","id":"9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3","type":"detection","updated_at":"2025-01-07T19:34:27.942Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionList"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/exception_lists?list_id=simple_list\u0026namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message\"":"exception list id: \"foo\" does not exist","status_code\"":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list item not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get exception list details","tags":["Security Exceptions API"]},"post":{"description":"An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules.\n\u003e info\n\u003e All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item.\n","operationId":"CreateExceptionList","requestBody":{"content":{"application/json":{"schema":{"example":{"description":"This is a sample detection type exception list.","list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":["linux"],"tags":["malware"],"type":"detection"},"type":"object","properties":{"description":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListDescription"},"list_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"},"meta":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListMeta"},"name":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListName"},"namespace_type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"},"os_types":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray"},"tags":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListTags","default":[]},"type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListType"},"version":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListVersion","default":1}},"required":["name","description","type"]}}},"description":"Exception list's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"autogeneratedListId":{"value":{"_version":"WzMsMV0=","created_at":"2025-01-09T01:05:23.019Z","created_by":"elastic","description":"This is a sample detection type exception with an autogenerated list_id.","id":"28243c2f-624a-4443-823d-c0b894880931","immutable":false,"list_id":"8c1aae4c-1ef5-4bce-a2e3-16584b501783","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["malware"],"tie_breaker_id":"ad94de31-39f7-4ad7-b8e4-988bfa95f338","type":"detection","updated_at":"2025-01-09T01:05:23.020Z","updated_by":"elastic","version":1}},"namespaceAgnostic":{"value":{"_version":"WzUsMV0=","created_at":"2025-01-09T01:10:36.369Z","created_by":"elastic","description":"This is a sample agnostic endpoint type exception.","id":"1a744e77-22ca-4b6b-9085-54f55275ebe5","immutable":false,"list_id":"b935eb55-7b21-4c1c-b235-faa1df23b3d6","name":"Sample Agnostic Endpoint Exception List","namespace_type":"agnostic","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"49ea0adc-a2b8-4d83-a8f3-2fb98301dea3","type":"endpoint","updated_at":"2025-01-09T01:10:36.369Z","updated_by":"elastic","version":1}},"typeDetection":{"value":{"_version":"WzIsMV0=","created_at":"2025-01-07T19:34:27.942Z","created_by":"elastic","description":"This is a sample detection type exception list.","id":"9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3","type":"detection","updated_at":"2025-01-07T19:34:27.942Z","updated_by":"elastic","version":1}},"typeEndpoint":{"value":{"_version":"WzQsMV0=","created_at":"2025-01-09T01:07:49.658Z","created_by":"elastic","description":"This is a sample endpoint type exception list.","id":"a79f4730-6e32-4278-abfc-349c0add7d54","immutable":false,"list_id":"endpoint_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"94a028af-8f47-427a-aca5-ffaf829e64ee","type":"endpoint","updated_at":"2025-01-09T01:07:49.658Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionList"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request body]: list_id: Expected string, received number","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"409":{"content":{"application/json":{"examples":{"alreadyExists":{"value":{"message":"exception list id: \"simple_list\" already exists","status_code":409}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list already exists response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Create an exception list","tags":["Security Exceptions API"]},"put":{"description":"Update an exception list using the `id` or `list_id` field.","operationId":"UpdateExceptionList","requestBody":{"content":{"application/json":{"schema":{"example":{"description":"Different description","list_id":"simple_list","name":"Updated exception list name","os_types":["linux"],"tags":["draft malware"],"type":"detection"},"type":"object","properties":{"_version":{"description":"The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version.","type":"string"},"description":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListDescription"},"id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListId"},"list_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"},"meta":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListMeta"},"name":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListName"},"namespace_type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"},"os_types":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray","default":[]},"tags":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListTags"},"type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListType"},"version":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListVersion"}},"required":["name","description","type"]}}},"description":"Exception list's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"simpleList":{"value":{"_version":"WzExLDFd","created_at":"2025-01-07T20:43:55.264Z","created_by":"elastic","description":"Different description","id":"fa7f545f-191b-4d32-b1f0-c7cd62a79e55","immutable":false,"list_id":"simple_list","name":"Updated exception list name","namespace_type":"single","os_types":[],"tags":["draft malware"],"tie_breaker_id":"319fe983-acdd-4806-b6c4-3098eae9392f","type":"detection","updated_at":"2025-01-07T21:32:03.726Z","updated_by":"elastic","version":2}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionList"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request body]: list_id: Expected string, received number","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [PUT /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message\"":"exception list id: \"foo\" does not exist","status_code\"":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Update an exception list","tags":["Security Exceptions API"]}},"/api/exception_lists/_duplicate":{"post":{"description":"Duplicate an existing exception list.","operationId":"DuplicateExceptionList","parameters":[{"in":"query","name":"list_id","required":true,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"}},{"examples":{"agnostic":{"value":"agnostic"},"single":{"value":"single"}},"in":"query","name":"namespace_type","required":true,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType"}},{"description":"Determines whether to include expired exceptions in the duplicated list. Expiration date defined by `expire_time`.","in":"query","name":"include_expired_exceptions","required":true,"schema":{"default":"true","enum":["true","false"],"example":true,"type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"detectionExceptionList":{"value":{"_version":"WzExNDY1LDFd","created_at":"2025-01-09T16:19:50.280Z","created_by":"elastic","description":"This is a sample detection type exception","id":"b2f4a715-6ab1-444c-8b1e-3fa1b1049429","immutable":false,"list_id":"d6390d60-bce3-4a48-9002-52db600f329c","name":"Sample Detection Exception List [Duplicate]","namespace_type":"single","os_types":[],"tags":["malware"],"tie_breaker_id":"6fa670bd-666d-4c9c-9f1e-d1dbc516e985","type":"detection","updated_at":"2025-01-09T16:19:50.280Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionList"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo'","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/exception_lists/_duplicate] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message\"":"exception list id: \"foo\" does not exist","status_code\"":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Exception list not found"},"405":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list to duplicate not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Duplicate an exception list","tags":["Security Exceptions API"]}},"/api/exception_lists/_export":{"post":{"description":"Export an exception list and its associated items to an NDJSON file.","operationId":"ExportExceptionList","parameters":[{"in":"query","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListId"}},{"in":"query","name":"list_id","required":true,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"}},{"examples":{"agnostic":{"value":"agnostic"},"single":{"value":"single"}},"in":"query","name":"namespace_type","required":true,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType"}},{"description":"Determines whether to include expired exceptions in the exported list. Expiration date defined by `expire_time`.","example":true,"in":"query","name":"include_expired_exceptions","required":true,"schema":{"default":"true","enum":["true","false"],"type":"string"}}],"responses":{"200":{"content":{"application/ndjson":{"examples":{"exportSavedObjectsResponse":{"value":"{\"_version\":\"WzExNDU5LDFd\",\"created_at\":\"2025-01-09T16:18:17.757Z\",\"created_by\":\"elastic\",\"description\":\"This is a sample detection type exception\",\"id\":\"c86c2da0-2ab6-4343-b81c-216ef27e8d75\",\"immutable\":false,\"list_id\":\"simple_list\",\"name\":\"Sample Detection Exception List\",\"namespace_type\":\"single\",\"os_types\":[],\"tags\":[\"user added string for a tag\",\"malware\"],\"tie_breaker_id\":\"cf4a7b92-732d-47f0-a0d5-49a35a1736bf\",\"type\":\"detection\",\"updated_at\":\"2025-01-09T16:18:17.757Z\",\"updated_by\":\"elastic\",\"version\":1}\n{\"_version\":\"WzExNDYxLDFd\",\"comments\":[],\"created_at\":\"2025-01-09T16:18:42.308Z\",\"created_by\":\"elastic\",\"description\":\"This is a sample endpoint type exception\",\"entries\":[{\"type\":\"exists\",\"field\":\"actingProcess.file.signer\",\"operator\":\"excluded\"},{\"type\":\"match_any\",\"field\":\"host.name\",\"value\":[\"some host\",\"another host\"],\"operator\":\"included\"}],\"id\":\"f37597ce-eaa7-4b64-9100-4301118f6806\",\"item_id\":\"simple_list_item\",\"list_id\":\"simple_list\",\"name\":\"Sample Endpoint Exception List\",\"namespace_type\":\"single\",\"os_types\":[\"linux\"],\"tags\":[\"user added string for a tag\",\"malware\"],\"tie_breaker_id\":\"4ca3ef3e-9721-42c0-8107-cf47e094d40f\",\"type\":\"simple\",\"updated_at\":\"2025-01-09T16:18:42.308Z\",\"updated_by\":\"elastic\"}\n{\"exported_exception_list_count\":1,\"exported_exception_list_item_count\":1,\"missing_exception_list_item_count\":0,\"missing_exception_list_items\":[],\"missing_exception_lists\":[],\"missing_exception_lists_count\":0}\n"}},"schema":{"description":"A `.ndjson` file containing specified exception list and its items","format":"binary","type":"string"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: list_id: Required, namespace_type: Required","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/exception_lists/_export] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message\"":"exception list id: \"foo\" does not exist","status_code\"":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Export an exception list","tags":["Security Exceptions API"]}},"/api/exception_lists/_find":{"get":{"description":"Get a list of all exception list containers.","operationId":"FindExceptionLists","parameters":[{"description":"Filters the returned results according to the value of the specified field.\n\nUses the `so type.field name:field` value syntax, where `so type` can be:\n\n- `exception-list`: Specify a space-aware exception list.\n- `exception-list-agnostic`: Specify an exception list that is shared across spaces.\n","in":"query","name":"filter","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_FindExceptionListsFilter"}},{"description":"Determines whether the returned containers are Kibana associated with a Kibana space\nor available in all spaces (`agnostic` or `single`)\n","examples":{"agnostic":{"value":"agnostic"},"single":{"value":"single"}},"in":"query","name":"namespace_type","required":false,"schema":{"default":["single"],"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType"},"type":"array"}},{"description":"The page number to return","in":"query","name":"page","required":false,"schema":{"example":1,"minimum":1,"type":"integer"}},{"description":"The number of exception lists to return per page","in":"query","name":"per_page","required":false,"schema":{"example":20,"minimum":1,"type":"integer"}},{"description":"Determines which field is used to sort the results.","in":"query","name":"sort_field","required":false,"schema":{"example":"name","type":"string"}},{"description":"Determines the sort order, which can be `desc` or `asc`.","in":"query","name":"sort_order","required":false,"schema":{"enum":["desc","asc"],"example":"desc","type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"simpleLists":{"value":{"data":[{"_version":"WzIsMV0=","created_at":"2025-01-07T19:34:27.942Z","created_by":"elastic","description":"This is a sample detection type exception list.","id":"9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85","immutable":false,"list_id":"simple_list","name":"Detection Exception List","namespace_type":"single","os_types":[],"tags":["malware"],"tie_breaker_id":"78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3","type":"detection","updated_at":"2025-01-07T19:34:27.942Z","updated_by":"elastic","version":1}],"page":1,"per_page":20,"total":1}}},"schema":{"type":"object","properties":{"data":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionList"},"type":"array"},"page":{"minimum":1,"type":"integer"},"per_page":{"minimum":1,"type":"integer"},"total":{"minimum":0,"type":"integer"}},"required":["data","page","per_page","total"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/exception_lists/_find?namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get exception lists","tags":["Security Exceptions API"]}},"/api/exception_lists/_import":{"post":{"description":"Import an exception list and its associated items from an NDJSON file.","operationId":"ImportExceptionList","parameters":[{"description":"Determines whether existing exception lists with the same `list_id` are overwritten.\nIf any exception items have the same `item_id`, those are also overwritten.\n","in":"query","name":"overwrite","required":false,"schema":{"default":false,"example":false,"type":"boolean"}},{"description":"Determines whether the list being imported will have a new `list_id` generated.\nAdditional `item_id`'s are generated for each exception item. Both the exception\nlist and its items are overwritten.\n","in":"query","name":"as_new_list","required":false,"schema":{"default":false,"example":false,"type":"boolean"}}],"requestBody":{"content":{"multipart/form-data":{"schema":{"type":"object","properties":{"file":{"description":"A `.ndjson` file containing the exception list","example":"{\"_version\":\"WzExNDU5LDFd\",\"created_at\":\"2025-01-09T16:18:17.757Z\",\"created_by\":\"elastic\",\"description\":\"This is a sample detection type exception\",\"id\":\"c86c2da0-2ab6-4343-b81c-216ef27e8d75\",\"immutable\":false,\"list_id\":\"simple_list\",\"name\":\"Sample Detection Exception List\",\"namespace_type\":\"single\",\"os_types\":[],\"tags\":[\"user added string for a tag\",\"malware\"],\"tie_breaker_id\":\"cf4a7b92-732d-47f0-a0d5-49a35a1736bf\",\"type\":\"detection\",\"updated_at\":\"2025-01-09T16:18:17.757Z\",\"updated_by\":\"elastic\",\"version\":1}\n{\"_version\":\"WzExNDYxLDFd\",\"comments\":[],\"created_at\":\"2025-01-09T16:18:42.308Z\",\"created_by\":\"elastic\",\"description\":\"This is a sample endpoint type exception\",\"entries\":[{\"type\":\"exists\",\"field\":\"actingProcess.file.signer\",\"operator\":\"excluded\"},{\"type\":\"match_any\",\"field\":\"host.name\",\"value\":[\"some host\",\"another host\"],\"operator\":\"included\"}],\"id\":\"f37597ce-eaa7-4b64-9100-4301118f6806\",\"item_id\":\"simple_list_item\",\"list_id\":\"simple_list\",\"name\":\"Sample Endpoint Exception List\",\"namespace_type\":\"single\",\"os_types\":[\"linux\"],\"tags\":[\"user added string for a tag\",\"malware\"],\"tie_breaker_id\":\"4ca3ef3e-9721-42c0-8107-cf47e094d40f\",\"type\":\"simple\",\"updated_at\":\"2025-01-09T16:18:42.308Z\",\"updated_by\":\"elastic\"}\n","format":"binary","type":"string"}}}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"withErrors":{"value":{"errors":[{"error":{"message":"Error found importing exception list: Invalid value \\\"4\\\" supplied to \\\"list_id\\\"","status_code":400},"list_id":"(unknown list_id)"},{"error":{"message":"Found that item_id: \\\"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\\\" already exists. Import of item_id: \\\"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\\\" skipped.","status_code":409},"item_id":"f7fd00bb-dba8-4c93-9d59-6cbd427b6330","list_id":"7d7cccb8-db72-4667-b1f3-648efad7c1ee"}],"success":"false,","success_count":"0,","success_count_exception_list_items":0,"success_count_exception_lists":"0,","success_exception_list_items":"false,","success_exception_lists":"false,"}},"withoutErrors":{"value":{"errors":[],"success":true,"success_count":2,"success_count_exception_list_items":1,"success_count_exception_lists":1,"success_exception_list_items":true,"success_exception_lists":"true,"}}},"schema":{"type":"object","properties":{"errors":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray"},"success":{"type":"boolean"},"success_count":{"minimum":0,"type":"integer"},"success_count_exception_list_items":{"minimum":0,"type":"integer"},"success_count_exception_lists":{"minimum":0,"type":"integer"},"success_exception_list_items":{"type":"boolean"},"success_exception_lists":{"type":"boolean"}},"required":["errors","success","success_count","success_exception_lists","success_count_exception_lists","success_exception_list_items","success_count_exception_list_items"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/exception_lists/_import] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Import an exception list","tags":["Security Exceptions API"]}},"/api/exception_lists/items":{"delete":{"description":"Delete an exception list item using the `id` or `item_id` field.","operationId":"DeleteExceptionListItem","parameters":[{"description":"Exception item's identifier. Either `id` or `item_id` must be specified","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemId"}},{"description":"Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified","in":"query","name":"item_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId"}},{"examples":{"agnostic":{"value":"agnostic"},"single":{"value":"single"}},"in":"query","name":"namespace_type","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"}}],"responses":{"200":{"content":{"application/json":{"examples":{"simpleExceptionItem":{"value":{"_version":"WzQsMV0=","comments":[],"created_at":"2025-01-07T20:07:33.119Z","created_by":"elastic","description":"This is a sample detection type exception item.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"},{"field":"host.name","operator":"included","type":"match_any","value":["saturn","jupiter"]}],"id":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"09434836-9db9-4942-a234-5a9268e0b34c","type":"simple","updated_at":"2025-01-07T20:07:33.119Z","updated_by":"elastic"}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"example":{"error":"Bad Request","message":"[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'","statusCode":400},"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [DELETE /api/exception_lists/items?item_id=simple_list\u0026namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"exception list item item_id: \\\"foo\\\" does not exist","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list item not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Delete an exception list item","tags":["Security Exceptions API"]},"get":{"description":"Get the details of an exception list item using the `id` or `item_id` field.","operationId":"ReadExceptionListItem","parameters":[{"description":"Exception list item's identifier. Either `id` or `item_id` must be specified.","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemId"}},{"description":"Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified.","in":"query","name":"item_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId"}},{"examples":{"agnostic":{"value":"agnostic"},"single":{"value":"single"}},"in":"query","name":"namespace_type","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"}}],"responses":{"200":{"content":{"application/json":{"examples":{"simpleListItem":{"value":{"_version":"WzQsMV0=","comments":[],"created_at":"2025-01-07T20:07:33.119Z","created_by":"elastic","description":"This is a sample detection type exception item.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"},{"field":"host.name","operator":"included","type":"match_any","value":["saturn","jupiter"]}],"id":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"09434836-9db9-4942-a234-5a9268e0b34c","type":"simple","updated_at":"2025-01-07T20:07:33.119Z","updated_by":"elastic"}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/exception_lists/items?item_id=\u0026namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"exception list item item_id: \\\"foo\\\" does not exist","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list item not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get an exception list item","tags":["Security Exceptions API"]},"post":{"description":"Create an exception item and associate it with the specified exception list.\n\u003e info\n\u003e Before creating exception items, you must create an exception list.\n","operationId":"CreateExceptionListItem","requestBody":{"content":{"application/json":{"schema":{"example":{"description":"This is a sample detection type exception item.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"},{"field":"host.name","operator":"included","type":"match_any","value":["saturn","jupiter"]}],"item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"type":"simple"},"type":"object","properties":{"comments":{"$ref":"#/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray","default":[]},"description":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription"},"entries":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray"},"expire_time":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime"},"item_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId"},"list_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"},"meta":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta"},"name":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemName"},"namespace_type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"},"os_types":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray","default":[]},"tags":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemTags","default":[]},"type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemType"}},"required":["list_id","type","name","description","entries"]}}},"description":"Exception list item's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"autogeneratedItemId":{"value":{"_version":"WzYsMV0=","comments":[],"created_at":"2025-01-09T01:16:23.322Z","created_by":"elastic","description":"This is a sample exception that has no item_id so it is autogenerated.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"}],"id":"323faa75-c657-4fa0-9084-8827612c207b","item_id":"80e6edf7-4b13-4414-858f-2fa74aa52b37","list_id":"8c1aae4c-1ef5-4bce-a2e3-16584b501783","name":"Sample Autogenerated Exception List Item ID","namespace_type":"single","os_types":[],"tags":["malware"],"tie_breaker_id":"d6799986-3a23-4213-bc6d-ed9463a32f23","type":"simple","updated_at":"2025-01-09T01:16:23.322Z","updated_by":"elastic"}},"detectionExceptionListItem":{"value":{"_version":"WzQsMV0=","comments":[],"created_at":"2025-01-07T20:07:33.119Z","created_by":"elastic","description":"This is a sample detection type exception item.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"}],"id":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"09434836-9db9-4942-a234-5a9268e0b34c","type":"simple","updated_at":"2025-01-07T20:07:33.119Z","updated_by":"elastic"}},"withExistEntry":{"value":{"_version":"WzQsMV0=","comments":[],"created_at":"2025-01-07T20:07:33.119Z","created_by":"elastic","description":"This is a sample detection type exception item.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"}],"id":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"09434836-9db9-4942-a234-5a9268e0b34c","type":"simple","updated_at":"2025-01-07T20:07:33.119Z","updated_by":"elastic"}},"withMatchAnyEntry":{"value":{"_version":"WzQsMV0=","comments":[],"created_at":"2025-01-07T20:07:33.119Z","created_by":"elastic","description":"This is a sample detection type exception item.","entries":[{"field":"host.name","operator":"included","type":"match_any","value":["saturn","jupiter"]}],"id":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"09434836-9db9-4942-a234-5a9268e0b34c","type":"simple","updated_at":"2025-01-07T20:07:33.119Z","updated_by":"elastic"}},"withMatchEntry":{"value":{"_version":"WzQsMV0=","comments":[],"created_at":"2025-01-07T20:07:33.119Z","created_by":"elastic","description":"This is a sample detection type exception item.","entries":[{"field":"actingProcess.file.signer","operator":"included","type":"match","value":"Elastic N.V."}],"id":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"09434836-9db9-4942-a234-5a9268e0b34c","type":"simple","updated_at":"2025-01-07T20:07:33.119Z","updated_by":"elastic"}},"withNestedEntry":{"value":{"_version":"WzQsMV0=","comments":[],"created_at":"2025-01-07T20:07:33.119Z","created_by":"elastic","description":"This is a sample detection type exception item.","entries":[{"entries":[{"field":"signer","operator":"included","type":"match","value":"Evil"},{"field":"trusted","operator":"included","type":"match","value":true}],"field":"file.signature","type":"nested"}],"id":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"09434836-9db9-4942-a234-5a9268e0b34c","type":"simple","updated_at":"2025-01-07T20:07:33.119Z","updated_by":"elastic"}},"withValueListEntry":{"value":{"_version":"WzcsMV0=","comments":[],"created_at":"2025-01-09T01:31:12.614Z","created_by":"elastic","description":"Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list","entries":[{"field":"source.ip","list":{"id":"goodguys.txt","type":"ip"},"operator":"excluded","type":"list"}],"id":"deb26876-297d-4677-8a1f-35467d2f1c4f","item_id":"686b129e-9b8d-4c59-8d8d-c93a9ea82c71","list_id":"8c1aae4c-1ef5-4bce-a2e3-16584b501783","name":"Filter out good guys ip and agent.name rock01","namespace_type":"single","os_types":[],"tags":["malware"],"tie_breaker_id":"5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8","type":"simple","updated_at":"2025-01-09T01:31:12.614Z","updated_by":"elastic"}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request,","message":"[request body]: list_id: Expected string, received number","statusCode":"400,"}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"409":{"content":{"application/json":{"examples":{"alreadyExists":{"value":{"message":"exception list item id: \\\"simple_list_item\\\" already exists","status_code":409}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list item already exists response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Create an exception list item","tags":["Security Exceptions API"]},"put":{"description":"Update an exception list item using the `id` or `item_id` field.","operationId":"UpdateExceptionListItem","requestBody":{"content":{"application/json":{"example":{"comments":[],"description":"Updated description","entries":[{"field":"host.name","operator":"included","type":"match","value":"rock01"}],"item_id":"simple_list_item","name":"Updated name","namespace_type":"single","tags":[],"type":"simple"},"schema":{"type":"object","properties":{"_version":{"description":"The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version.","type":"string"},"comments":{"$ref":"#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray","default":[]},"description":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription"},"entries":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray"},"expire_time":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime"},"id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemId","description":"Either `id` or `item_id` must be specified"},"item_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId","description":"Either `id` or `item_id` must be specified"},"list_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"},"meta":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta"},"name":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemName"},"namespace_type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"},"os_types":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray","default":[]},"tags":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemTags"},"type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemType"}},"required":["type","name","description","entries"]}}},"description":"Exception list item's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"simpleListItem":{"value":{"_version":"WzEyLDFd","comments":[],"created_at":"2025-01-07T21:12:25.512Z","created_by":"elastic","description":"Updated description","entries":[{"field":"host.name","operator":"included","type":"match","value":"rock01"}],"id":"459c5e7e-f8b2-4f0b-b136-c1fc702f72da","item_id":"simple_list_item","list_id":"simple_list","name":"Updated name","namespace_type":"single","os_types":[],"tags":[],"tie_breaker_id":"ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0","type":"simple","updated_at":"2025-01-07T21:34:50.233Z","updated_by":"elastic"}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request body]: item_id: Expected string, received number","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [PUT /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"exception list item item_id: \\\"foo\\\" does not exist","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list item not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Update an exception list item","tags":["Security Exceptions API"]}},"/api/exception_lists/items/_find":{"get":{"description":"Get a list of all exception list items in the specified list.","operationId":"FindExceptionListItems","parameters":[{"description":"The `list_id`s of the items to fetch.","in":"query","name":"list_id","required":true,"schema":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"},"type":"array"}},{"description":"Filters the returned results according to the value of the specified field,\nusing the `\u003cfield name\u003e:\u003cfield value\u003e` syntax.\n","examples":{"singleFilter":{"value":["exception-list.attributes.name:%My%20item"]}},"in":"query","name":"filter","required":false,"schema":{"default":[],"items":{"$ref":"#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter"},"type":"array"}},{"description":"Determines whether the returned containers are Kibana associated with a Kibana space\nor available in all spaces (`agnostic` or `single`)\n","examples":{"single":{"value":["single"]}},"in":"query","name":"namespace_type","required":false,"schema":{"default":["single"],"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType"},"type":"array"}},{"in":"query","name":"search","required":false,"schema":{"example":"host.name","type":"string"}},{"description":"The page number to return","in":"query","name":"page","required":false,"schema":{"example":1,"minimum":0,"type":"integer"}},{"description":"The number of exception list items to return per page","in":"query","name":"per_page","required":false,"schema":{"example":20,"minimum":0,"type":"integer"}},{"description":"Determines which field is used to sort the results.","example":"name","in":"query","name":"sort_field","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"}},{"description":"Determines the sort order, which can be `desc` or `asc`.","in":"query","name":"sort_order","required":false,"schema":{"enum":["desc","asc"],"example":"desc","type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"simpleListItems":{"value":{"data":[{"_version":"WzgsMV0=","comments":[],"created_at":"2025-01-07T21:12:25.512Z","created_by":"elastic","description":"This is a sample exception item.","entries":[{"field":"actingProcess.file.signer","operator":"excluded","type":"exists"},{"field":"host.name","operator":"included","type":"match_any","value":["jupiter","saturn"]}],"id":"459c5e7e-f8b2-4f0b-b136-c1fc702f72da","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Exception List Item","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0","type":"simple","updated_at":"2025-01-07T21:12:25.512Z","updated_by":"elastic"}],"page":1,"per_page":20,"total":1}}},"schema":{"type":"object","properties":{"data":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItem"},"type":"array"},"page":{"minimum":1,"type":"integer"},"per_page":{"minimum":1,"type":"integer"},"pit":{"type":"string"},"total":{"minimum":0,"type":"integer"}},"required":["data","page","per_page","total"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/exception_lists/items/_find?list_id=simple_list\u0026namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"exception list list_id: \"foo\" does not exist","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get exception list items","tags":["Security Exceptions API"]}},"/api/exception_lists/summary":{"get":{"description":"Get a summary of the specified exception list.","operationId":"ReadExceptionListSummary","parameters":[{"description":"Exception list's identifier generated upon creation.","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListId"}},{"description":"Exception list's human readable identifier.","in":"query","name":"list_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"}},{"examples":{"agnostic":{"value":"agnostic"},"single":{"value":"single"}},"in":"query","name":"namespace_type","required":false,"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"}},{"description":"Search filter clause","in":"query","name":"filter","required":false,"schema":{"example":"exception-list-agnostic.attributes.tags:\"policy:policy-1\" OR exception-list-agnostic.attributes.tags:\"policy:all\"","type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"summary":{"value":{"linux":0,"macos":0,"total":0,"windows":0}}},"schema":{"type":"object","properties":{"linux":{"minimum":0,"type":"integer"},"macos":{"minimum":0,"type":"integer"},"total":{"minimum":0,"type":"integer"},"windows":{"minimum":0,"type":"integer"}}}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/exception_lists/summary?list_id=simple_list\u0026namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message\"":"exception list id: \"foo\" does not exist","status_code\"":404}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get an exception list summary","tags":["Security Exceptions API"]}},"/api/exceptions/shared":{"post":{"description":"An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules.\n\u003e info\n\u003e All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item.\n","operationId":"CreateSharedExceptionList","requestBody":{"content":{"application/json":{"schema":{"example":{"description":"This is a sample detection type exception list.","list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":["linux"],"tags":["malware"]},"type":"object","properties":{"description":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListDescription"},"name":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListName"}},"required":["name","description"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"sharedList":{"value":{"_version":"WzIsMV0=","created_at":"2025-01-07T19:34:27.942Z","created_by":"elastic","description":"This is a sample detection type exception list.","id":"9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":["linux"],"tags":["malware"],"tie_breaker_id":"78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3","type":"detection","updated_at":"2025-01-07T19:34:27.942Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionList"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request body]: list_id: Expected string, received number","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"message":"Unable to create exception-list","status_code":403}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"409":{"content":{"application/json":{"examples":{"alreadyExists":{"value":{"message":"exception list id: \"simple_list\" already exists","status_code":409}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Exception list already exists response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Exceptions_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Create a shared exception list","tags":["Security Exceptions API"]}},"/api/features":{"get":{"description":"Get information about all Kibana features. Features are used by spaces and security to refine and secure access to Kibana.\n","operationId":"get-features","responses":{"200":{"content":{"application/json":{"examples":{"getFeaturesExample":{"value":"{\n \"features\": [\n {\n \"name\": \"tasks\",\n \"description\": \"Manages task results\"\n },\n {\n \"name\": \"security\",\n \"description\": \"Manages configuration for Security features, such as users and roles\"\n },\n {\n \"name\": \"searchable_snapshots\",\n \"description\": \"Manages caches and configuration for searchable snapshots\"\n },\n {\n \"name\": \"logstash_management\",\n \"description\": \"Enables Logstash Central Management pipeline storage\"\n },\n {\n \"name\": \"transform\",\n \"description\": \"Manages configuration and state for transforms\"\n },\n {\n \"name\": \"kibana\",\n \"description\": \"Manages Kibana configuration and reports\"\n },\n {\n \"name\": \"synonyms\",\n \"description\": \"Manages synonyms\"\n },\n {\n \"name\": \"async_search\",\n \"description\": \"Manages results of async searches\"\n },\n {\n \"name\": \"ent_search\",\n \"description\": \"Manages configuration for Enterprise Search features\"\n },\n {\n \"name\": \"machine_learning\",\n \"description\": \"Provides anomaly detection and forecasting functionality\"\n },\n {\n \"name\": \"geoip\",\n \"description\": \"Manages data related to GeoIP database downloader\"\n },\n {\n \"name\": \"watcher\",\n \"description\": \"Manages Watch definitions and state\"\n },\n {\n \"name\": \"fleet\",\n \"description\": \"Manages configuration for Fleet\"\n },\n {\n \"name\": \"enrich\",\n \"description\": \"Manages data related to Enrich policies\"\n },\n {\n \"name\": \"inference_plugin\",\n \"description\": \"Inference plugin for managing inference services and inference\"\n }\n ]\n}\n"}},"schema":{"type":"object"}}},"description":"Indicates a successful call"}},"summary":"Get features","tags":["system"],"x-state":"Technical Preview"}},"/api/fleet/agent_download_sources":{"get":{"description":"[Required authorization] Route required privileges: fleet-agent-policies-read OR fleet-settings-read.","operationId":"get-fleet-agent-download-sources","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"host":{"format":"uri","type":"string"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"description":"The ID of the proxy to use for this download source. See the proxies API for more information.","nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"}}}},"required":["id","name","host"]},"type":"array"},"page":{"type":"number"},"perPage":{"type":"number"},"total":{"type":"number"}},"required":["items","total","page","perPage"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get agent binary download sources","tags":["Elastic Agent binary download sources"]},"post":{"description":"[Required authorization] Route required privileges: fleet-settings-all.","operationId":"post-fleet-agent-download-sources","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"host":{"format":"uri","type":"string"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"description":"The ID of the proxy to use for this download source. See the proxies API for more information.","nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"}}}},"required":["name","host"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"host":{"format":"uri","type":"string"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"description":"The ID of the proxy to use for this download source. See the proxies API for more information.","nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"}}}},"required":["id","name","host"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create an agent binary download source","tags":["Elastic Agent binary download sources"]}},"/api/fleet/agent_download_sources/{sourceId}":{"delete":{"description":"Delete an agent binary download source by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-all.","operationId":"delete-fleet-agent-download-sources-sourceid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"sourceId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete an agent binary download source","tags":["Elastic Agent binary download sources"]},"get":{"description":"Get an agent binary download source by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-read OR fleet-settings-read.","operationId":"get-fleet-agent-download-sources-sourceid","parameters":[{"in":"path","name":"sourceId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"host":{"format":"uri","type":"string"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"description":"The ID of the proxy to use for this download source. See the proxies API for more information.","nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"}}}},"required":["id","name","host"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get an agent binary download source","tags":["Elastic Agent binary download sources"]},"put":{"description":"Update an agent binary download source by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-all.","operationId":"put-fleet-agent-download-sources-sourceid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"sourceId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"host":{"format":"uri","type":"string"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"description":"The ID of the proxy to use for this download source. See the proxies API for more information.","nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"}}}},"required":["name","host"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"host":{"format":"uri","type":"string"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"description":"The ID of the proxy to use for this download source. See the proxies API for more information.","nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"}}}},"required":["id","name","host"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update an agent binary download source","tags":["Elastic Agent binary download sources"]}},"/api/fleet/agent_policies":{"get":{"description":"[Required authorization] Route required privileges: fleet-agent-policies-read OR fleet-agents-read OR fleet-setup.","operationId":"get-fleet-agent-policies","parameters":[{"in":"query","name":"page","required":false,"schema":{"type":"number"}},{"in":"query","name":"perPage","required":false,"schema":{"type":"number"}},{"in":"query","name":"sortField","required":false,"schema":{"type":"string"}},{"in":"query","name":"sortOrder","required":false,"schema":{"enum":["desc","asc"],"type":"string"}},{"in":"query","name":"showUpgradeable","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"kuery","required":false,"schema":{"type":"string"}},{"description":"use withAgentCount instead","in":"query","name":"noAgentCount","required":false,"schema":{"deprecated":true,"type":"boolean"}},{"description":"get policies with agent count","in":"query","name":"withAgentCount","required":false,"schema":{"type":"boolean"}},{"description":"get full policies with package policies populated","in":"query","name":"full","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"advanced_settings":{"additionalProperties":false,"type":"object","properties":{"agent_download_target_directory":{"nullable":true},"agent_download_timeout":{"nullable":true},"agent_limits_go_max_procs":{"nullable":true},"agent_logging_files_interval":{"nullable":true},"agent_logging_files_keepfiles":{"nullable":true},"agent_logging_files_rotateeverybytes":{"nullable":true},"agent_logging_level":{"nullable":true},"agent_logging_metrics_period":{"nullable":true},"agent_logging_to_files":{"nullable":true}}},"agent_features":{"items":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"name":{"type":"string"}},"required":["name","enabled"]},"type":"array"},"agentless":{"additionalProperties":false,"type":"object","properties":{"cloud_connectors":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"target_csp":{"type":"string"}},"required":["enabled"]},"resources":{"additionalProperties":false,"type":"object","properties":{"requests":{"additionalProperties":false,"type":"object","properties":{"cpu":{"type":"string"},"memory":{"type":"string"}}}}}}},"agents":{"type":"number"},"data_output_id":{"nullable":true,"type":"string"},"description":{"type":"string"},"download_source_id":{"nullable":true,"type":"string"},"fleet_server_host_id":{"nullable":true,"type":"string"},"global_data_tags":{"description":"User defined data tags that are added to all of the inputs. The values can be strings or numbers.","items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"}]}},"required":["name","value"]},"type":"array"},"has_fleet_server":{"type":"boolean"},"id":{"type":"string"},"inactivity_timeout":{"default":1209600,"minimum":0,"type":"number"},"is_default":{"type":"boolean"},"is_default_fleet_server":{"type":"boolean"},"is_managed":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"is_protected":{"description":"Indicates whether the agent policy has tamper protection enabled. Default false.","type":"boolean"},"keep_monitoring_alive":{"default":false,"description":"When set to true, monitoring will be enabled but logs/metrics collection will be disabled","nullable":true,"type":"boolean"},"monitoring_diagnostics":{"additionalProperties":false,"type":"object","properties":{"limit":{"additionalProperties":false,"type":"object","properties":{"burst":{"type":"number"},"interval":{"type":"string"}}},"uploader":{"additionalProperties":false,"type":"object","properties":{"init_dur":{"type":"string"},"max_dur":{"type":"string"},"max_retries":{"type":"number"}}}}},"monitoring_enabled":{"items":{"enum":["logs","metrics","traces"],"type":"string"},"type":"array"},"monitoring_http":{"additionalProperties":false,"type":"object","properties":{"buffer":{"additionalProperties":false,"type":"object","properties":{"enabled":{"default":false,"type":"boolean"}}},"enabled":{"type":"boolean"},"host":{"type":"string"},"port":{"maximum":65353,"minimum":0,"type":"number"}}},"monitoring_output_id":{"nullable":true,"type":"string"},"monitoring_pprof_enabled":{"type":"boolean"},"name":{"minLength":1,"type":"string"},"namespace":{"minLength":1,"type":"string"},"overrides":{"additionalProperties":{},"description":"Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object"},"package_policies":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"description":"This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter","items":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]},"type":"array"}]},"required_versions":{"items":{"additionalProperties":false,"type":"object","properties":{"percentage":{"description":"Target percentage of agents to auto upgrade","maximum":100,"minimum":0,"type":"number"},"version":{"description":"Target version for automatic agent upgrade","type":"string"}},"required":["version","percentage"]},"nullable":true,"type":"array"},"revision":{"type":"number"},"schema_version":{"type":"string"},"space_ids":{"items":{"type":"string"},"type":"array"},"status":{"enum":["active","inactive"],"type":"string"},"supports_agentless":{"default":false,"description":"Indicates whether the agent policy supports agentless integrations.","nullable":true,"type":"boolean"},"unenroll_timeout":{"minimum":0,"type":"number"},"unprivileged_agents":{"type":"number"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"version":{"type":"string"}},"required":["id","name","namespace","is_managed","is_protected","status","updated_at","updated_by","revision"]},"type":"array"},"page":{"type":"number"},"perPage":{"type":"number"},"total":{"type":"number"}},"required":["items","total","page","perPage"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get agent policies","tags":["Elastic Agent policies"]},"post":{"description":"[Required authorization] Route required privileges: fleet-agent-policies-all.","operationId":"post-fleet-agent-policies","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"query","name":"sys_monitoring","required":false,"schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"advanced_settings":{"additionalProperties":false,"type":"object","properties":{"agent_download_target_directory":{"nullable":true},"agent_download_timeout":{"nullable":true},"agent_limits_go_max_procs":{"nullable":true},"agent_logging_files_interval":{"nullable":true},"agent_logging_files_keepfiles":{"nullable":true},"agent_logging_files_rotateeverybytes":{"nullable":true},"agent_logging_level":{"nullable":true},"agent_logging_metrics_period":{"nullable":true},"agent_logging_to_files":{"nullable":true}}},"agent_features":{"items":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"name":{"type":"string"}},"required":["name","enabled"]},"type":"array"},"agentless":{"additionalProperties":false,"type":"object","properties":{"cloud_connectors":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"target_csp":{"type":"string"}},"required":["enabled"]},"resources":{"additionalProperties":false,"type":"object","properties":{"requests":{"additionalProperties":false,"type":"object","properties":{"cpu":{"type":"string"},"memory":{"type":"string"}}}}}}},"data_output_id":{"nullable":true,"type":"string"},"description":{"type":"string"},"download_source_id":{"nullable":true,"type":"string"},"fleet_server_host_id":{"nullable":true,"type":"string"},"force":{"type":"boolean"},"global_data_tags":{"description":"User defined data tags that are added to all of the inputs. The values can be strings or numbers.","items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"}]}},"required":["name","value"]},"type":"array"},"has_fleet_server":{"type":"boolean"},"id":{"type":"string"},"inactivity_timeout":{"default":1209600,"minimum":0,"type":"number"},"is_default":{"type":"boolean"},"is_default_fleet_server":{"type":"boolean"},"is_managed":{"type":"boolean"},"is_protected":{"type":"boolean"},"keep_monitoring_alive":{"default":false,"description":"When set to true, monitoring will be enabled but logs/metrics collection will be disabled","nullable":true,"type":"boolean"},"monitoring_diagnostics":{"additionalProperties":false,"type":"object","properties":{"limit":{"additionalProperties":false,"type":"object","properties":{"burst":{"type":"number"},"interval":{"type":"string"}}},"uploader":{"additionalProperties":false,"type":"object","properties":{"init_dur":{"type":"string"},"max_dur":{"type":"string"},"max_retries":{"type":"number"}}}}},"monitoring_enabled":{"items":{"enum":["logs","metrics","traces"],"type":"string"},"type":"array"},"monitoring_http":{"additionalProperties":false,"type":"object","properties":{"buffer":{"additionalProperties":false,"type":"object","properties":{"enabled":{"default":false,"type":"boolean"}}},"enabled":{"type":"boolean"},"host":{"type":"string"},"port":{"maximum":65353,"minimum":0,"type":"number"}}},"monitoring_output_id":{"nullable":true,"type":"string"},"monitoring_pprof_enabled":{"type":"boolean"},"name":{"minLength":1,"type":"string"},"namespace":{"minLength":1,"type":"string"},"overrides":{"additionalProperties":{},"description":"Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object"},"required_versions":{"items":{"additionalProperties":false,"type":"object","properties":{"percentage":{"description":"Target percentage of agents to auto upgrade","maximum":100,"minimum":0,"type":"number"},"version":{"description":"Target version for automatic agent upgrade","type":"string"}},"required":["version","percentage"]},"nullable":true,"type":"array"},"space_ids":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the agent policy supports agentless integrations.","nullable":true,"type":"boolean"},"unenroll_timeout":{"minimum":0,"type":"number"}},"required":["name","namespace"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"advanced_settings":{"additionalProperties":false,"type":"object","properties":{"agent_download_target_directory":{"nullable":true},"agent_download_timeout":{"nullable":true},"agent_limits_go_max_procs":{"nullable":true},"agent_logging_files_interval":{"nullable":true},"agent_logging_files_keepfiles":{"nullable":true},"agent_logging_files_rotateeverybytes":{"nullable":true},"agent_logging_level":{"nullable":true},"agent_logging_metrics_period":{"nullable":true},"agent_logging_to_files":{"nullable":true}}},"agent_features":{"items":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"name":{"type":"string"}},"required":["name","enabled"]},"type":"array"},"agentless":{"additionalProperties":false,"type":"object","properties":{"cloud_connectors":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"target_csp":{"type":"string"}},"required":["enabled"]},"resources":{"additionalProperties":false,"type":"object","properties":{"requests":{"additionalProperties":false,"type":"object","properties":{"cpu":{"type":"string"},"memory":{"type":"string"}}}}}}},"agents":{"type":"number"},"data_output_id":{"nullable":true,"type":"string"},"description":{"type":"string"},"download_source_id":{"nullable":true,"type":"string"},"fleet_server_host_id":{"nullable":true,"type":"string"},"global_data_tags":{"description":"User defined data tags that are added to all of the inputs. The values can be strings or numbers.","items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"}]}},"required":["name","value"]},"type":"array"},"has_fleet_server":{"type":"boolean"},"id":{"type":"string"},"inactivity_timeout":{"default":1209600,"minimum":0,"type":"number"},"is_default":{"type":"boolean"},"is_default_fleet_server":{"type":"boolean"},"is_managed":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"is_protected":{"description":"Indicates whether the agent policy has tamper protection enabled. Default false.","type":"boolean"},"keep_monitoring_alive":{"default":false,"description":"When set to true, monitoring will be enabled but logs/metrics collection will be disabled","nullable":true,"type":"boolean"},"monitoring_diagnostics":{"additionalProperties":false,"type":"object","properties":{"limit":{"additionalProperties":false,"type":"object","properties":{"burst":{"type":"number"},"interval":{"type":"string"}}},"uploader":{"additionalProperties":false,"type":"object","properties":{"init_dur":{"type":"string"},"max_dur":{"type":"string"},"max_retries":{"type":"number"}}}}},"monitoring_enabled":{"items":{"enum":["logs","metrics","traces"],"type":"string"},"type":"array"},"monitoring_http":{"additionalProperties":false,"type":"object","properties":{"buffer":{"additionalProperties":false,"type":"object","properties":{"enabled":{"default":false,"type":"boolean"}}},"enabled":{"type":"boolean"},"host":{"type":"string"},"port":{"maximum":65353,"minimum":0,"type":"number"}}},"monitoring_output_id":{"nullable":true,"type":"string"},"monitoring_pprof_enabled":{"type":"boolean"},"name":{"minLength":1,"type":"string"},"namespace":{"minLength":1,"type":"string"},"overrides":{"additionalProperties":{},"description":"Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object"},"package_policies":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"description":"This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter","items":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]},"type":"array"}]},"required_versions":{"items":{"additionalProperties":false,"type":"object","properties":{"percentage":{"description":"Target percentage of agents to auto upgrade","maximum":100,"minimum":0,"type":"number"},"version":{"description":"Target version for automatic agent upgrade","type":"string"}},"required":["version","percentage"]},"nullable":true,"type":"array"},"revision":{"type":"number"},"schema_version":{"type":"string"},"space_ids":{"items":{"type":"string"},"type":"array"},"status":{"enum":["active","inactive"],"type":"string"},"supports_agentless":{"default":false,"description":"Indicates whether the agent policy supports agentless integrations.","nullable":true,"type":"boolean"},"unenroll_timeout":{"minimum":0,"type":"number"},"unprivileged_agents":{"type":"number"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"version":{"type":"string"}},"required":["id","name","namespace","is_managed","is_protected","status","updated_at","updated_by","revision"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create an agent policy","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/_bulk_get":{"post":{"description":"[Required authorization] Route required privileges: fleet-agent-policies-read OR fleet-agents-read OR fleet-setup.","operationId":"post-fleet-agent-policies-bulk-get","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"full":{"description":"get full policies with package policies populated","type":"boolean"},"ids":{"description":"list of package policy ids","items":{"type":"string"},"type":"array"},"ignoreMissing":{"type":"boolean"}},"required":["ids"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"advanced_settings":{"additionalProperties":false,"type":"object","properties":{"agent_download_target_directory":{"nullable":true},"agent_download_timeout":{"nullable":true},"agent_limits_go_max_procs":{"nullable":true},"agent_logging_files_interval":{"nullable":true},"agent_logging_files_keepfiles":{"nullable":true},"agent_logging_files_rotateeverybytes":{"nullable":true},"agent_logging_level":{"nullable":true},"agent_logging_metrics_period":{"nullable":true},"agent_logging_to_files":{"nullable":true}}},"agent_features":{"items":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"name":{"type":"string"}},"required":["name","enabled"]},"type":"array"},"agentless":{"additionalProperties":false,"type":"object","properties":{"cloud_connectors":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"target_csp":{"type":"string"}},"required":["enabled"]},"resources":{"additionalProperties":false,"type":"object","properties":{"requests":{"additionalProperties":false,"type":"object","properties":{"cpu":{"type":"string"},"memory":{"type":"string"}}}}}}},"agents":{"type":"number"},"data_output_id":{"nullable":true,"type":"string"},"description":{"type":"string"},"download_source_id":{"nullable":true,"type":"string"},"fleet_server_host_id":{"nullable":true,"type":"string"},"global_data_tags":{"description":"User defined data tags that are added to all of the inputs. The values can be strings or numbers.","items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"}]}},"required":["name","value"]},"type":"array"},"has_fleet_server":{"type":"boolean"},"id":{"type":"string"},"inactivity_timeout":{"default":1209600,"minimum":0,"type":"number"},"is_default":{"type":"boolean"},"is_default_fleet_server":{"type":"boolean"},"is_managed":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"is_protected":{"description":"Indicates whether the agent policy has tamper protection enabled. Default false.","type":"boolean"},"keep_monitoring_alive":{"default":false,"description":"When set to true, monitoring will be enabled but logs/metrics collection will be disabled","nullable":true,"type":"boolean"},"monitoring_diagnostics":{"additionalProperties":false,"type":"object","properties":{"limit":{"additionalProperties":false,"type":"object","properties":{"burst":{"type":"number"},"interval":{"type":"string"}}},"uploader":{"additionalProperties":false,"type":"object","properties":{"init_dur":{"type":"string"},"max_dur":{"type":"string"},"max_retries":{"type":"number"}}}}},"monitoring_enabled":{"items":{"enum":["logs","metrics","traces"],"type":"string"},"type":"array"},"monitoring_http":{"additionalProperties":false,"type":"object","properties":{"buffer":{"additionalProperties":false,"type":"object","properties":{"enabled":{"default":false,"type":"boolean"}}},"enabled":{"type":"boolean"},"host":{"type":"string"},"port":{"maximum":65353,"minimum":0,"type":"number"}}},"monitoring_output_id":{"nullable":true,"type":"string"},"monitoring_pprof_enabled":{"type":"boolean"},"name":{"minLength":1,"type":"string"},"namespace":{"minLength":1,"type":"string"},"overrides":{"additionalProperties":{},"description":"Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object"},"package_policies":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"description":"This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter","items":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]},"type":"array"}]},"required_versions":{"items":{"additionalProperties":false,"type":"object","properties":{"percentage":{"description":"Target percentage of agents to auto upgrade","maximum":100,"minimum":0,"type":"number"},"version":{"description":"Target version for automatic agent upgrade","type":"string"}},"required":["version","percentage"]},"nullable":true,"type":"array"},"revision":{"type":"number"},"schema_version":{"type":"string"},"space_ids":{"items":{"type":"string"},"type":"array"},"status":{"enum":["active","inactive"],"type":"string"},"supports_agentless":{"default":false,"description":"Indicates whether the agent policy supports agentless integrations.","nullable":true,"type":"boolean"},"unenroll_timeout":{"minimum":0,"type":"number"},"unprivileged_agents":{"type":"number"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"version":{"type":"string"}},"required":["id","name","namespace","is_managed","is_protected","status","updated_at","updated_by","revision"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk get agent policies","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/{agentPolicyId}":{"get":{"description":"Get an agent policy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-read OR fleet-agents-read OR fleet-setup.","operationId":"get-fleet-agent-policies-agentpolicyid","parameters":[{"in":"path","name":"agentPolicyId","required":true,"schema":{"type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"advanced_settings":{"additionalProperties":false,"type":"object","properties":{"agent_download_target_directory":{"nullable":true},"agent_download_timeout":{"nullable":true},"agent_limits_go_max_procs":{"nullable":true},"agent_logging_files_interval":{"nullable":true},"agent_logging_files_keepfiles":{"nullable":true},"agent_logging_files_rotateeverybytes":{"nullable":true},"agent_logging_level":{"nullable":true},"agent_logging_metrics_period":{"nullable":true},"agent_logging_to_files":{"nullable":true}}},"agent_features":{"items":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"name":{"type":"string"}},"required":["name","enabled"]},"type":"array"},"agentless":{"additionalProperties":false,"type":"object","properties":{"cloud_connectors":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"target_csp":{"type":"string"}},"required":["enabled"]},"resources":{"additionalProperties":false,"type":"object","properties":{"requests":{"additionalProperties":false,"type":"object","properties":{"cpu":{"type":"string"},"memory":{"type":"string"}}}}}}},"agents":{"type":"number"},"data_output_id":{"nullable":true,"type":"string"},"description":{"type":"string"},"download_source_id":{"nullable":true,"type":"string"},"fleet_server_host_id":{"nullable":true,"type":"string"},"global_data_tags":{"description":"User defined data tags that are added to all of the inputs. The values can be strings or numbers.","items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"}]}},"required":["name","value"]},"type":"array"},"has_fleet_server":{"type":"boolean"},"id":{"type":"string"},"inactivity_timeout":{"default":1209600,"minimum":0,"type":"number"},"is_default":{"type":"boolean"},"is_default_fleet_server":{"type":"boolean"},"is_managed":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"is_protected":{"description":"Indicates whether the agent policy has tamper protection enabled. Default false.","type":"boolean"},"keep_monitoring_alive":{"default":false,"description":"When set to true, monitoring will be enabled but logs/metrics collection will be disabled","nullable":true,"type":"boolean"},"monitoring_diagnostics":{"additionalProperties":false,"type":"object","properties":{"limit":{"additionalProperties":false,"type":"object","properties":{"burst":{"type":"number"},"interval":{"type":"string"}}},"uploader":{"additionalProperties":false,"type":"object","properties":{"init_dur":{"type":"string"},"max_dur":{"type":"string"},"max_retries":{"type":"number"}}}}},"monitoring_enabled":{"items":{"enum":["logs","metrics","traces"],"type":"string"},"type":"array"},"monitoring_http":{"additionalProperties":false,"type":"object","properties":{"buffer":{"additionalProperties":false,"type":"object","properties":{"enabled":{"default":false,"type":"boolean"}}},"enabled":{"type":"boolean"},"host":{"type":"string"},"port":{"maximum":65353,"minimum":0,"type":"number"}}},"monitoring_output_id":{"nullable":true,"type":"string"},"monitoring_pprof_enabled":{"type":"boolean"},"name":{"minLength":1,"type":"string"},"namespace":{"minLength":1,"type":"string"},"overrides":{"additionalProperties":{},"description":"Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object"},"package_policies":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"description":"This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter","items":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]},"type":"array"}]},"required_versions":{"items":{"additionalProperties":false,"type":"object","properties":{"percentage":{"description":"Target percentage of agents to auto upgrade","maximum":100,"minimum":0,"type":"number"},"version":{"description":"Target version for automatic agent upgrade","type":"string"}},"required":["version","percentage"]},"nullable":true,"type":"array"},"revision":{"type":"number"},"schema_version":{"type":"string"},"space_ids":{"items":{"type":"string"},"type":"array"},"status":{"enum":["active","inactive"],"type":"string"},"supports_agentless":{"default":false,"description":"Indicates whether the agent policy supports agentless integrations.","nullable":true,"type":"boolean"},"unenroll_timeout":{"minimum":0,"type":"number"},"unprivileged_agents":{"type":"number"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"version":{"type":"string"}},"required":["id","name","namespace","is_managed","is_protected","status","updated_at","updated_by","revision"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get an agent policy","tags":["Elastic Agent policies"]},"put":{"description":"Update an agent policy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-all.","operationId":"put-fleet-agent-policies-agentpolicyid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentPolicyId","required":true,"schema":{"type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"advanced_settings":{"additionalProperties":false,"type":"object","properties":{"agent_download_target_directory":{"nullable":true},"agent_download_timeout":{"nullable":true},"agent_limits_go_max_procs":{"nullable":true},"agent_logging_files_interval":{"nullable":true},"agent_logging_files_keepfiles":{"nullable":true},"agent_logging_files_rotateeverybytes":{"nullable":true},"agent_logging_level":{"nullable":true},"agent_logging_metrics_period":{"nullable":true},"agent_logging_to_files":{"nullable":true}}},"agent_features":{"items":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"name":{"type":"string"}},"required":["name","enabled"]},"type":"array"},"agentless":{"additionalProperties":false,"type":"object","properties":{"cloud_connectors":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"target_csp":{"type":"string"}},"required":["enabled"]},"resources":{"additionalProperties":false,"type":"object","properties":{"requests":{"additionalProperties":false,"type":"object","properties":{"cpu":{"type":"string"},"memory":{"type":"string"}}}}}}},"bumpRevision":{"type":"boolean"},"data_output_id":{"nullable":true,"type":"string"},"description":{"type":"string"},"download_source_id":{"nullable":true,"type":"string"},"fleet_server_host_id":{"nullable":true,"type":"string"},"force":{"type":"boolean"},"global_data_tags":{"description":"User defined data tags that are added to all of the inputs. The values can be strings or numbers.","items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"}]}},"required":["name","value"]},"type":"array"},"has_fleet_server":{"type":"boolean"},"id":{"type":"string"},"inactivity_timeout":{"default":1209600,"minimum":0,"type":"number"},"is_default":{"type":"boolean"},"is_default_fleet_server":{"type":"boolean"},"is_managed":{"type":"boolean"},"is_protected":{"type":"boolean"},"keep_monitoring_alive":{"default":false,"description":"When set to true, monitoring will be enabled but logs/metrics collection will be disabled","nullable":true,"type":"boolean"},"monitoring_diagnostics":{"additionalProperties":false,"type":"object","properties":{"limit":{"additionalProperties":false,"type":"object","properties":{"burst":{"type":"number"},"interval":{"type":"string"}}},"uploader":{"additionalProperties":false,"type":"object","properties":{"init_dur":{"type":"string"},"max_dur":{"type":"string"},"max_retries":{"type":"number"}}}}},"monitoring_enabled":{"items":{"enum":["logs","metrics","traces"],"type":"string"},"type":"array"},"monitoring_http":{"additionalProperties":false,"type":"object","properties":{"buffer":{"additionalProperties":false,"type":"object","properties":{"enabled":{"default":false,"type":"boolean"}}},"enabled":{"type":"boolean"},"host":{"type":"string"},"port":{"maximum":65353,"minimum":0,"type":"number"}}},"monitoring_output_id":{"nullable":true,"type":"string"},"monitoring_pprof_enabled":{"type":"boolean"},"name":{"minLength":1,"type":"string"},"namespace":{"minLength":1,"type":"string"},"overrides":{"additionalProperties":{},"description":"Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object"},"required_versions":{"items":{"additionalProperties":false,"type":"object","properties":{"percentage":{"description":"Target percentage of agents to auto upgrade","maximum":100,"minimum":0,"type":"number"},"version":{"description":"Target version for automatic agent upgrade","type":"string"}},"required":["version","percentage"]},"nullable":true,"type":"array"},"space_ids":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the agent policy supports agentless integrations.","nullable":true,"type":"boolean"},"unenroll_timeout":{"minimum":0,"type":"number"}},"required":["name","namespace"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"advanced_settings":{"additionalProperties":false,"type":"object","properties":{"agent_download_target_directory":{"nullable":true},"agent_download_timeout":{"nullable":true},"agent_limits_go_max_procs":{"nullable":true},"agent_logging_files_interval":{"nullable":true},"agent_logging_files_keepfiles":{"nullable":true},"agent_logging_files_rotateeverybytes":{"nullable":true},"agent_logging_level":{"nullable":true},"agent_logging_metrics_period":{"nullable":true},"agent_logging_to_files":{"nullable":true}}},"agent_features":{"items":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"name":{"type":"string"}},"required":["name","enabled"]},"type":"array"},"agentless":{"additionalProperties":false,"type":"object","properties":{"cloud_connectors":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"target_csp":{"type":"string"}},"required":["enabled"]},"resources":{"additionalProperties":false,"type":"object","properties":{"requests":{"additionalProperties":false,"type":"object","properties":{"cpu":{"type":"string"},"memory":{"type":"string"}}}}}}},"agents":{"type":"number"},"data_output_id":{"nullable":true,"type":"string"},"description":{"type":"string"},"download_source_id":{"nullable":true,"type":"string"},"fleet_server_host_id":{"nullable":true,"type":"string"},"global_data_tags":{"description":"User defined data tags that are added to all of the inputs. The values can be strings or numbers.","items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"}]}},"required":["name","value"]},"type":"array"},"has_fleet_server":{"type":"boolean"},"id":{"type":"string"},"inactivity_timeout":{"default":1209600,"minimum":0,"type":"number"},"is_default":{"type":"boolean"},"is_default_fleet_server":{"type":"boolean"},"is_managed":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"is_protected":{"description":"Indicates whether the agent policy has tamper protection enabled. Default false.","type":"boolean"},"keep_monitoring_alive":{"default":false,"description":"When set to true, monitoring will be enabled but logs/metrics collection will be disabled","nullable":true,"type":"boolean"},"monitoring_diagnostics":{"additionalProperties":false,"type":"object","properties":{"limit":{"additionalProperties":false,"type":"object","properties":{"burst":{"type":"number"},"interval":{"type":"string"}}},"uploader":{"additionalProperties":false,"type":"object","properties":{"init_dur":{"type":"string"},"max_dur":{"type":"string"},"max_retries":{"type":"number"}}}}},"monitoring_enabled":{"items":{"enum":["logs","metrics","traces"],"type":"string"},"type":"array"},"monitoring_http":{"additionalProperties":false,"type":"object","properties":{"buffer":{"additionalProperties":false,"type":"object","properties":{"enabled":{"default":false,"type":"boolean"}}},"enabled":{"type":"boolean"},"host":{"type":"string"},"port":{"maximum":65353,"minimum":0,"type":"number"}}},"monitoring_output_id":{"nullable":true,"type":"string"},"monitoring_pprof_enabled":{"type":"boolean"},"name":{"minLength":1,"type":"string"},"namespace":{"minLength":1,"type":"string"},"overrides":{"additionalProperties":{},"description":"Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object"},"package_policies":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"description":"This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter","items":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]},"type":"array"}]},"required_versions":{"items":{"additionalProperties":false,"type":"object","properties":{"percentage":{"description":"Target percentage of agents to auto upgrade","maximum":100,"minimum":0,"type":"number"},"version":{"description":"Target version for automatic agent upgrade","type":"string"}},"required":["version","percentage"]},"nullable":true,"type":"array"},"revision":{"type":"number"},"schema_version":{"type":"string"},"space_ids":{"items":{"type":"string"},"type":"array"},"status":{"enum":["active","inactive"],"type":"string"},"supports_agentless":{"default":false,"description":"Indicates whether the agent policy supports agentless integrations.","nullable":true,"type":"boolean"},"unenroll_timeout":{"minimum":0,"type":"number"},"unprivileged_agents":{"type":"number"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"version":{"type":"string"}},"required":["id","name","namespace","is_managed","is_protected","status","updated_at","updated_by","revision"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update an agent policy","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/{agentPolicyId}/auto_upgrade_agents_status":{"get":{"description":"Get auto upgrade agent status\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agent-policies-agentpolicyid-auto-upgrade-agents-status","parameters":[{"in":"path","name":"agentPolicyId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"currentVersions":{"items":{"additionalProperties":false,"type":"object","properties":{"agents":{"type":"number"},"failedUpgradeAgents":{"type":"number"},"version":{"type":"string"}},"required":["version","agents","failedUpgradeAgents"]},"type":"array"},"totalAgents":{"type":"number"}},"required":["currentVersions","totalAgents"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get auto upgrade agent status","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/{agentPolicyId}/copy":{"post":{"description":"Copy an agent policy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-all.","operationId":"post-fleet-agent-policies-agentpolicyid-copy","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentPolicyId","required":true,"schema":{"type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"description":{"type":"string"},"name":{"minLength":1,"type":"string"}},"required":["name"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"advanced_settings":{"additionalProperties":false,"type":"object","properties":{"agent_download_target_directory":{"nullable":true},"agent_download_timeout":{"nullable":true},"agent_limits_go_max_procs":{"nullable":true},"agent_logging_files_interval":{"nullable":true},"agent_logging_files_keepfiles":{"nullable":true},"agent_logging_files_rotateeverybytes":{"nullable":true},"agent_logging_level":{"nullable":true},"agent_logging_metrics_period":{"nullable":true},"agent_logging_to_files":{"nullable":true}}},"agent_features":{"items":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"name":{"type":"string"}},"required":["name","enabled"]},"type":"array"},"agentless":{"additionalProperties":false,"type":"object","properties":{"cloud_connectors":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"target_csp":{"type":"string"}},"required":["enabled"]},"resources":{"additionalProperties":false,"type":"object","properties":{"requests":{"additionalProperties":false,"type":"object","properties":{"cpu":{"type":"string"},"memory":{"type":"string"}}}}}}},"agents":{"type":"number"},"data_output_id":{"nullable":true,"type":"string"},"description":{"type":"string"},"download_source_id":{"nullable":true,"type":"string"},"fleet_server_host_id":{"nullable":true,"type":"string"},"global_data_tags":{"description":"User defined data tags that are added to all of the inputs. The values can be strings or numbers.","items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"}]}},"required":["name","value"]},"type":"array"},"has_fleet_server":{"type":"boolean"},"id":{"type":"string"},"inactivity_timeout":{"default":1209600,"minimum":0,"type":"number"},"is_default":{"type":"boolean"},"is_default_fleet_server":{"type":"boolean"},"is_managed":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"is_protected":{"description":"Indicates whether the agent policy has tamper protection enabled. Default false.","type":"boolean"},"keep_monitoring_alive":{"default":false,"description":"When set to true, monitoring will be enabled but logs/metrics collection will be disabled","nullable":true,"type":"boolean"},"monitoring_diagnostics":{"additionalProperties":false,"type":"object","properties":{"limit":{"additionalProperties":false,"type":"object","properties":{"burst":{"type":"number"},"interval":{"type":"string"}}},"uploader":{"additionalProperties":false,"type":"object","properties":{"init_dur":{"type":"string"},"max_dur":{"type":"string"},"max_retries":{"type":"number"}}}}},"monitoring_enabled":{"items":{"enum":["logs","metrics","traces"],"type":"string"},"type":"array"},"monitoring_http":{"additionalProperties":false,"type":"object","properties":{"buffer":{"additionalProperties":false,"type":"object","properties":{"enabled":{"default":false,"type":"boolean"}}},"enabled":{"type":"boolean"},"host":{"type":"string"},"port":{"maximum":65353,"minimum":0,"type":"number"}}},"monitoring_output_id":{"nullable":true,"type":"string"},"monitoring_pprof_enabled":{"type":"boolean"},"name":{"minLength":1,"type":"string"},"namespace":{"minLength":1,"type":"string"},"overrides":{"additionalProperties":{},"description":"Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object"},"package_policies":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"description":"This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter","items":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]},"type":"array"}]},"required_versions":{"items":{"additionalProperties":false,"type":"object","properties":{"percentage":{"description":"Target percentage of agents to auto upgrade","maximum":100,"minimum":0,"type":"number"},"version":{"description":"Target version for automatic agent upgrade","type":"string"}},"required":["version","percentage"]},"nullable":true,"type":"array"},"revision":{"type":"number"},"schema_version":{"type":"string"},"space_ids":{"items":{"type":"string"},"type":"array"},"status":{"enum":["active","inactive"],"type":"string"},"supports_agentless":{"default":false,"description":"Indicates whether the agent policy supports agentless integrations.","nullable":true,"type":"boolean"},"unenroll_timeout":{"minimum":0,"type":"number"},"unprivileged_agents":{"type":"number"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"version":{"type":"string"}},"required":["id","name","namespace","is_managed","is_protected","status","updated_at","updated_by","revision"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Copy an agent policy","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/{agentPolicyId}/download":{"get":{"description":"Download an agent policy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-read AND fleet-setup.","operationId":"get-fleet-agent-policies-agentpolicyid-download","parameters":[{"in":"path","name":"agentPolicyId","required":true,"schema":{"type":"string"}},{"in":"query","name":"download","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"standalone","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"kubernetes","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"string"}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"404":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Download an agent policy","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/{agentPolicyId}/full":{"get":{"description":"Get a full agent policy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-read.","operationId":"get-fleet-agent-policies-agentpolicyid-full","parameters":[{"in":"path","name":"agentPolicyId","required":true,"schema":{"type":"string"}},{"in":"query","name":"download","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"standalone","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"kubernetes","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"anyOf":[{"type":"string"},{"additionalProperties":false,"type":"object","properties":{"agent":{"additionalProperties":false,"type":"object","properties":{"download":{"additionalProperties":false,"type":"object","properties":{"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}}}},"required":["key"]}}},"sourceURI":{"type":"string"},"ssl":{"additionalProperties":false,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"renegotiation":{"type":"string"},"verification_mode":{"type":"string"}}}},"required":["sourceURI"]},"features":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"}},"required":["enabled"]},"type":"object"},"limits":{"additionalProperties":false,"type":"object","properties":{"go_max_procs":{"type":"number"}}},"logging":{"additionalProperties":false,"type":"object","properties":{"files":{"additionalProperties":false,"type":"object","properties":{"interval":{"type":"string"},"keepfiles":{"type":"number"},"rotateeverybytes":{"type":"number"}}},"level":{"type":"string"},"to_files":{"type":"boolean"}}},"monitoring":{"additionalProperties":false,"type":"object","properties":{"apm":{},"enabled":{"type":"boolean"},"logs":{"type":"boolean"},"metrics":{"type":"boolean"},"namespace":{"type":"string"},"traces":{"type":"boolean"},"use_output":{"type":"string"}},"required":["enabled","metrics","logs","traces","apm"]},"protection":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"signing_key":{"type":"string"},"uninstall_token_hash":{"type":"string"}},"required":["enabled","uninstall_token_hash","signing_key"]}},"required":["monitoring","download","features"]},"fleet":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"hosts":{"items":{"type":"string"},"type":"array"},"proxy_headers":{},"proxy_url":{"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}}}},"required":["key"]}}},"ssl":{"additionalProperties":false,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"renegotiation":{"type":"string"},"verification_mode":{"type":"string"}}}},"required":["hosts","proxy_headers"]},{"additionalProperties":false,"type":"object","properties":{"kibana":{"additionalProperties":false,"type":"object","properties":{"hosts":{"items":{"type":"string"},"type":"array"},"path":{"type":"string"},"protocol":{"type":"string"}},"required":["hosts","protocol"]}},"required":["kibana"]}]},"id":{"type":"string"},"inputs":{"items":{"additionalProperties":true,"type":"object","properties":{"data_stream":{"additionalProperties":true,"type":"object","properties":{"namespace":{"type":"string"}},"required":["namespace"]},"id":{"type":"string"},"meta":{"additionalProperties":true,"type":"object","properties":{"package":{"additionalProperties":true,"type":"object","properties":{"name":{"type":"string"},"version":{"type":"string"}},"required":["name","version"]}}},"name":{"type":"string"},"package_policy_id":{"type":"string"},"processors":{"items":{"additionalProperties":true,"type":"object","properties":{"add_fields":{"additionalProperties":true,"type":"object","properties":{"fields":{"additionalProperties":{"anyOf":[{"type":"string"},{"type":"number"}]},"type":"object"},"target":{"type":"string"}},"required":["target","fields"]}},"required":["add_fields"]},"type":"array"},"revision":{"type":"number"},"streams":{"items":{"additionalProperties":true,"type":"object","properties":{"data_stream":{"additionalProperties":true,"type":"object","properties":{"dataset":{"type":"string"},"type":{"type":"string"}},"required":["dataset"]},"id":{"type":"string"}},"required":["id","data_stream"]},"type":"array"},"type":{"type":"string"},"use_output":{"type":"string"}},"required":["id","name","revision","type","data_stream","use_output","package_policy_id"]},"type":"array"},"namespaces":{"items":{"type":"string"},"type":"array"},"output_permissions":{"additionalProperties":{"additionalProperties":{},"type":"object"},"type":"object"},"outputs":{"additionalProperties":{"additionalProperties":true,"type":"object","properties":{"ca_sha256":{"nullable":true,"type":"string"},"hosts":{"items":{"type":"string"},"type":"array"},"proxy_headers":{},"proxy_url":{"type":"string"},"type":{"type":"string"}},"required":["type","proxy_headers"]},"type":"object"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"signed":{"additionalProperties":false,"type":"object","properties":{"data":{"type":"string"},"signature":{"type":"string"}},"required":["data","signature"]}},"required":["id","outputs","inputs"]}]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a full agent policy","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/{agentPolicyId}/outputs":{"get":{"description":"Get a list of outputs associated with agent policy by policy id.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-read AND fleet-settings-read.","operationId":"get-fleet-agent-policies-agentpolicyid-outputs","parameters":[{"in":"path","name":"agentPolicyId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"agentPolicyId":{"type":"string"},"data":{"additionalProperties":false,"type":"object","properties":{"integrations":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"integrationPolicyName":{"type":"string"},"name":{"type":"string"},"pkgName":{"type":"string"}}},"type":"array"},"output":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}},"required":["id","name"]}},"required":["output"]},"monitoring":{"additionalProperties":false,"type":"object","properties":{"output":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}},"required":["id","name"]}},"required":["output"]}},"required":["monitoring","data"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get outputs for an agent policy","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/delete":{"post":{"description":"Delete an agent policy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-all.","operationId":"post-fleet-agent-policies-delete","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"agentPolicyId":{"type":"string"},"force":{"description":"bypass validation checks that can prevent agent policy deletion","type":"boolean"}},"required":["agentPolicyId"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}},"required":["id","name"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete an agent policy","tags":["Elastic Agent policies"]}},"/api/fleet/agent_policies/outputs":{"post":{"description":"Get a list of outputs associated with agent policies.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-read AND fleet-settings-read.","operationId":"post-fleet-agent-policies-outputs","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"ids":{"description":"list of package policy ids","items":{"type":"string"},"type":"array"}},"required":["ids"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"agentPolicyId":{"type":"string"},"data":{"additionalProperties":false,"type":"object","properties":{"integrations":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"integrationPolicyName":{"type":"string"},"name":{"type":"string"},"pkgName":{"type":"string"}}},"type":"array"},"output":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}},"required":["id","name"]}},"required":["output"]},"monitoring":{"additionalProperties":false,"type":"object","properties":{"output":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}},"required":["id","name"]}},"required":["output"]}},"required":["monitoring","data"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get outputs for agent policies","tags":["Elastic Agent policies"]}},"/api/fleet/agent_status":{"get":{"operationId":"get-fleet-agent-status","parameters":[{"in":"query","name":"policyId","required":false,"schema":{"type":"string"}},{"in":"query","name":"policyIds","required":false,"schema":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]}},{"in":"query","name":"kuery","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"results":{"additionalProperties":false,"type":"object","properties":{"active":{"type":"number"},"all":{"type":"number"},"error":{"type":"number"},"events":{"type":"number"},"inactive":{"type":"number"},"offline":{"type":"number"},"online":{"type":"number"},"orphaned":{"type":"number"},"other":{"type":"number"},"unenrolled":{"type":"number"},"uninstalled":{"type":"number"},"updating":{"type":"number"}},"required":["events","online","error","offline","other","updating","inactive","unenrolled","all","active"]}},"required":["results"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get an agent status summary","tags":["Elastic Agent status"]}},"/api/fleet/agent_status/data":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agent-status-data","parameters":[{"in":"query","name":"agentsIds","required":true,"schema":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]}},{"in":"query","name":"pkgName","required":false,"schema":{"type":"string"}},{"in":"query","name":"pkgVersion","required":false,"schema":{"type":"string"}},{"in":"query","name":"previewData","required":false,"schema":{"default":false,"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"dataPreview":{"items":{},"type":"array"},"items":{"items":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"data":{"type":"boolean"}},"required":["data"]},"type":"object"},"type":"array"}},"required":["items","dataPreview"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get incoming agent data","tags":["Elastic Agents"]}},"/api/fleet/agents":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agents","parameters":[{"in":"query","name":"page","required":false,"schema":{"type":"number"}},{"in":"query","name":"perPage","required":false,"schema":{"default":20,"type":"number"}},{"in":"query","name":"kuery","required":false,"schema":{"type":"string"}},{"in":"query","name":"showAgentless","required":false,"schema":{"default":true,"type":"boolean"}},{"in":"query","name":"showInactive","required":false,"schema":{"default":false,"type":"boolean"}},{"in":"query","name":"withMetrics","required":false,"schema":{"default":false,"type":"boolean"}},{"in":"query","name":"showUpgradeable","required":false,"schema":{"default":false,"type":"boolean"}},{"in":"query","name":"getStatusSummary","required":false,"schema":{"default":false,"type":"boolean"}},{"in":"query","name":"sortField","required":false,"schema":{"type":"string"}},{"in":"query","name":"sortOrder","required":false,"schema":{"enum":["asc","desc"],"type":"string"}},{"in":"query","name":"searchAfter","required":false,"schema":{"type":"string"}},{"in":"query","name":"openPit","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"pitId","required":false,"schema":{"type":"string"}},{"in":"query","name":"pitKeepAlive","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"access_api_key":{"type":"string"},"access_api_key_id":{"type":"string"},"active":{"type":"boolean"},"agent":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"version":{"type":"string"}},"required":["id","version"]},"audit_unenrolled_reason":{"type":"string"},"components":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"message":{"type":"string"},"status":{"enum":["STARTING","CONFIGURING","HEALTHY","DEGRADED","FAILED","STOPPING","STOPPED"],"type":"string"},"type":{"type":"string"},"units":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"message":{"type":"string"},"payload":{"additionalProperties":{},"type":"object"},"status":{"enum":["STARTING","CONFIGURING","HEALTHY","DEGRADED","FAILED","STOPPING","STOPPED"],"type":"string"},"type":{"enum":["input","output"],"type":"string"}},"required":["id","type","status","message"]},"type":"array"}},"required":["id","type","status","message"]},"type":"array"},"default_api_key":{"type":"string"},"default_api_key_history":{"items":{"additionalProperties":false,"deprecated":true,"type":"object","properties":{"id":{"type":"string"},"retired_at":{"type":"string"}},"required":["id","retired_at"]},"type":"array"},"default_api_key_id":{"type":"string"},"enrolled_at":{"type":"string"},"id":{"type":"string"},"last_checkin":{"type":"string"},"last_checkin_message":{"type":"string"},"last_checkin_status":{"enum":["error","online","degraded","updating","starting"],"type":"string"},"local_metadata":{"additionalProperties":{},"type":"object"},"metrics":{"additionalProperties":false,"type":"object","properties":{"cpu_avg":{"type":"number"},"memory_size_byte_avg":{"type":"number"}}},"namespaces":{"items":{"type":"string"},"type":"array"},"outputs":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"api_key_id":{"type":"string"},"to_retire_api_key_ids":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"retired_at":{"type":"string"}},"required":["id","retired_at"]},"type":"array"},"type":{"type":"string"}}},"type":"object"},"packages":{"items":{"type":"string"},"type":"array"},"policy_id":{"type":"string"},"policy_revision":{"nullable":true,"type":"number"},"sort":{"items":{},"type":"array"},"status":{"enum":["offline","error","online","inactive","enrolling","unenrolling","unenrolled","updating","degraded","uninstalled","orphaned"],"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"type":{"enum":["PERMANENT","EPHEMERAL","TEMPORARY"],"type":"string"},"unenrolled_at":{"type":"string"},"unenrollment_started_at":{"type":"string"},"unhealthy_reason":{"items":{"enum":["input","output","other"],"type":"string"},"nullable":true,"type":"array"},"upgrade_attempts":{"items":{"type":"string"},"nullable":true,"type":"array"},"upgrade_details":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"action_id":{"type":"string"},"metadata":{"additionalProperties":false,"type":"object","properties":{"download_percent":{"type":"number"},"download_rate":{"type":"number"},"error_msg":{"type":"string"},"failed_state":{"enum":["UPG_REQUESTED","UPG_SCHEDULED","UPG_DOWNLOADING","UPG_EXTRACTING","UPG_REPLACING","UPG_RESTARTING","UPG_FAILED","UPG_WATCHING","UPG_ROLLBACK"],"type":"string"},"retry_error_msg":{"type":"string"},"retry_until":{"type":"string"},"scheduled_at":{"type":"string"}}},"state":{"enum":["UPG_REQUESTED","UPG_SCHEDULED","UPG_DOWNLOADING","UPG_EXTRACTING","UPG_REPLACING","UPG_RESTARTING","UPG_FAILED","UPG_WATCHING","UPG_ROLLBACK"],"type":"string"},"target_version":{"type":"string"}},"required":["target_version","action_id","state"]},"upgrade_started_at":{"nullable":true,"type":"string"},"upgraded_at":{"nullable":true,"type":"string"},"user_provided_metadata":{"additionalProperties":{},"type":"object"}},"required":["id","packages","type","active","enrolled_at","local_metadata"]},"type":"array"},"nextSearchAfter":{"type":"string"},"page":{"type":"number"},"perPage":{"type":"number"},"pit":{"type":"string"},"statusSummary":{"additionalProperties":{"type":"number"},"type":"object"},"total":{"type":"number"}},"required":["items","total","page","perPage"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get agents","tags":["Elastic Agents"]},"post":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"post-fleet-agents","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actionIds":{"items":{"type":"string"},"type":"array"}},"required":["actionIds"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"type":"string"},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get agents by action ids","tags":["Elastic Agents"]}},"/api/fleet/agents/{agentId}":{"delete":{"description":"Delete an agent by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-all.","operationId":"delete-fleet-agents-agentid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"action":{"enum":["deleted"],"type":"string"}},"required":["action"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete an agent","tags":["Elastic Agents"]},"get":{"description":"Get an agent by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agents-agentid","parameters":[{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}},{"in":"query","name":"withMetrics","required":false,"schema":{"default":false,"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"access_api_key":{"type":"string"},"access_api_key_id":{"type":"string"},"active":{"type":"boolean"},"agent":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"version":{"type":"string"}},"required":["id","version"]},"audit_unenrolled_reason":{"type":"string"},"components":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"message":{"type":"string"},"status":{"enum":["STARTING","CONFIGURING","HEALTHY","DEGRADED","FAILED","STOPPING","STOPPED"],"type":"string"},"type":{"type":"string"},"units":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"message":{"type":"string"},"payload":{"additionalProperties":{},"type":"object"},"status":{"enum":["STARTING","CONFIGURING","HEALTHY","DEGRADED","FAILED","STOPPING","STOPPED"],"type":"string"},"type":{"enum":["input","output"],"type":"string"}},"required":["id","type","status","message"]},"type":"array"}},"required":["id","type","status","message"]},"type":"array"},"default_api_key":{"type":"string"},"default_api_key_history":{"items":{"additionalProperties":false,"deprecated":true,"type":"object","properties":{"id":{"type":"string"},"retired_at":{"type":"string"}},"required":["id","retired_at"]},"type":"array"},"default_api_key_id":{"type":"string"},"enrolled_at":{"type":"string"},"id":{"type":"string"},"last_checkin":{"type":"string"},"last_checkin_message":{"type":"string"},"last_checkin_status":{"enum":["error","online","degraded","updating","starting"],"type":"string"},"local_metadata":{"additionalProperties":{},"type":"object"},"metrics":{"additionalProperties":false,"type":"object","properties":{"cpu_avg":{"type":"number"},"memory_size_byte_avg":{"type":"number"}}},"namespaces":{"items":{"type":"string"},"type":"array"},"outputs":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"api_key_id":{"type":"string"},"to_retire_api_key_ids":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"retired_at":{"type":"string"}},"required":["id","retired_at"]},"type":"array"},"type":{"type":"string"}}},"type":"object"},"packages":{"items":{"type":"string"},"type":"array"},"policy_id":{"type":"string"},"policy_revision":{"nullable":true,"type":"number"},"sort":{"items":{},"type":"array"},"status":{"enum":["offline","error","online","inactive","enrolling","unenrolling","unenrolled","updating","degraded","uninstalled","orphaned"],"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"type":{"enum":["PERMANENT","EPHEMERAL","TEMPORARY"],"type":"string"},"unenrolled_at":{"type":"string"},"unenrollment_started_at":{"type":"string"},"unhealthy_reason":{"items":{"enum":["input","output","other"],"type":"string"},"nullable":true,"type":"array"},"upgrade_attempts":{"items":{"type":"string"},"nullable":true,"type":"array"},"upgrade_details":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"action_id":{"type":"string"},"metadata":{"additionalProperties":false,"type":"object","properties":{"download_percent":{"type":"number"},"download_rate":{"type":"number"},"error_msg":{"type":"string"},"failed_state":{"enum":["UPG_REQUESTED","UPG_SCHEDULED","UPG_DOWNLOADING","UPG_EXTRACTING","UPG_REPLACING","UPG_RESTARTING","UPG_FAILED","UPG_WATCHING","UPG_ROLLBACK"],"type":"string"},"retry_error_msg":{"type":"string"},"retry_until":{"type":"string"},"scheduled_at":{"type":"string"}}},"state":{"enum":["UPG_REQUESTED","UPG_SCHEDULED","UPG_DOWNLOADING","UPG_EXTRACTING","UPG_REPLACING","UPG_RESTARTING","UPG_FAILED","UPG_WATCHING","UPG_ROLLBACK"],"type":"string"},"target_version":{"type":"string"}},"required":["target_version","action_id","state"]},"upgrade_started_at":{"nullable":true,"type":"string"},"upgraded_at":{"nullable":true,"type":"string"},"user_provided_metadata":{"additionalProperties":{},"type":"object"}},"required":["id","packages","type","active","enrolled_at","local_metadata"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get an agent","tags":["Elastic Agents"]},"put":{"description":"Update an agent by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-all.","operationId":"put-fleet-agents-agentid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"tags":{"items":{"type":"string"},"type":"array"},"user_provided_metadata":{"additionalProperties":{},"type":"object"}}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"access_api_key":{"type":"string"},"access_api_key_id":{"type":"string"},"active":{"type":"boolean"},"agent":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"version":{"type":"string"}},"required":["id","version"]},"audit_unenrolled_reason":{"type":"string"},"components":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"message":{"type":"string"},"status":{"enum":["STARTING","CONFIGURING","HEALTHY","DEGRADED","FAILED","STOPPING","STOPPED"],"type":"string"},"type":{"type":"string"},"units":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"message":{"type":"string"},"payload":{"additionalProperties":{},"type":"object"},"status":{"enum":["STARTING","CONFIGURING","HEALTHY","DEGRADED","FAILED","STOPPING","STOPPED"],"type":"string"},"type":{"enum":["input","output"],"type":"string"}},"required":["id","type","status","message"]},"type":"array"}},"required":["id","type","status","message"]},"type":"array"},"default_api_key":{"type":"string"},"default_api_key_history":{"items":{"additionalProperties":false,"deprecated":true,"type":"object","properties":{"id":{"type":"string"},"retired_at":{"type":"string"}},"required":["id","retired_at"]},"type":"array"},"default_api_key_id":{"type":"string"},"enrolled_at":{"type":"string"},"id":{"type":"string"},"last_checkin":{"type":"string"},"last_checkin_message":{"type":"string"},"last_checkin_status":{"enum":["error","online","degraded","updating","starting"],"type":"string"},"local_metadata":{"additionalProperties":{},"type":"object"},"metrics":{"additionalProperties":false,"type":"object","properties":{"cpu_avg":{"type":"number"},"memory_size_byte_avg":{"type":"number"}}},"namespaces":{"items":{"type":"string"},"type":"array"},"outputs":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"api_key_id":{"type":"string"},"to_retire_api_key_ids":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"retired_at":{"type":"string"}},"required":["id","retired_at"]},"type":"array"},"type":{"type":"string"}}},"type":"object"},"packages":{"items":{"type":"string"},"type":"array"},"policy_id":{"type":"string"},"policy_revision":{"nullable":true,"type":"number"},"sort":{"items":{},"type":"array"},"status":{"enum":["offline","error","online","inactive","enrolling","unenrolling","unenrolled","updating","degraded","uninstalled","orphaned"],"type":"string"},"tags":{"items":{"type":"string"},"type":"array"},"type":{"enum":["PERMANENT","EPHEMERAL","TEMPORARY"],"type":"string"},"unenrolled_at":{"type":"string"},"unenrollment_started_at":{"type":"string"},"unhealthy_reason":{"items":{"enum":["input","output","other"],"type":"string"},"nullable":true,"type":"array"},"upgrade_attempts":{"items":{"type":"string"},"nullable":true,"type":"array"},"upgrade_details":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"action_id":{"type":"string"},"metadata":{"additionalProperties":false,"type":"object","properties":{"download_percent":{"type":"number"},"download_rate":{"type":"number"},"error_msg":{"type":"string"},"failed_state":{"enum":["UPG_REQUESTED","UPG_SCHEDULED","UPG_DOWNLOADING","UPG_EXTRACTING","UPG_REPLACING","UPG_RESTARTING","UPG_FAILED","UPG_WATCHING","UPG_ROLLBACK"],"type":"string"},"retry_error_msg":{"type":"string"},"retry_until":{"type":"string"},"scheduled_at":{"type":"string"}}},"state":{"enum":["UPG_REQUESTED","UPG_SCHEDULED","UPG_DOWNLOADING","UPG_EXTRACTING","UPG_REPLACING","UPG_RESTARTING","UPG_FAILED","UPG_WATCHING","UPG_ROLLBACK"],"type":"string"},"target_version":{"type":"string"}},"required":["target_version","action_id","state"]},"upgrade_started_at":{"nullable":true,"type":"string"},"upgraded_at":{"nullable":true,"type":"string"},"user_provided_metadata":{"additionalProperties":{},"type":"object"}},"required":["id","packages","type","active","enrolled_at","local_metadata"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update an agent","tags":["Elastic Agents"]}},"/api/fleet/agents/{agentId}/actions":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-agentid-actions","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"action":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"ack_data":{},"data":{},"type":{"enum":["UNENROLL","UPGRADE","POLICY_REASSIGN"],"type":"string"}},"required":["type","data","ack_data"]},{"additionalProperties":false,"type":"object","properties":{"data":{"additionalProperties":false,"type":"object","properties":{"log_level":{"enum":["debug","info","warning","error"],"nullable":true,"type":"string"}},"required":["log_level"]},"type":{"enum":["SETTINGS"],"type":"string"}},"required":["type","data"]}]}},"required":["action"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"ack_data":{},"agents":{"items":{"type":"string"},"type":"array"},"created_at":{"type":"string"},"data":{},"expiration":{"type":"string"},"id":{"type":"string"},"minimum_execution_duration":{"type":"number"},"namespaces":{"items":{"type":"string"},"type":"array"},"rollout_duration_seconds":{"type":"number"},"sent_at":{"type":"string"},"source_uri":{"type":"string"},"start_time":{"type":"string"},"total":{"type":"number"},"type":{"type":"string"}},"required":["id","type","data","created_at","ack_data"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create an agent action","tags":["Elastic Agent actions"]}},"/api/fleet/agents/{agentId}/migrate":{"post":{"description":"Migrate a single agent to another cluster.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-agentid-migrate","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"enrollment_token":{"type":"string"},"settings":{"additionalProperties":false,"type":"object","properties":{"ca_sha256":{"type":"string"},"certificate_authorities":{"type":"string"},"elastic_agent_cert":{"type":"string"},"elastic_agent_cert_key":{"type":"string"},"elastic_agent_cert_key_passphrase":{"type":"string"},"headers":{"additionalProperties":{"type":"string"},"type":"object"},"insecure":{"type":"boolean"},"proxy_disabled":{"type":"boolean"},"proxy_headers":{"additionalProperties":{"type":"string"},"type":"object"},"proxy_url":{"type":"string"},"replace_token":{"type":"boolean"},"staging":{"type":"boolean"},"tags":{"items":{"type":"string"},"type":"array"}}},"uri":{"format":"uri","type":"string"}},"required":["uri","enrollment_token"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"}},"required":["actionId"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Migrate a single agent","tags":["Elastic Agents"]}},"/api/fleet/agents/{agentId}/reassign":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-agentid-reassign","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"policy_id":{"type":"string"}},"required":["policy_id"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{}}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Reassign an agent","tags":["Elastic Agent actions"]}},"/api/fleet/agents/{agentId}/request_diagnostics":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"post-fleet-agents-agentid-request-diagnostics","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"additional_metrics":{"items":{"enum":["CPU"],"type":"string"},"type":"array"}}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"}},"required":["actionId"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Request agent diagnostics","tags":["Elastic Agent actions"]}},"/api/fleet/agents/{agentId}/unenroll":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-agentid-unenroll","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"force":{"type":"boolean"},"revoke":{"type":"boolean"}}}}}},"responses":{},"summary":"Unenroll an agent","tags":["Elastic Agent actions"]}},"/api/fleet/agents/{agentId}/upgrade":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-agentid-upgrade","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"force":{"type":"boolean"},"skipRateLimitCheck":{"type":"boolean"},"source_uri":{"type":"string"},"version":{"type":"string"}},"required":["version"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{}}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Upgrade an agent","tags":["Elastic Agent actions"]}},"/api/fleet/agents/{agentId}/uploads":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agents-agentid-uploads","parameters":[{"in":"path","name":"agentId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"},"createTime":{"type":"string"},"error":{"type":"string"},"filePath":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"status":{"enum":["READY","AWAITING_UPLOAD","DELETED","EXPIRED","IN_PROGRESS","FAILED"],"type":"string"}},"required":["id","name","filePath","createTime","status","actionId"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get agent uploads","tags":["Elastic Agents"]}},"/api/fleet/agents/action_status":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agents-action-status","parameters":[{"in":"query","name":"page","required":false,"schema":{"default":0,"type":"number"}},{"in":"query","name":"perPage","required":false,"schema":{"default":20,"type":"number"}},{"in":"query","name":"date","required":false,"schema":{"type":"string"}},{"in":"query","name":"latest","required":false,"schema":{"type":"number"}},{"in":"query","name":"errorSize","required":false,"schema":{"default":5,"type":"number"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"},"cancellationTime":{"type":"string"},"completionTime":{"type":"string"},"creationTime":{"description":"creation time of action","type":"string"},"expiration":{"type":"string"},"hasRolloutPeriod":{"type":"boolean"},"is_automatic":{"type":"boolean"},"latestErrors":{"items":{"additionalProperties":false,"description":"latest errors that happened when the agents executed the action","type":"object","properties":{"agentId":{"type":"string"},"error":{"type":"string"},"hostname":{"type":"string"},"timestamp":{"type":"string"}},"required":["agentId","error","timestamp"]},"type":"array"},"nbAgentsAck":{"description":"number of agents that acknowledged the action","type":"number"},"nbAgentsActionCreated":{"description":"number of agents included in action from kibana","type":"number"},"nbAgentsActioned":{"description":"number of agents actioned","type":"number"},"nbAgentsFailed":{"description":"number of agents that failed to execute the action","type":"number"},"newPolicyId":{"description":"new policy id (POLICY_REASSIGN action)","type":"string"},"policyId":{"description":"policy id (POLICY_CHANGE action)","type":"string"},"revision":{"description":"new policy revision (POLICY_CHANGE action)","type":"number"},"startTime":{"description":"start time of action (scheduled actions)","type":"string"},"status":{"enum":["COMPLETE","EXPIRED","CANCELLED","FAILED","IN_PROGRESS","ROLLOUT_PASSED"],"type":"string"},"type":{"enum":["UPGRADE","UNENROLL","SETTINGS","POLICY_REASSIGN","CANCEL","FORCE_UNENROLL","REQUEST_DIAGNOSTICS","UPDATE_TAGS","POLICY_CHANGE","INPUT_ACTION","MIGRATE"],"type":"string"},"version":{"description":"agent version number (UPGRADE action)","type":"string"}},"required":["actionId","nbAgentsActionCreated","nbAgentsAck","nbAgentsFailed","type","nbAgentsActioned","status","creationTime"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get an agent action status","tags":["Elastic Agent actions"]}},"/api/fleet/agents/actions/{actionId}/cancel":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-actions-actionid-cancel","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"actionId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"ack_data":{},"agents":{"items":{"type":"string"},"type":"array"},"created_at":{"type":"string"},"data":{},"expiration":{"type":"string"},"id":{"type":"string"},"minimum_execution_duration":{"type":"number"},"namespaces":{"items":{"type":"string"},"type":"array"},"rollout_duration_seconds":{"type":"number"},"sent_at":{"type":"string"},"source_uri":{"type":"string"},"start_time":{"type":"string"},"total":{"type":"number"},"type":{"type":"string"}},"required":["id","type","data","created_at","ack_data"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Cancel an agent action","tags":["Elastic Agent actions"]}},"/api/fleet/agents/available_versions":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agents-available-versions","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"type":"string"},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get available agent versions","tags":["Elastic Agents"]}},"/api/fleet/agents/bulk_reassign":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-bulk-reassign","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"agents":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]},"batchSize":{"type":"number"},"includeInactive":{"default":false,"type":"boolean"},"policy_id":{"type":"string"}},"required":["policy_id","agents"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"}},"required":["actionId"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk reassign agents","tags":["Elastic Agent actions"]}},"/api/fleet/agents/bulk_request_diagnostics":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"post-fleet-agents-bulk-request-diagnostics","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"additional_metrics":{"items":{"enum":["CPU"],"type":"string"},"type":"array"},"agents":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]},"batchSize":{"type":"number"}},"required":["agents"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"}},"required":["actionId"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk request diagnostics from agents","tags":["Elastic Agent actions"]}},"/api/fleet/agents/bulk_unenroll":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-bulk-unenroll","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"agents":{"anyOf":[{"items":{"description":"KQL query string, leave empty to action all agents","type":"string"},"type":"array"},{"description":"list of agent IDs","type":"string"}]},"batchSize":{"type":"number"},"force":{"description":"Unenrolls hosted agents too","type":"boolean"},"includeInactive":{"description":"When passing agents by KQL query, unenrolls inactive agents too","type":"boolean"},"revoke":{"description":"Revokes API keys of agents","type":"boolean"}},"required":["agents"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"}},"required":["actionId"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk unenroll agents","tags":["Elastic Agent actions"]}},"/api/fleet/agents/bulk_update_agent_tags":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-bulk-update-agent-tags","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"agents":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]},"batchSize":{"type":"number"},"includeInactive":{"default":false,"type":"boolean"},"tagsToAdd":{"items":{"type":"string"},"type":"array"},"tagsToRemove":{"items":{"type":"string"},"type":"array"}},"required":["agents"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"}},"required":["actionId"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk update agent tags","tags":["Elastic Agent actions"]}},"/api/fleet/agents/bulk_upgrade":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-agents-bulk-upgrade","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"agents":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]},"batchSize":{"type":"number"},"force":{"type":"boolean"},"includeInactive":{"default":false,"type":"boolean"},"rollout_duration_seconds":{"minimum":600,"type":"number"},"skipRateLimitCheck":{"type":"boolean"},"source_uri":{"type":"string"},"start_time":{"type":"string"},"version":{"type":"string"}},"required":["agents","version"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"actionId":{"type":"string"}},"required":["actionId"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk upgrade agents","tags":["Elastic Agent actions"]}},"/api/fleet/agents/files/{fileId}":{"delete":{"description":"Delete a file uploaded by an agent.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-all.","operationId":"delete-fleet-agents-files-fileid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"fileId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"deleted":{"type":"boolean"},"id":{"type":"string"}},"required":["id","deleted"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete an uploaded file","tags":["Elastic Agents"]}},"/api/fleet/agents/files/{fileId}/{fileName}":{"get":{"description":"Get a file uploaded by an agent.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agents-files-fileid-filename","parameters":[{"in":"path","name":"fileId","required":true,"schema":{"type":"string"}},{"in":"path","name":"fileName","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get an uploaded file","tags":["Elastic Agents"]}},"/api/fleet/agents/setup":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup.","operationId":"get-fleet-agents-setup","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing.","type":"object","properties":{"is_secrets_storage_enabled":{"type":"boolean"},"is_space_awareness_enabled":{"type":"boolean"},"isReady":{"type":"boolean"},"missing_optional_features":{"items":{"enum":["encrypted_saved_object_encryption_key_required"],"type":"string"},"type":"array"},"missing_requirements":{"items":{"enum":["security_required","tls_required","api_keys","fleet_admin_user","fleet_server"],"type":"string"},"type":"array"},"package_verification_key_id":{"type":"string"}},"required":["isReady","missing_requirements","missing_optional_features"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get agent setup info","tags":["Elastic Agents"]},"post":{"description":"[Required authorization] Route required privileges: fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup.","operationId":"post-fleet-agents-setup","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.","type":"object","properties":{"isInitialized":{"type":"boolean"},"nonFatalErrors":{"items":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"},"name":{"type":"string"}},"required":["name","message"]},"type":"array"}},"required":["isInitialized","nonFatalErrors"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Initiate agent setup","tags":["Elastic Agents"]}},"/api/fleet/agents/tags":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-read.","operationId":"get-fleet-agents-tags","parameters":[{"in":"query","name":"kuery","required":false,"schema":{"type":"string"}},{"in":"query","name":"showInactive","required":false,"schema":{"default":false,"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"type":"string"},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get agent tags","tags":["Elastic Agents"]}},"/api/fleet/check-permissions":{"get":{"operationId":"get-fleet-check-permissions","parameters":[{"in":"query","name":"fleetServerSetup","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"error":{"enum":["MISSING_SECURITY","MISSING_PRIVILEGES","MISSING_FLEET_SERVER_SETUP_PRIVILEGES"],"type":"string"},"success":{"type":"boolean"}},"required":["success"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Check permissions","tags":["Fleet internals"]}},"/api/fleet/data_streams":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-all AND fleet-agent-policies-all AND fleet-settings-all.","operationId":"get-fleet-data-streams","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"data_streams":{"items":{"additionalProperties":false,"type":"object","properties":{"dashboards":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"title":{"type":"string"}},"required":["id","title"]},"type":"array"},"dataset":{"type":"string"},"index":{"type":"string"},"last_activity_ms":{"type":"number"},"namespace":{"type":"string"},"package":{"type":"string"},"package_version":{"type":"string"},"serviceDetails":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"environment":{"type":"string"},"serviceName":{"type":"string"}},"required":["environment","serviceName"]},"size_in_bytes":{"type":"number"},"size_in_bytes_formatted":{"anyOf":[{"type":"number"},{"type":"string"}]},"type":{"type":"string"}},"required":["index","dataset","namespace","type","package","package_version","last_activity_ms","size_in_bytes","size_in_bytes_formatted","dashboards","serviceDetails"]},"type":"array"}},"required":["data_streams"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get data streams","tags":["Data streams"]}},"/api/fleet/enrollment_api_keys":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-all OR fleet-setup.","operationId":"get-fleet-enrollment-api-keys","parameters":[{"in":"query","name":"page","required":false,"schema":{"default":1,"type":"number"}},{"in":"query","name":"perPage","required":false,"schema":{"default":20,"type":"number"}},{"in":"query","name":"kuery","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"active":{"description":"When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.","type":"boolean"},"api_key":{"description":"The enrollment API key (token) used for enrolling Elastic Agents.","type":"string"},"api_key_id":{"description":"The ID of the API key in the Security API.","type":"string"},"created_at":{"type":"string"},"hidden":{"type":"boolean"},"id":{"type":"string"},"name":{"description":"The name of the enrollment API key.","type":"string"},"policy_id":{"description":"The ID of the agent policy the Elastic Agent will be enrolled in.","type":"string"}},"required":["id","api_key_id","api_key","active","created_at"]},"type":"array"},"list":{"deprecated":true,"items":{"additionalProperties":false,"type":"object","properties":{"active":{"description":"When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.","type":"boolean"},"api_key":{"description":"The enrollment API key (token) used for enrolling Elastic Agents.","type":"string"},"api_key_id":{"description":"The ID of the API key in the Security API.","type":"string"},"created_at":{"type":"string"},"hidden":{"type":"boolean"},"id":{"type":"string"},"name":{"description":"The name of the enrollment API key.","type":"string"},"policy_id":{"description":"The ID of the agent policy the Elastic Agent will be enrolled in.","type":"string"}},"required":["id","api_key_id","api_key","active","created_at"]},"type":"array"},"page":{"type":"number"},"perPage":{"type":"number"},"total":{"type":"number"}},"required":["items","total","page","perPage","list"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get enrollment API keys","tags":["Fleet enrollment API keys"]},"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-enrollment-api-keys","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"expiration":{"type":"string"},"name":{"type":"string"},"policy_id":{"type":"string"}},"required":["policy_id"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"action":{"enum":["created"],"type":"string"},"item":{"additionalProperties":false,"type":"object","properties":{"active":{"description":"When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.","type":"boolean"},"api_key":{"description":"The enrollment API key (token) used for enrolling Elastic Agents.","type":"string"},"api_key_id":{"description":"The ID of the API key in the Security API.","type":"string"},"created_at":{"type":"string"},"hidden":{"type":"boolean"},"id":{"type":"string"},"name":{"description":"The name of the enrollment API key.","type":"string"},"policy_id":{"description":"The ID of the agent policy the Elastic Agent will be enrolled in.","type":"string"}},"required":["id","api_key_id","api_key","active","created_at"]}},"required":["item","action"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create an enrollment API key","tags":["Fleet enrollment API keys"]}},"/api/fleet/enrollment_api_keys/{keyId}":{"delete":{"description":"Revoke an enrollment API key by ID by marking it as inactive.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-all.","operationId":"delete-fleet-enrollment-api-keys-keyid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"keyId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"action":{"enum":["deleted"],"type":"string"}},"required":["action"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Revoke an enrollment API key","tags":["Fleet enrollment API keys"]},"get":{"description":"Get an enrollment API key by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-all OR fleet-setup.","operationId":"get-fleet-enrollment-api-keys-keyid","parameters":[{"in":"path","name":"keyId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"active":{"description":"When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.","type":"boolean"},"api_key":{"description":"The enrollment API key (token) used for enrolling Elastic Agents.","type":"string"},"api_key_id":{"description":"The ID of the API key in the Security API.","type":"string"},"created_at":{"type":"string"},"hidden":{"type":"boolean"},"id":{"type":"string"},"name":{"description":"The name of the enrollment API key.","type":"string"},"policy_id":{"description":"The ID of the agent policy the Elastic Agent will be enrolled in.","type":"string"}},"required":["id","api_key_id","api_key","active","created_at"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get an enrollment API key","tags":["Fleet enrollment API keys"]}},"/api/fleet/epm/bulk_assets":{"post":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"post-fleet-epm-bulk-assets","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"assetIds":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"}},"required":["id","type"]},"type":"array"}},"required":["assetIds"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"appLink":{"type":"string"},"attributes":{"additionalProperties":false,"type":"object","properties":{"description":{"type":"string"},"service":{"type":"string"},"title":{"type":"string"}}},"id":{"type":"string"},"type":{"type":"string"},"updatedAt":{"type":"string"}},"required":["id","type","attributes"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk get assets","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/categories":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-categories","parameters":[{"in":"query","name":"prerelease","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"include_policy_templates","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"count":{"type":"number"},"id":{"type":"string"},"parent_id":{"type":"string"},"parent_title":{"type":"string"},"title":{"type":"string"}},"required":["id","title","count"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get package categories","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/custom_integrations":{"post":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"post-fleet-epm-custom-integrations","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"datasets":{"items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"type":{"enum":["logs","metrics","traces","synthetics","profiling"],"type":"string"}},"required":["name","type"]},"type":"array"},"force":{"type":"boolean"},"integrationName":{"type":"string"}},"required":["integrationName","datasets"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"_meta":{"additionalProperties":false,"type":"object","properties":{"install_source":{"type":"string"},"name":{"type":"string"}},"required":["install_source","name"]},"items":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},{"additionalProperties":false,"type":"object","properties":{"deferred":{"type":"boolean"},"id":{"type":"string"},"type":{"enum":["index","index_template","component_template","ingest_pipeline","ilm_policy","data_stream_ilm_policy","transform","ml_model"],"type":"string"},"version":{"type":"string"}},"required":["id","type"]}]},"type":"array"}},"required":["items","_meta"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create a custom integration","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/custom_integrations/{pkgName}":{"put":{"description":"[Required authorization] Route required privileges: fleet-settings-all AND integrations-all.","operationId":"put-fleet-epm-custom-integrations-pkgname","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"categories":{"items":{"type":"string"},"type":"array"},"readMeData":{"type":"string"}},"required":["readMeData"]}}}},"responses":{"200":{},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update a custom integration","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/data_streams":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-data-streams","parameters":[{"in":"query","name":"type","required":false,"schema":{"enum":["logs","metrics","traces","synthetics","profiling"],"type":"string"}},{"in":"query","name":"datasetQuery","required":false,"schema":{"type":"string"}},{"in":"query","name":"sortOrder","required":false,"schema":{"default":"asc","enum":["asc","desc"],"type":"string"}},{"in":"query","name":"uncategorisedOnly","required":false,"schema":{"default":false,"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"}},"required":["name"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get data streams","tags":["Data streams"]}},"/api/fleet/epm/packages":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-packages","parameters":[{"in":"query","name":"category","required":false,"schema":{"type":"string"}},{"in":"query","name":"prerelease","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"excludeInstallStatus","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"withPackagePoliciesCount","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":true,"type":"object","properties":{"categories":{"items":{"type":"string"},"type":"array"},"conditions":{"additionalProperties":true,"type":"object","properties":{"elastic":{"additionalProperties":true,"type":"object","properties":{"capabilities":{"items":{"type":"string"},"type":"array"},"subscription":{"type":"string"}}},"kibana":{"additionalProperties":true,"type":"object","properties":{"version":{"type":"string"}}}}},"data_streams":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"description":{"type":"string"},"discovery":{"additionalProperties":true,"type":"object","properties":{"fields":{"items":{"additionalProperties":true,"type":"object","properties":{"name":{"type":"string"}},"required":["name"]},"type":"array"}}},"download":{"type":"string"},"format_version":{"type":"string"},"icons":{"items":{"additionalProperties":true,"type":"object","properties":{"dark_mode":{"type":"boolean"},"path":{"type":"string"},"size":{"type":"string"},"src":{"type":"string"},"title":{"type":"string"},"type":{"type":"string"}},"required":["src"]},"type":"array"},"id":{"type":"string"},"installationInfo":{"additionalProperties":true,"type":"object","properties":{"additional_spaces_installed_kibana":{"additionalProperties":{"items":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},"type":"array"},"type":"object"},"created_at":{"type":"string"},"experimental_data_stream_features":{"items":{"additionalProperties":true,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":true,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"install_format_schema_version":{"type":"string"},"install_source":{"enum":["registry","upload","bundled","custom"],"type":"string"},"install_status":{"enum":["installed","installing","install_failed"],"type":"string"},"installed_es":{"items":{"additionalProperties":true,"type":"object","properties":{"deferred":{"type":"boolean"},"id":{"type":"string"},"type":{"enum":["index","index_template","component_template","ingest_pipeline","ilm_policy","data_stream_ilm_policy","transform","ml_model"],"type":"string"},"version":{"type":"string"}},"required":["id","type"]},"type":"array"},"installed_kibana":{"items":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},"type":"array"},"installed_kibana_space_id":{"type":"string"},"latest_executed_state":{"additionalProperties":true,"type":"object","properties":{"error":{"type":"string"},"name":{"type":"string"},"started_at":{"type":"string"}}},"latest_install_failed_attempts":{"items":{"additionalProperties":true,"type":"object","properties":{"created_at":{"type":"string"},"error":{"additionalProperties":true,"type":"object","properties":{"message":{"type":"string"},"name":{"type":"string"},"stack":{"type":"string"}},"required":["name","message"]},"target_version":{"type":"string"}},"required":["created_at","target_version","error"]},"type":"array"},"name":{"type":"string"},"namespaces":{"items":{"type":"string"},"type":"array"},"type":{"type":"string"},"updated_at":{"type":"string"},"verification_key_id":{"nullable":true,"type":"string"},"verification_status":{"enum":["unverified","verified","unknown"],"type":"string"},"version":{"type":"string"}},"required":["type","installed_kibana","installed_es","name","version","install_status","install_source","verification_status"]},"integration":{"type":"string"},"internal":{"type":"boolean"},"latestVersion":{"type":"string"},"name":{"type":"string"},"owner":{"additionalProperties":true,"type":"object","properties":{"github":{"type":"string"},"type":{"enum":["elastic","partner","community"],"type":"string"}}},"path":{"type":"string"},"policy_templates":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"readme":{"type":"string"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"signature_path":{"type":"string"},"source":{"additionalProperties":true,"type":"object","properties":{"license":{"type":"string"}},"required":["license"]},"status":{"type":"string"},"title":{"type":"string"},"type":{"anyOf":[{"enum":["integration"],"type":"string"},{"enum":["input"],"type":"string"},{"enum":["content"],"type":"string"},{"type":"string"}]},"vars":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"version":{"type":"string"}},"required":["name","version","title","id"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get packages","tags":["Elastic Package Manager (EPM)"]},"post":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"post-fleet-epm-packages","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"query","name":"ignoreMappingUpdateErrors","required":false,"schema":{"default":false,"type":"boolean"}},{"in":"query","name":"skipDataStreamRollover","required":false,"schema":{"default":false,"type":"boolean"}}],"requestBody":{"content":{"application/gzip; application/zip":{"schema":{"format":"binary","type":"string"}}}},"responses":{"200":{"content":{"application/gzip; application/zip":{"schema":{"additionalProperties":false,"type":"object","properties":{"_meta":{"additionalProperties":false,"type":"object","properties":{"install_source":{"type":"string"},"name":{"type":"string"}},"required":["install_source","name"]},"items":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},{"additionalProperties":false,"type":"object","properties":{"deferred":{"type":"boolean"},"id":{"type":"string"},"type":{"enum":["index","index_template","component_template","ingest_pipeline","ilm_policy","data_stream_ilm_policy","transform","ml_model"],"type":"string"},"version":{"type":"string"}},"required":["id","type"]}]},"type":"array"}},"required":["items","_meta"]}}}},"400":{"content":{"application/gzip; application/zip":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Install a package by upload","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/_bulk":{"post":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"post-fleet-epm-packages-bulk","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"query","name":"prerelease","required":false,"schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"force":{"default":false,"type":"boolean"},"packages":{"items":{"anyOf":[{"type":"string"},{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"prerelease":{"type":"boolean"},"version":{"type":"string"}},"required":["name","version"]}]},"minItems":1,"type":"array"}},"required":["packages"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"result":{"additionalProperties":false,"type":"object","properties":{"assets":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},{"additionalProperties":false,"type":"object","properties":{"deferred":{"type":"boolean"},"id":{"type":"string"},"type":{"enum":["index","index_template","component_template","ingest_pipeline","ilm_policy","data_stream_ilm_policy","transform","ml_model"],"type":"string"},"version":{"type":"string"}},"required":["id","type"]}]},"type":"array"},"error":{},"installSource":{"type":"string"},"installType":{"type":"string"},"status":{"enum":["installed","already_installed"],"type":"string"}},"required":["error","installType"]},"version":{"type":"string"}},"required":["name","version","result"]},{"additionalProperties":false,"type":"object","properties":{"error":{"anyOf":[{"type":"string"},{}]},"name":{"type":"string"},"statusCode":{"type":"number"}},"required":["name","statusCode","error"]}]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk install packages","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/{pkgName}/{pkgVersion}":{"delete":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"delete-fleet-epm-packages-pkgname-pkgversion","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":false,"schema":{"type":"string"}},{"in":"query","name":"force","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},{"additionalProperties":false,"type":"object","properties":{"deferred":{"type":"boolean"},"id":{"type":"string"},"type":{"enum":["index","index_template","component_template","ingest_pipeline","ilm_policy","data_stream_ilm_policy","transform","ml_model"],"type":"string"},"version":{"type":"string"}},"required":["id","type"]}]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete a package","tags":["Elastic Package Manager (EPM)"]},"get":{"operationId":"get-fleet-epm-packages-pkgname-pkgversion","parameters":[{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":false,"schema":{"type":"string"}},{"in":"query","name":"ignoreUnverified","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"prerelease","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"full","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"withMetadata","required":false,"schema":{"default":false,"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":true,"type":"object","properties":{"agent":{"additionalProperties":false,"type":"object","properties":{"privileges":{"additionalProperties":false,"type":"object","properties":{"root":{"type":"boolean"}}}}},"asset_tags":{"items":{"additionalProperties":false,"type":"object","properties":{"asset_ids":{"items":{"type":"string"},"type":"array"},"asset_types":{"items":{"type":"string"},"type":"array"},"text":{"type":"string"}},"required":["text"]},"type":"array"},"assets":{"additionalProperties":{},"type":"object"},"categories":{"items":{"type":"string"},"type":"array"},"conditions":{"additionalProperties":true,"type":"object","properties":{"elastic":{"additionalProperties":true,"type":"object","properties":{"capabilities":{"items":{"type":"string"},"type":"array"},"subscription":{"type":"string"}}},"kibana":{"additionalProperties":true,"type":"object","properties":{"version":{"type":"string"}}}}},"data_streams":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"description":{"type":"string"},"discovery":{"additionalProperties":true,"type":"object","properties":{"fields":{"items":{"additionalProperties":true,"type":"object","properties":{"name":{"type":"string"}},"required":["name"]},"type":"array"}}},"download":{"type":"string"},"elasticsearch":{"additionalProperties":{},"type":"object"},"format_version":{"type":"string"},"icons":{"items":{"additionalProperties":true,"type":"object","properties":{"dark_mode":{"type":"boolean"},"path":{"type":"string"},"size":{"type":"string"},"src":{"type":"string"},"title":{"type":"string"},"type":{"type":"string"}},"required":["src"]},"type":"array"},"installationInfo":{"additionalProperties":true,"type":"object","properties":{"additional_spaces_installed_kibana":{"additionalProperties":{"items":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},"type":"array"},"type":"object"},"created_at":{"type":"string"},"experimental_data_stream_features":{"items":{"additionalProperties":true,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":true,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"install_format_schema_version":{"type":"string"},"install_source":{"enum":["registry","upload","bundled","custom"],"type":"string"},"install_status":{"enum":["installed","installing","install_failed"],"type":"string"},"installed_es":{"items":{"additionalProperties":true,"type":"object","properties":{"deferred":{"type":"boolean"},"id":{"type":"string"},"type":{"enum":["index","index_template","component_template","ingest_pipeline","ilm_policy","data_stream_ilm_policy","transform","ml_model"],"type":"string"},"version":{"type":"string"}},"required":["id","type"]},"type":"array"},"installed_kibana":{"items":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},"type":"array"},"installed_kibana_space_id":{"type":"string"},"latest_executed_state":{"additionalProperties":true,"type":"object","properties":{"error":{"type":"string"},"name":{"type":"string"},"started_at":{"type":"string"}}},"latest_install_failed_attempts":{"items":{"additionalProperties":true,"type":"object","properties":{"created_at":{"type":"string"},"error":{"additionalProperties":true,"type":"object","properties":{"message":{"type":"string"},"name":{"type":"string"},"stack":{"type":"string"}},"required":["name","message"]},"target_version":{"type":"string"}},"required":["created_at","target_version","error"]},"type":"array"},"name":{"type":"string"},"namespaces":{"items":{"type":"string"},"type":"array"},"type":{"type":"string"},"updated_at":{"type":"string"},"verification_key_id":{"nullable":true,"type":"string"},"verification_status":{"enum":["unverified","verified","unknown"],"type":"string"},"version":{"type":"string"}},"required":["type","installed_kibana","installed_es","name","version","install_status","install_source","verification_status"]},"internal":{"type":"boolean"},"keepPoliciesUpToDate":{"type":"boolean"},"latestVersion":{"type":"string"},"license":{"type":"string"},"licensePath":{"type":"string"},"name":{"type":"string"},"notice":{"type":"string"},"owner":{"additionalProperties":true,"type":"object","properties":{"github":{"type":"string"},"type":{"enum":["elastic","partner","community"],"type":"string"}}},"path":{"type":"string"},"policy_templates":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"readme":{"type":"string"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"screenshots":{"items":{"additionalProperties":false,"type":"object","properties":{"dark_mode":{"type":"boolean"},"path":{"type":"string"},"size":{"type":"string"},"src":{"type":"string"},"title":{"type":"string"},"type":{"type":"string"}},"required":["src"]},"type":"array"},"signature_path":{"type":"string"},"source":{"additionalProperties":true,"type":"object","properties":{"license":{"type":"string"}},"required":["license"]},"status":{"type":"string"},"title":{"type":"string"},"type":{"anyOf":[{"enum":["integration"],"type":"string"},{"enum":["input"],"type":"string"},{"enum":["content"],"type":"string"},{"type":"string"}]},"vars":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"version":{"type":"string"}},"required":["name","version","title","assets"]},"metadata":{"additionalProperties":false,"type":"object","properties":{"has_policies":{"type":"boolean"}},"required":["has_policies"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a package","tags":["Elastic Package Manager (EPM)"]},"post":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"post-fleet-epm-packages-pkgname-pkgversion","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":false,"schema":{"type":"string"}},{"in":"query","name":"prerelease","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"ignoreMappingUpdateErrors","required":false,"schema":{"default":false,"type":"boolean"}},{"in":"query","name":"skipDataStreamRollover","required":false,"schema":{"default":false,"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"force":{"default":false,"type":"boolean"},"ignore_constraints":{"default":false,"type":"boolean"}}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"_meta":{"additionalProperties":false,"type":"object","properties":{"install_source":{"type":"string"},"name":{"type":"string"}},"required":["install_source","name"]},"items":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},{"additionalProperties":false,"type":"object","properties":{"deferred":{"type":"boolean"},"id":{"type":"string"},"type":{"enum":["index","index_template","component_template","ingest_pipeline","ilm_policy","data_stream_ilm_policy","transform","ml_model"],"type":"string"},"version":{"type":"string"}},"required":["id","type"]}]},"type":"array"}},"required":["items","_meta"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Install a package from the registry","tags":["Elastic Package Manager (EPM)"]},"put":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"put-fleet-epm-packages-pkgname-pkgversion","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":false,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"keepPoliciesUpToDate":{"type":"boolean"}},"required":["keepPoliciesUpToDate"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":true,"type":"object","properties":{"agent":{"additionalProperties":false,"type":"object","properties":{"privileges":{"additionalProperties":false,"type":"object","properties":{"root":{"type":"boolean"}}}}},"asset_tags":{"items":{"additionalProperties":false,"type":"object","properties":{"asset_ids":{"items":{"type":"string"},"type":"array"},"asset_types":{"items":{"type":"string"},"type":"array"},"text":{"type":"string"}},"required":["text"]},"type":"array"},"assets":{"additionalProperties":{},"type":"object"},"categories":{"items":{"type":"string"},"type":"array"},"conditions":{"additionalProperties":true,"type":"object","properties":{"elastic":{"additionalProperties":true,"type":"object","properties":{"capabilities":{"items":{"type":"string"},"type":"array"},"subscription":{"type":"string"}}},"kibana":{"additionalProperties":true,"type":"object","properties":{"version":{"type":"string"}}}}},"data_streams":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"description":{"type":"string"},"discovery":{"additionalProperties":true,"type":"object","properties":{"fields":{"items":{"additionalProperties":true,"type":"object","properties":{"name":{"type":"string"}},"required":["name"]},"type":"array"}}},"download":{"type":"string"},"elasticsearch":{"additionalProperties":{},"type":"object"},"format_version":{"type":"string"},"icons":{"items":{"additionalProperties":true,"type":"object","properties":{"dark_mode":{"type":"boolean"},"path":{"type":"string"},"size":{"type":"string"},"src":{"type":"string"},"title":{"type":"string"},"type":{"type":"string"}},"required":["src"]},"type":"array"},"installationInfo":{"additionalProperties":true,"type":"object","properties":{"additional_spaces_installed_kibana":{"additionalProperties":{"items":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},"type":"array"},"type":"object"},"created_at":{"type":"string"},"experimental_data_stream_features":{"items":{"additionalProperties":true,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":true,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"install_format_schema_version":{"type":"string"},"install_source":{"enum":["registry","upload","bundled","custom"],"type":"string"},"install_status":{"enum":["installed","installing","install_failed"],"type":"string"},"installed_es":{"items":{"additionalProperties":true,"type":"object","properties":{"deferred":{"type":"boolean"},"id":{"type":"string"},"type":{"enum":["index","index_template","component_template","ingest_pipeline","ilm_policy","data_stream_ilm_policy","transform","ml_model"],"type":"string"},"version":{"type":"string"}},"required":["id","type"]},"type":"array"},"installed_kibana":{"items":{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"},"originId":{"type":"string"},"type":{"anyOf":[{"enum":["dashboard","lens","visualization","search","index-pattern","map","ml-module","security-rule","csp-rule-template","osquery-pack-asset","osquery-saved-query","tag"],"type":"string"},{"type":"string"}]}},"required":["id","type"]},"type":"array"},"installed_kibana_space_id":{"type":"string"},"latest_executed_state":{"additionalProperties":true,"type":"object","properties":{"error":{"type":"string"},"name":{"type":"string"},"started_at":{"type":"string"}}},"latest_install_failed_attempts":{"items":{"additionalProperties":true,"type":"object","properties":{"created_at":{"type":"string"},"error":{"additionalProperties":true,"type":"object","properties":{"message":{"type":"string"},"name":{"type":"string"},"stack":{"type":"string"}},"required":["name","message"]},"target_version":{"type":"string"}},"required":["created_at","target_version","error"]},"type":"array"},"name":{"type":"string"},"namespaces":{"items":{"type":"string"},"type":"array"},"type":{"type":"string"},"updated_at":{"type":"string"},"verification_key_id":{"nullable":true,"type":"string"},"verification_status":{"enum":["unverified","verified","unknown"],"type":"string"},"version":{"type":"string"}},"required":["type","installed_kibana","installed_es","name","version","install_status","install_source","verification_status"]},"internal":{"type":"boolean"},"keepPoliciesUpToDate":{"type":"boolean"},"latestVersion":{"type":"string"},"license":{"type":"string"},"licensePath":{"type":"string"},"name":{"type":"string"},"notice":{"type":"string"},"owner":{"additionalProperties":true,"type":"object","properties":{"github":{"type":"string"},"type":{"enum":["elastic","partner","community"],"type":"string"}}},"path":{"type":"string"},"policy_templates":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"readme":{"type":"string"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"screenshots":{"items":{"additionalProperties":false,"type":"object","properties":{"dark_mode":{"type":"boolean"},"path":{"type":"string"},"size":{"type":"string"},"src":{"type":"string"},"title":{"type":"string"},"type":{"type":"string"}},"required":["src"]},"type":"array"},"signature_path":{"type":"string"},"source":{"additionalProperties":true,"type":"object","properties":{"license":{"type":"string"}},"required":["license"]},"status":{"type":"string"},"title":{"type":"string"},"type":{"anyOf":[{"enum":["integration"],"type":"string"},{"enum":["input"],"type":"string"},{"enum":["content"],"type":"string"},{"type":"string"}]},"vars":{"items":{"additionalProperties":{},"type":"object"},"type":"array"},"version":{"type":"string"}},"required":["name","version","title","assets"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update package settings","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-packages-pkgname-pkgversion-filepath","parameters":[{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":true,"schema":{"type":"string"}},{"in":"path","name":"filePath","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a package file","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/{pkgName}/{pkgVersion}/datastream_assets":{"delete":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"delete-fleet-epm-packages-pkgname-pkgversion-datastream-assets","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":true,"schema":{"type":"string"}},{"in":"query","name":"packagePolicyId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"success":{"type":"boolean"}},"required":["success"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete assets for an input package","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/{pkgName}/{pkgVersion}/kibana_assets":{"delete":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"delete-fleet-epm-packages-pkgname-pkgversion-kibana-assets","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"success":{"type":"boolean"}},"required":["success"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete Kibana assets for a package","tags":["Elastic Package Manager (EPM)"]},"post":{"description":"[Required authorization] Route required privileges: integrations-all AND fleet-agent-policies-all.","operationId":"post-fleet-epm-packages-pkgname-pkgversion-kibana-assets","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"force":{"type":"boolean"},"space_ids":{"description":"When provided install assets in the specified spaces instead of the current space.","items":{"type":"string"},"minItems":1,"type":"array"}}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"success":{"type":"boolean"}},"required":["success"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Install Kibana assets for a package","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize":{"post":{"operationId":"post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":true,"schema":{"type":"string"}},{"in":"query","name":"prerelease","required":false,"schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"transforms":{"items":{"additionalProperties":false,"type":"object","properties":{"transformId":{"type":"string"}},"required":["transformId"]},"type":"array"}},"required":["transforms"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"items":{"additionalProperties":false,"type":"object","properties":{"error":{"nullable":true},"success":{"type":"boolean"},"transformId":{"type":"string"}},"required":["transformId","success","error"]},"type":"array"}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Authorize transforms","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/{pkgName}/stats":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-packages-pkgname-stats","parameters":[{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"response":{"additionalProperties":false,"type":"object","properties":{"agent_policy_count":{"type":"number"}},"required":["agent_policy_count"]}},"required":["response"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get package stats","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/installed":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-packages-installed","parameters":[{"in":"query","name":"dataStreamType","required":false,"schema":{"enum":["logs","metrics","traces","synthetics","profiling"],"type":"string"}},{"in":"query","name":"showOnlyActiveDataStreams","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"nameQuery","required":false,"schema":{"type":"string"}},{"in":"query","name":"searchAfter","required":false,"schema":{"items":{"anyOf":[{"type":"string"},{"type":"number"}]},"type":"array"}},{"in":"query","name":"perPage","required":false,"schema":{"default":15,"type":"number"}},{"in":"query","name":"sortOrder","required":false,"schema":{"default":"asc","enum":["asc","desc"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"dataStreams":{"items":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"title":{"type":"string"}},"required":["name","title"]},"type":"array"},"description":{"type":"string"},"icons":{"items":{"additionalProperties":false,"type":"object","properties":{"dark_mode":{"type":"boolean"},"path":{"type":"string"},"size":{"type":"string"},"src":{"type":"string"},"title":{"type":"string"},"type":{"type":"string"}},"required":["src"]},"type":"array"},"name":{"type":"string"},"status":{"type":"string"},"title":{"type":"string"},"version":{"type":"string"}},"required":["name","version","status","dataStreams"]},"type":"array"},"searchAfter":{"items":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"},{"enum":[],"nullable":true},{}]},"type":"array"},"total":{"type":"number"}},"required":["items","total"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get installed packages","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/packages/limited":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-packages-limited","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"type":"string"},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a limited package list","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-templates-pkgname-pkgversion-inputs","parameters":[{"in":"path","name":"pkgName","required":true,"schema":{"type":"string"}},{"in":"path","name":"pkgVersion","required":true,"schema":{"type":"string"}},{"in":"query","name":"format","required":false,"schema":{"default":"json","enum":["json","yml","yaml"],"type":"string"}},{"in":"query","name":"prerelease","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"ignoreUnverified","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"anyOf":[{"type":"string"},{"additionalProperties":false,"type":"object","properties":{"inputs":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"streams":{"items":{"additionalProperties":true,"type":"object","properties":{"data_stream":{"additionalProperties":true,"type":"object","properties":{"dataset":{"type":"string"},"type":{"type":"string"}},"required":["dataset"]},"id":{"type":"string"}},"required":["id","data_stream"]},"type":"array"},"type":{"type":"string"}},"required":["id","type"]},"type":"array"}},"required":["inputs"]}]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get an inputs template","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/epm/verification_key_id":{"get":{"description":"[Required authorization] Route required privileges: integrations-read OR fleet-setup OR fleet-all.","operationId":"get-fleet-epm-verification-key-id","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"id":{"nullable":true,"type":"string"}},"required":["id"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a package signature verification key ID","tags":["Elastic Package Manager (EPM)"]}},"/api/fleet/fleet_server_hosts":{"get":{"description":"[Required authorization] Route required privileges: fleet-agents-all OR fleet-settings-read.","operationId":"get-fleet-fleet-server-hosts","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"host_urls":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"es_key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"client_auth":{"enum":["optional","required","none"],"type":"string"},"es_certificate":{"type":"string"},"es_certificate_authorities":{"items":{"type":"string"},"type":"array"},"es_key":{"type":"string"},"key":{"type":"string"}}}},"required":["name","host_urls","id"]},"type":"array"},"page":{"type":"number"},"perPage":{"type":"number"},"total":{"type":"number"}},"required":["items","total","page","perPage"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get Fleet Server hosts","tags":["Fleet Server hosts"]},"post":{"description":"[Required authorization] Route required privileges: fleet-settings-all.","operationId":"post-fleet-fleet-server-hosts","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"host_urls":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"es_key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"client_auth":{"enum":["optional","required","none"],"type":"string"},"es_certificate":{"type":"string"},"es_certificate_authorities":{"items":{"type":"string"},"type":"array"},"es_key":{"type":"string"},"key":{"type":"string"}}}},"required":["name","host_urls"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"host_urls":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"es_key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"client_auth":{"enum":["optional","required","none"],"type":"string"},"es_certificate":{"type":"string"},"es_certificate_authorities":{"items":{"type":"string"},"type":"array"},"es_key":{"type":"string"},"key":{"type":"string"}}}},"required":["name","host_urls","id"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create a Fleet Server host","tags":["Fleet Server hosts"]}},"/api/fleet/fleet_server_hosts/{itemId}":{"delete":{"description":"Delete a Fleet Server host by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-all.","operationId":"delete-fleet-fleet-server-hosts-itemid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"itemId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete a Fleet Server host","tags":["Fleet Server hosts"]},"get":{"description":"Get a Fleet Server host by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-read.","operationId":"get-fleet-fleet-server-hosts-itemid","parameters":[{"in":"path","name":"itemId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"host_urls":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"es_key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"client_auth":{"enum":["optional","required","none"],"type":"string"},"es_certificate":{"type":"string"},"es_certificate_authorities":{"items":{"type":"string"},"type":"array"},"es_key":{"type":"string"},"key":{"type":"string"}}}},"required":["name","host_urls","id"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a Fleet Server host","tags":["Fleet Server hosts"]},"put":{"description":"Update a Fleet Server host by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-all.","operationId":"put-fleet-fleet-server-hosts-itemid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"itemId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"host_urls":{"items":{"type":"string"},"minItems":1,"type":"array"},"is_default":{"type":"boolean"},"is_internal":{"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"es_key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"client_auth":{"enum":["optional","required","none"],"type":"string"},"es_certificate":{"type":"string"},"es_certificate_authorities":{"items":{"type":"string"},"type":"array"},"es_key":{"type":"string"},"key":{"type":"string"}}}},"required":["proxy_id"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"host_urls":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"es_key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"client_auth":{"enum":["optional","required","none"],"type":"string"},"es_certificate":{"type":"string"},"es_certificate_authorities":{"items":{"type":"string"},"type":"array"},"es_key":{"type":"string"},"key":{"type":"string"}}}},"required":["name","host_urls","id"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update a Fleet Server host","tags":["Fleet Server hosts"]}},"/api/fleet/health_check":{"post":{"description":"[Required authorization] Route required privileges: fleet-settings-all.","operationId":"post-fleet-health-check","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"host_id":{"type":"string"},"name":{"type":"string"},"status":{"type":"string"}},"required":["status"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"404":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Check Fleet Server health","tags":["Fleet internals"]}},"/api/fleet/kubernetes":{"get":{"description":"[Required authorization] Route required privileges: fleet-agent-policies-read AND fleet-setup.","operationId":"get-fleet-kubernetes","parameters":[{"in":"query","name":"download","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"fleetServer","required":false,"schema":{"type":"string"}},{"in":"query","name":"enrolToken","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"type":"string"}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a full K8s agent manifest","tags":["Elastic Agent policies"]}},"/api/fleet/kubernetes/download":{"get":{"description":"[Required authorization] Route required privileges: fleet-agent-policies-read AND fleet-setup.","operationId":"get-fleet-kubernetes-download","parameters":[{"in":"query","name":"download","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"fleetServer","required":false,"schema":{"type":"string"}},{"in":"query","name":"enrolToken","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"string"}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"404":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Download an agent manifest","tags":["Elastic Agent policies"]}},"/api/fleet/logstash_api_keys":{"post":{"description":"[Required authorization] Route required privileges: fleet-settings-all.","operationId":"post-fleet-logstash-api-keys","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"api_key":{"type":"string"}},"required":["api_key"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Generate a Logstash API key","tags":["Fleet outputs"]}},"/api/fleet/message_signing_service/rotate_key_pair":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all AND fleet-agent-policies-all AND fleet-settings-all.","operationId":"post-fleet-message-signing-service-rotate-key-pair","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"query","name":"acknowledge","required":false,"schema":{"default":false,"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"500":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Rotate a Fleet message signing key pair","tags":["Message Signing Service"]}},"/api/fleet/outputs":{"get":{"description":"[Required authorization] Route required privileges: fleet-settings-read OR fleet-agent-policies-read.","operationId":"get-fleet-outputs","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"kibana_api_key":{"nullable":true,"type":"string"},"kibana_url":{"nullable":true,"type":"string"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"service_token":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"service_token":{"nullable":true,"type":"string"},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"sync_integrations":{"type":"boolean"},"sync_uninstalled_integrations":{"type":"boolean"},"type":{"enum":["remote_elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["logstash"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"auth_type":{"enum":["none","user_pass","ssl","kerberos"],"type":"string"},"broker_timeout":{"type":"number"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"client_id":{"type":"string"},"compression":{"enum":["gzip","snappy","lz4","none"],"type":"string"},"compression_level":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"number"},{"not":{}}]},"config_yaml":{"nullable":true,"type":"string"},"connection_type":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"enum":["plaintext","encryption"],"type":"string"},{"not":{}}]},"hash":{"additionalProperties":true,"type":"object","properties":{"hash":{"type":"string"},"random":{"type":"boolean"}}},"headers":{"items":{"additionalProperties":true,"type":"object","properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"]},"type":"array"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"key":{"type":"string"},"name":{"type":"string"},"partition":{"enum":["random","round_robin","hash"],"type":"string"},"password":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"not":{}},{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]}]},"proxy_id":{"nullable":true,"type":"string"},"random":{"additionalProperties":true,"type":"object","properties":{"group_events":{"type":"number"}}},"required_acks":{"enum":[1,0,-1],"type":"integer"},"round_robin":{"additionalProperties":true,"type":"object","properties":{"group_events":{"type":"number"}}},"sasl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"mechanism":{"enum":["PLAIN","SCRAM-SHA-256","SCRAM-SHA-512"],"type":"string"}}},"secrets":{"additionalProperties":true,"type":"object","properties":{"password":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}},"required":["key"]}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"timeout":{"type":"number"},"topic":{"type":"string"},"type":{"enum":["kafka"],"type":"string"},"username":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]},"version":{"type":"string"}},"required":["name","type","hosts","compression_level","auth_type","connection_type","username","password"]}]},"type":"array"},"page":{"type":"number"},"perPage":{"type":"number"},"total":{"type":"number"}},"required":["items","total","page","perPage"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get outputs","tags":["Fleet outputs"]},"post":{"description":"[Required authorization] Route required privileges: fleet-settings-all.","operationId":"post-fleet-outputs","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":false,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"kibana_api_key":{"nullable":true,"type":"string"},"kibana_url":{"nullable":true,"type":"string"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"service_token":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"service_token":{"nullable":true,"type":"string"},"shipper":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"sync_integrations":{"type":"boolean"},"sync_uninstalled_integrations":{"type":"boolean"},"type":{"enum":["remote_elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":false,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["logstash"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":false,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"auth_type":{"enum":["none","user_pass","ssl","kerberos"],"type":"string"},"broker_timeout":{"type":"number"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"client_id":{"type":"string"},"compression":{"enum":["gzip","snappy","lz4","none"],"type":"string"},"compression_level":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"number"},{"not":{}}]},"config_yaml":{"nullable":true,"type":"string"},"connection_type":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"enum":["plaintext","encryption"],"type":"string"},{"not":{}}]},"hash":{"additionalProperties":false,"type":"object","properties":{"hash":{"type":"string"},"random":{"type":"boolean"}}},"headers":{"items":{"additionalProperties":false,"type":"object","properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"]},"type":"array"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"key":{"type":"string"},"name":{"type":"string"},"partition":{"enum":["random","round_robin","hash"],"type":"string"},"password":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"not":{}},{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]}]},"proxy_id":{"nullable":true,"type":"string"},"random":{"additionalProperties":false,"type":"object","properties":{"group_events":{"type":"number"}}},"required_acks":{"enum":[1,0,-1],"type":"integer"},"round_robin":{"additionalProperties":false,"type":"object","properties":{"group_events":{"type":"number"}}},"sasl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"mechanism":{"enum":["PLAIN","SCRAM-SHA-256","SCRAM-SHA-512"],"type":"string"}}},"secrets":{"additionalProperties":false,"type":"object","properties":{"password":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}},"required":["key"]}}},"shipper":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"timeout":{"type":"number"},"topic":{"type":"string"},"type":{"enum":["kafka"],"type":"string"},"username":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]},"version":{"type":"string"}},"required":["name","type","hosts","compression_level","auth_type","connection_type","username","password"]}]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"kibana_api_key":{"nullable":true,"type":"string"},"kibana_url":{"nullable":true,"type":"string"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"service_token":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"service_token":{"nullable":true,"type":"string"},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"sync_integrations":{"type":"boolean"},"sync_uninstalled_integrations":{"type":"boolean"},"type":{"enum":["remote_elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["logstash"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"auth_type":{"enum":["none","user_pass","ssl","kerberos"],"type":"string"},"broker_timeout":{"type":"number"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"client_id":{"type":"string"},"compression":{"enum":["gzip","snappy","lz4","none"],"type":"string"},"compression_level":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"number"},{"not":{}}]},"config_yaml":{"nullable":true,"type":"string"},"connection_type":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"enum":["plaintext","encryption"],"type":"string"},{"not":{}}]},"hash":{"additionalProperties":true,"type":"object","properties":{"hash":{"type":"string"},"random":{"type":"boolean"}}},"headers":{"items":{"additionalProperties":true,"type":"object","properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"]},"type":"array"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"key":{"type":"string"},"name":{"type":"string"},"partition":{"enum":["random","round_robin","hash"],"type":"string"},"password":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"not":{}},{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]}]},"proxy_id":{"nullable":true,"type":"string"},"random":{"additionalProperties":true,"type":"object","properties":{"group_events":{"type":"number"}}},"required_acks":{"enum":[1,0,-1],"type":"integer"},"round_robin":{"additionalProperties":true,"type":"object","properties":{"group_events":{"type":"number"}}},"sasl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"mechanism":{"enum":["PLAIN","SCRAM-SHA-256","SCRAM-SHA-512"],"type":"string"}}},"secrets":{"additionalProperties":true,"type":"object","properties":{"password":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}},"required":["key"]}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"timeout":{"type":"number"},"topic":{"type":"string"},"type":{"enum":["kafka"],"type":"string"},"username":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]},"version":{"type":"string"}},"required":["name","type","hosts","compression_level","auth_type","connection_type","username","password"]}]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create output","tags":["Fleet outputs"]}},"/api/fleet/outputs/{outputId}":{"delete":{"description":"Delete output by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-all.","operationId":"delete-fleet-outputs-outputid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"outputId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"404":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete output","tags":["Fleet outputs"]},"get":{"description":"Get output by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-read OR fleet-agent-policies-read.","operationId":"get-fleet-outputs-outputid","parameters":[{"in":"path","name":"outputId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"kibana_api_key":{"nullable":true,"type":"string"},"kibana_url":{"nullable":true,"type":"string"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"service_token":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"service_token":{"nullable":true,"type":"string"},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"sync_integrations":{"type":"boolean"},"sync_uninstalled_integrations":{"type":"boolean"},"type":{"enum":["remote_elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["logstash"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"auth_type":{"enum":["none","user_pass","ssl","kerberos"],"type":"string"},"broker_timeout":{"type":"number"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"client_id":{"type":"string"},"compression":{"enum":["gzip","snappy","lz4","none"],"type":"string"},"compression_level":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"number"},{"not":{}}]},"config_yaml":{"nullable":true,"type":"string"},"connection_type":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"enum":["plaintext","encryption"],"type":"string"},{"not":{}}]},"hash":{"additionalProperties":true,"type":"object","properties":{"hash":{"type":"string"},"random":{"type":"boolean"}}},"headers":{"items":{"additionalProperties":true,"type":"object","properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"]},"type":"array"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"key":{"type":"string"},"name":{"type":"string"},"partition":{"enum":["random","round_robin","hash"],"type":"string"},"password":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"not":{}},{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]}]},"proxy_id":{"nullable":true,"type":"string"},"random":{"additionalProperties":true,"type":"object","properties":{"group_events":{"type":"number"}}},"required_acks":{"enum":[1,0,-1],"type":"integer"},"round_robin":{"additionalProperties":true,"type":"object","properties":{"group_events":{"type":"number"}}},"sasl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"mechanism":{"enum":["PLAIN","SCRAM-SHA-256","SCRAM-SHA-512"],"type":"string"}}},"secrets":{"additionalProperties":true,"type":"object","properties":{"password":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}},"required":["key"]}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"timeout":{"type":"number"},"topic":{"type":"string"},"type":{"enum":["kafka"],"type":"string"},"username":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]},"version":{"type":"string"}},"required":["name","type","hosts","compression_level","auth_type","connection_type","username","password"]}]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get output","tags":["Fleet outputs"]},"put":{"description":"Update output by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-all OR fleet-agent-policies-all.","operationId":"put-fleet-outputs-outputid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"outputId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"type":"boolean"},"is_default_monitoring":{"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["elasticsearch"],"type":"string"}}},{"additionalProperties":false,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"type":"boolean"},"is_default_monitoring":{"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"kibana_api_key":{"nullable":true,"type":"string"},"kibana_url":{"nullable":true,"type":"string"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"service_token":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"service_token":{"nullable":true,"type":"string"},"shipper":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"sync_integrations":{"type":"boolean"},"sync_uninstalled_integrations":{"type":"boolean"},"type":{"enum":["remote_elasticsearch"],"type":"string"}}},{"additionalProperties":false,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"type":"boolean"},"is_default_monitoring":{"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":false,"type":"object","properties":{"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["logstash"],"type":"string"}}},{"additionalProperties":false,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"auth_type":{"enum":["none","user_pass","ssl","kerberos"],"type":"string"},"broker_timeout":{"type":"number"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"client_id":{"type":"string"},"compression":{"enum":["gzip","snappy","lz4","none"],"type":"string"},"compression_level":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"number"},{"not":{}}]},"config_yaml":{"nullable":true,"type":"string"},"connection_type":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"enum":["plaintext","encryption"],"type":"string"},{"not":{}}]},"hash":{"additionalProperties":false,"type":"object","properties":{"hash":{"type":"string"},"random":{"type":"boolean"}}},"headers":{"items":{"additionalProperties":false,"type":"object","properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"]},"type":"array"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"key":{"type":"string"},"name":{"type":"string"},"partition":{"enum":["random","round_robin","hash"],"type":"string"},"password":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"not":{}},{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]}]},"proxy_id":{"nullable":true,"type":"string"},"random":{"additionalProperties":false,"type":"object","properties":{"group_events":{"type":"number"}}},"required_acks":{"enum":[1,0,-1],"type":"integer"},"round_robin":{"additionalProperties":false,"type":"object","properties":{"group_events":{"type":"number"}}},"sasl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"mechanism":{"enum":["PLAIN","SCRAM-SHA-256","SCRAM-SHA-512"],"type":"string"}}},"secrets":{"additionalProperties":false,"type":"object","properties":{"password":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":false,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}},"required":["key"]}}},"shipper":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"timeout":{"type":"number"},"topic":{"type":"string"},"type":{"enum":["kafka"],"type":"string"},"username":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]},"version":{"type":"string"}},"required":["name","compression_level","connection_type","username","password"]}]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"format":"uri","type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"kibana_api_key":{"nullable":true,"type":"string"},"kibana_url":{"nullable":true,"type":"string"},"name":{"type":"string"},"preset":{"enum":["balanced","custom","throughput","scale","latency"],"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"service_token":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"service_token":{"nullable":true,"type":"string"},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"sync_integrations":{"type":"boolean"},"sync_uninstalled_integrations":{"type":"boolean"},"type":{"enum":["remote_elasticsearch"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"config_yaml":{"nullable":true,"type":"string"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"name":{"type":"string"},"proxy_id":{"nullable":true,"type":"string"},"secrets":{"additionalProperties":true,"type":"object","properties":{"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}}}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"type":{"enum":["logstash"],"type":"string"}},"required":["name","type","hosts"]},{"additionalProperties":true,"type":"object","properties":{"allow_edit":{"items":{"type":"string"},"type":"array"},"auth_type":{"enum":["none","user_pass","ssl","kerberos"],"type":"string"},"broker_timeout":{"type":"number"},"ca_sha256":{"nullable":true,"type":"string"},"ca_trusted_fingerprint":{"nullable":true,"type":"string"},"client_id":{"type":"string"},"compression":{"enum":["gzip","snappy","lz4","none"],"type":"string"},"compression_level":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"number"},{"not":{}}]},"config_yaml":{"nullable":true,"type":"string"},"connection_type":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"enum":["plaintext","encryption"],"type":"string"},{"not":{}}]},"hash":{"additionalProperties":true,"type":"object","properties":{"hash":{"type":"string"},"random":{"type":"boolean"}}},"headers":{"items":{"additionalProperties":true,"type":"object","properties":{"key":{"type":"string"},"value":{"type":"string"}},"required":["key","value"]},"type":"array"},"hosts":{"items":{"type":"string"},"minItems":1,"type":"array"},"id":{"type":"string"},"is_default":{"default":false,"type":"boolean"},"is_default_monitoring":{"default":false,"type":"boolean"},"is_internal":{"type":"boolean"},"is_preconfigured":{"type":"boolean"},"key":{"type":"string"},"name":{"type":"string"},"partition":{"enum":["random","round_robin","hash"],"type":"string"},"password":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"not":{}},{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]}]},"proxy_id":{"nullable":true,"type":"string"},"random":{"additionalProperties":true,"type":"object","properties":{"group_events":{"type":"number"}}},"required_acks":{"enum":[1,0,-1],"type":"integer"},"round_robin":{"additionalProperties":true,"type":"object","properties":{"group_events":{"type":"number"}}},"sasl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"mechanism":{"enum":["PLAIN","SCRAM-SHA-256","SCRAM-SHA-512"],"type":"string"}}},"secrets":{"additionalProperties":true,"type":"object","properties":{"password":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]},"ssl":{"additionalProperties":true,"type":"object","properties":{"key":{"anyOf":[{"additionalProperties":true,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"type":"string"}]}},"required":["key"]}}},"shipper":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"compression_level":{"nullable":true,"type":"number"},"disk_queue_compression_enabled":{"nullable":true,"type":"boolean"},"disk_queue_enabled":{"default":false,"nullable":true,"type":"boolean"},"disk_queue_encryption_enabled":{"nullable":true,"type":"boolean"},"disk_queue_max_size":{"nullable":true,"type":"number"},"disk_queue_path":{"nullable":true,"type":"string"},"loadbalance":{"nullable":true,"type":"boolean"},"max_batch_bytes":{"nullable":true,"type":"number"},"mem_queue_events":{"nullable":true,"type":"number"},"queue_flush_timeout":{"nullable":true,"type":"number"}},"required":["disk_queue_path","disk_queue_max_size","disk_queue_encryption_enabled","disk_queue_compression_enabled","compression_level","loadbalance","mem_queue_events","queue_flush_timeout","max_batch_bytes"]},"ssl":{"additionalProperties":true,"nullable":true,"type":"object","properties":{"certificate":{"type":"string"},"certificate_authorities":{"items":{"type":"string"},"type":"array"},"key":{"type":"string"},"verification_mode":{"enum":["full","none","certificate","strict"],"type":"string"}}},"timeout":{"type":"number"},"topic":{"type":"string"},"type":{"enum":["kafka"],"type":"string"},"username":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"type":"string"},{"not":{}}]},"version":{"type":"string"}},"required":["name","type","hosts","compression_level","auth_type","connection_type","username","password"]}]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update output","tags":["Fleet outputs"]}},"/api/fleet/outputs/{outputId}/health":{"get":{"description":"[Required authorization] Route required privileges: fleet-settings-read.","operationId":"get-fleet-outputs-outputid-health","parameters":[{"in":"path","name":"outputId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"message":{"description":"long message if unhealthy","type":"string"},"state":{"description":"state of output, HEALTHY or DEGRADED","type":"string"},"timestamp":{"description":"timestamp of reported state","type":"string"}},"required":["state","message","timestamp"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get the latest output health","tags":["Fleet outputs"]}},"/api/fleet/package_policies":{"get":{"operationId":"get-fleet-package-policies","parameters":[{"in":"query","name":"page","required":false,"schema":{"type":"number"}},{"in":"query","name":"perPage","required":false,"schema":{"type":"number"}},{"in":"query","name":"sortField","required":false,"schema":{"type":"string"}},{"in":"query","name":"sortOrder","required":false,"schema":{"enum":["desc","asc"],"type":"string"}},{"in":"query","name":"showUpgradeable","required":false,"schema":{"type":"boolean"}},{"in":"query","name":"kuery","required":false,"schema":{"type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}},{"in":"query","name":"withAgentCount","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]},"type":"array"},"page":{"type":"number"},"perPage":{"type":"number"},"total":{"type":"number"}},"required":["items","total","page","perPage"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get package policies","tags":["Fleet package policies"]},"post":{"operationId":"post-fleet-package-policies","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"description":{"description":"Package policy description","type":"string"},"enabled":{"type":"boolean"},"force":{"description":"Force package policy creation even if package is not verified, or if the agent policy is managed.","type":"boolean"},"id":{"description":"Package policy unique identifier","type":"string"},"inputs":{"items":{"additionalProperties":false,"type":"object","properties":{"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled"]},"type":"array"},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["name","inputs"]},{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"description":{"type":"string"},"force":{"type":"boolean"},"id":{"type":"string"},"inputs":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object"},"name":{"type":"string"},"namespace":{"type":"string"},"output_id":{"nullable":true,"type":"string"},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"nullable":true,"type":"string"},"policy_ids":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}},"required":["name","package"]}],"description":"You should use inputs as an object and not use the deprecated inputs array."}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"409":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create a package policy","tags":["Fleet package policies"]}},"/api/fleet/package_policies/_bulk_get":{"post":{"operationId":"post-fleet-package-policies-bulk-get","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"ids":{"description":"list of package policy ids","items":{"type":"string"},"type":"array"},"ignoreMissing":{"type":"boolean"}},"required":["ids"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]},"type":"array"}},"required":["items"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"404":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}}}},"summary":"Bulk get package policies","tags":["Fleet package policies"]}},"/api/fleet/package_policies/{packagePolicyId}":{"delete":{"description":"Delete a package policy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-all AND integrations-all.","operationId":"delete-fleet-package-policies-packagepolicyid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"packagePolicyId","required":true,"schema":{"type":"string"}},{"in":"query","name":"force","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete a package policy","tags":["Fleet package policies"]},"get":{"description":"Get a package policy by ID.","operationId":"get-fleet-package-policies-packagepolicyid","parameters":[{"in":"path","name":"packagePolicyId","required":true,"schema":{"type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"404":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}}}},"summary":"Get a package policy","tags":["Fleet package policies"]},"put":{"description":"Update a package policy by ID.","operationId":"put-fleet-package-policies-packagepolicyid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"packagePolicyId","required":true,"schema":{"type":"string"}},{"in":"query","name":"format","required":false,"schema":{"enum":["simplified","legacy"],"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"description":{"description":"Package policy description","type":"string"},"enabled":{"type":"boolean"},"force":{"type":"boolean"},"inputs":{"items":{"additionalProperties":false,"type":"object","properties":{"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled"]},"type":"array"},"is_managed":{"type":"boolean"},"name":{"type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"version":{"type":"string"}}},{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"description":{"type":"string"},"force":{"type":"boolean"},"id":{"type":"string"},"inputs":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object"},"name":{"type":"string"},"namespace":{"type":"string"},"output_id":{"nullable":true,"type":"string"},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"nullable":true,"type":"string"},"policy_ids":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}},"required":["name","package"]}]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","id","revision","updated_at","updated_by","created_at","created_by"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"403":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update a package policy","tags":["Fleet package policies"]}},"/api/fleet/package_policies/delete":{"post":{"description":"[Required authorization] Route required privileges: fleet-agent-policies-all AND integrations-all.","operationId":"post-fleet-package-policies-delete","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"force":{"type":"boolean"},"packagePolicyIds":{"items":{"type":"string"},"type":"array"}},"required":["packagePolicyIds"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"items":{"additionalProperties":false,"type":"object","properties":{"body":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"id":{"type":"string"},"name":{"type":"string"},"output_id":{"nullable":true,"type":"string"},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Use `policy_ids` instead","nullable":true,"type":"string"},"policy_ids":{"items":{"type":"string"},"type":"array"},"statusCode":{"type":"number"},"success":{"type":"boolean"}},"required":["id","success","policy_ids","package"]},"type":"array"}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Bulk delete package policies","tags":["Fleet package policies"]}},"/api/fleet/package_policies/upgrade":{"post":{"description":"Upgrade a package policy to a newer package version.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agent-policies-all AND integrations-all.","operationId":"post-fleet-package-policies-upgrade","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"packagePolicyIds":{"items":{"type":"string"},"type":"array"}},"required":["packagePolicyIds"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"items":{"additionalProperties":false,"type":"object","properties":{"body":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"id":{"type":"string"},"name":{"type":"string"},"statusCode":{"type":"number"},"success":{"type":"boolean"}},"required":["id","success"]},"type":"array"}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Upgrade a package policy","tags":["Fleet package policies"]}},"/api/fleet/package_policies/upgrade/dryrun":{"post":{"description":"[Required authorization] Route required privileges: fleet-agent-policies-read AND integrations-read.","operationId":"post-fleet-package-policies-upgrade-dryrun","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"packagePolicyIds":{"items":{"type":"string"},"type":"array"},"packageVersion":{"type":"string"}},"required":["packagePolicyIds"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"items":{"additionalProperties":false,"type":"object","properties":{"agent_diff":{"items":{"items":{"additionalProperties":true,"type":"object","properties":{"data_stream":{"additionalProperties":true,"type":"object","properties":{"namespace":{"type":"string"}},"required":["namespace"]},"id":{"type":"string"},"meta":{"additionalProperties":true,"type":"object","properties":{"package":{"additionalProperties":true,"type":"object","properties":{"name":{"type":"string"},"version":{"type":"string"}},"required":["name","version"]}},"required":["package"]},"name":{"type":"string"},"package_policy_id":{"type":"string"},"processors":{"items":{"additionalProperties":true,"type":"object","properties":{"add_fields":{"additionalProperties":true,"type":"object","properties":{"fields":{"additionalProperties":{"anyOf":[{"type":"string"},{"type":"number"}]},"type":"object"},"target":{"type":"string"}},"required":["target","fields"]}},"required":["add_fields"]},"type":"array"},"revision":{"type":"number"},"streams":{"items":{"additionalProperties":true,"type":"object","properties":{"data_stream":{"additionalProperties":true,"type":"object","properties":{"dataset":{"type":"string"},"type":{"type":"string"}},"required":["dataset"]},"id":{"type":"string"}},"required":["data_stream"]},"type":"array"},"type":{"type":"string"},"use_output":{"type":"string"}},"required":["id","name","revision","type","data_stream","use_output","package_policy_id"]},"type":"array"},"type":"array"},"body":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"diff":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"agents":{"type":"number"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"id":{"type":"string"},"inputs":{"anyOf":[{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that input, (default to true)","type":"boolean"},"streams":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"enable or disable that stream, (default to true)","type":"boolean"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Input streams (see integration documentation to know what streams are available)","type":"object"},"vars":{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object"}}},"description":"Package policy inputs (see integration documentation to know what inputs are available)","type":"object","x-oas-optional":true}]},"is_managed":{"type":"boolean"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"spaceIds":{"items":{"type":"string"},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"anyOf":[{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},{"additionalProperties":{"anyOf":[{"type":"boolean"},{"type":"string"},{"type":"number"},{"items":{"type":"string"},"type":"array"},{"items":{"type":"number"},"type":"array"},{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"isSecretRef":{"type":"boolean"}},"required":["id","isSecretRef"]}],"nullable":true},"description":"Input/stream level variable (see integration documentation for more information)","type":"object","x-oas-optional":true}]},"version":{"type":"string"}},"required":["name","enabled","inputs","revision","updated_at","updated_by","created_at","created_by"]},{"additionalProperties":true,"type":"object","properties":{"additional_datastreams_permissions":{"description":"Additional datastream permissions, that will be added to the agent policy.","items":{"type":"string"},"nullable":true,"type":"array"},"created_at":{"type":"string"},"created_by":{"type":"string"},"description":{"description":"Package policy description","type":"string"},"elasticsearch":{"additionalProperties":true,"type":"object","properties":{"privileges":{"additionalProperties":true,"type":"object","properties":{"cluster":{"items":{"type":"string"},"type":"array"}}}}},"enabled":{"type":"boolean"},"errors":{"items":{"additionalProperties":false,"type":"object","properties":{"key":{"type":"string"},"message":{"type":"string"}},"required":["message"]},"type":"array"},"force":{"type":"boolean"},"id":{"type":"string"},"inputs":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_input":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"policy_template":{"type":"string"},"streams":{"items":{"additionalProperties":false,"type":"object","properties":{"compiled_stream":{},"config":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"data_stream":{"additionalProperties":false,"type":"object","properties":{"dataset":{"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"dynamic_dataset":{"type":"boolean"},"dynamic_namespace":{"type":"boolean"},"privileges":{"additionalProperties":false,"type":"object","properties":{"indices":{"items":{"type":"string"},"type":"array"}}}}},"type":{"type":"string"}},"required":["dataset","type"]},"enabled":{"type":"boolean"},"id":{"type":"string"},"keep_enabled":{"type":"boolean"},"release":{"enum":["ga","beta","experimental"],"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["enabled","data_stream","compiled_stream"]},"type":"array"},"type":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"}},"required":["type","enabled","streams","compiled_input"]},"type":"array"},"is_managed":{"type":"boolean"},"missingVars":{"items":{"type":"string"},"type":"array"},"name":{"description":"Package policy name (should be unique)","type":"string"},"namespace":{"description":"The package policy namespace. Leave blank to inherit the agent policy's namespace.","type":"string"},"output_id":{"nullable":true,"type":"string"},"overrides":{"additionalProperties":false,"description":"Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.","nullable":true,"type":"object","properties":{"inputs":{"additionalProperties":{},"type":"object"}}},"package":{"additionalProperties":false,"type":"object","properties":{"experimental_data_stream_features":{"items":{"additionalProperties":false,"type":"object","properties":{"data_stream":{"type":"string"},"features":{"additionalProperties":false,"type":"object","properties":{"doc_value_only_numeric":{"type":"boolean"},"doc_value_only_other":{"type":"boolean"},"synthetic_source":{"type":"boolean"},"tsdb":{"type":"boolean"}}}},"required":["data_stream","features"]},"type":"array"},"name":{"description":"Package name","type":"string"},"requires_root":{"type":"boolean"},"title":{"type":"string"},"version":{"description":"Package version","type":"string"}},"required":["name","version"]},"policy_id":{"deprecated":true,"description":"Agent policy ID where that package policy will be added","nullable":true,"type":"string"},"policy_ids":{"items":{"description":"Agent policy IDs where that package policy will be added","type":"string"},"type":"array"},"revision":{"type":"number"},"secret_references":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"type":"array"},"supports_agentless":{"default":false,"description":"Indicates whether the package policy belongs to an agentless agent policy.","nullable":true,"type":"boolean"},"updated_at":{"type":"string"},"updated_by":{"type":"string"},"vars":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"frozen":{"type":"boolean"},"type":{"type":"string"},"value":{}},"required":["value"]},"description":"Package variable (see integration documentation for more information)","type":"object"},"version":{"type":"string"}},"required":["name","enabled","inputs"]}]},"type":"array"},"hasErrors":{"type":"boolean"},"name":{"type":"string"},"statusCode":{"type":"number"}},"required":["hasErrors"]},"type":"array"}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Dry run a package policy upgrade","tags":["Fleet package policies"]}},"/api/fleet/proxies":{"get":{"description":"[Required authorization] Route required privileges: fleet-settings-read.","operationId":"get-fleet-proxies","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"certificate":{"nullable":true,"type":"string"},"certificate_authorities":{"nullable":true,"type":"string"},"certificate_key":{"nullable":true,"type":"string"},"id":{"type":"string"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_headers":{"additionalProperties":{"anyOf":[{"type":"string"},{"type":"boolean"},{"type":"number"}]},"nullable":true,"type":"object"},"url":{"type":"string"}},"required":["id","url","name"]},"type":"array"},"page":{"type":"number"},"perPage":{"type":"number"},"total":{"type":"number"}},"required":["items","total","page","perPage"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get proxies","tags":["Fleet proxies"]},"post":{"description":"[Required authorization] Route required privileges: fleet-settings-all.","operationId":"post-fleet-proxies","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"certificate":{"nullable":true,"type":"string"},"certificate_authorities":{"nullable":true,"type":"string"},"certificate_key":{"nullable":true,"type":"string"},"id":{"type":"string"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_headers":{"additionalProperties":{"anyOf":[{"type":"string"},{"type":"boolean"},{"type":"number"}]},"nullable":true,"type":"object"},"url":{"type":"string"}},"required":["url","name"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"certificate":{"nullable":true,"type":"string"},"certificate_authorities":{"nullable":true,"type":"string"},"certificate_key":{"nullable":true,"type":"string"},"id":{"type":"string"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_headers":{"additionalProperties":{"anyOf":[{"type":"string"},{"type":"boolean"},{"type":"number"}]},"nullable":true,"type":"object"},"url":{"type":"string"}},"required":["id","url","name"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create a proxy","tags":["Fleet proxies"]}},"/api/fleet/proxies/{itemId}":{"delete":{"description":"Delete a proxy by ID\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-all.","operationId":"delete-fleet-proxies-itemid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"itemId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Delete a proxy","tags":["Fleet proxies"]},"get":{"description":"Get a proxy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-read.","operationId":"get-fleet-proxies-itemid","parameters":[{"in":"path","name":"itemId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"certificate":{"nullable":true,"type":"string"},"certificate_authorities":{"nullable":true,"type":"string"},"certificate_key":{"nullable":true,"type":"string"},"id":{"type":"string"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_headers":{"additionalProperties":{"anyOf":[{"type":"string"},{"type":"boolean"},{"type":"number"}]},"nullable":true,"type":"object"},"url":{"type":"string"}},"required":["id","url","name"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a proxy","tags":["Fleet proxies"]},"put":{"description":"Update a proxy by ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-settings-all.","operationId":"put-fleet-proxies-itemid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"itemId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"certificate":{"nullable":true,"type":"string"},"certificate_authorities":{"nullable":true,"type":"string"},"certificate_key":{"nullable":true,"type":"string"},"name":{"type":"string"},"proxy_headers":{"additionalProperties":{"anyOf":[{"type":"string"},{"type":"boolean"},{"type":"number"}]},"nullable":true,"type":"object"},"url":{"type":"string"}},"required":["proxy_headers","certificate_authorities","certificate","certificate_key"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"certificate":{"nullable":true,"type":"string"},"certificate_authorities":{"nullable":true,"type":"string"},"certificate_key":{"nullable":true,"type":"string"},"id":{"type":"string"},"is_preconfigured":{"default":false,"type":"boolean"},"name":{"type":"string"},"proxy_headers":{"additionalProperties":{"anyOf":[{"type":"string"},{"type":"boolean"},{"type":"number"}]},"nullable":true,"type":"object"},"url":{"type":"string"}},"required":["id","url","name"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Update a proxy","tags":["Fleet proxies"]}},"/api/fleet/service_tokens":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-all.","operationId":"post-fleet-service-tokens","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"nullable":true,"type":"object","properties":{"remote":{"default":false,"type":"boolean"}}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string"}},"required":["name","value"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Create a service token","tags":["Fleet service tokens"]}},"/api/fleet/settings":{"get":{"description":"[Required authorization] Route required privileges: fleet-settings-read.","operationId":"get-fleet-settings","parameters":[],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"delete_unenrolled_agents":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"is_preconfigured":{"type":"boolean"}},"required":["enabled","is_preconfigured"]},"has_seen_add_data_notice":{"type":"boolean"},"id":{"type":"string"},"output_secret_storage_requirements_met":{"type":"boolean"},"preconfigured_fields":{"items":{"enum":["fleet_server_hosts"],"type":"string"},"type":"array"},"prerelease_integrations_enabled":{"type":"boolean"},"secret_storage_requirements_met":{"type":"boolean"},"use_space_awareness_migration_started_at":{"nullable":true,"type":"string"},"use_space_awareness_migration_status":{"enum":["pending","success","error"],"type":"string"},"version":{"type":"string"}},"required":["id"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"404":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}}}},"summary":"Get settings","tags":["Fleet internals"]},"put":{"description":"[Required authorization] Route required privileges: fleet-settings-all.","operationId":"put-fleet-settings","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"additional_yaml_config":{"type":"string"},"delete_unenrolled_agents":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"is_preconfigured":{"type":"boolean"}},"required":["enabled","is_preconfigured"]},"has_seen_add_data_notice":{"type":"boolean"},"kibana_ca_sha256":{"type":"string"},"kibana_urls":{"items":{"format":"uri","type":"string"},"type":"array"},"prerelease_integrations_enabled":{"type":"boolean"}}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"delete_unenrolled_agents":{"additionalProperties":false,"type":"object","properties":{"enabled":{"type":"boolean"},"is_preconfigured":{"type":"boolean"}},"required":["enabled","is_preconfigured"]},"has_seen_add_data_notice":{"type":"boolean"},"id":{"type":"string"},"output_secret_storage_requirements_met":{"type":"boolean"},"preconfigured_fields":{"items":{"enum":["fleet_server_hosts"],"type":"string"},"type":"array"},"prerelease_integrations_enabled":{"type":"boolean"},"secret_storage_requirements_met":{"type":"boolean"},"use_space_awareness_migration_started_at":{"nullable":true,"type":"string"},"use_space_awareness_migration_status":{"enum":["pending","success","error"],"type":"string"},"version":{"type":"string"}},"required":["id"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"404":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}}}},"summary":"Update settings","tags":["Fleet internals"]}},"/api/fleet/setup":{"post":{"description":"[Required authorization] Route required privileges: fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup.","operationId":"post-fleet-setup","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.","type":"object","properties":{"isInitialized":{"type":"boolean"},"nonFatalErrors":{"items":{"additionalProperties":false,"type":"object","properties":{"message":{"type":"string"},"name":{"type":"string"}},"required":["name","message"]},"type":"array"}},"required":["isInitialized","nonFatalErrors"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}},"500":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Internal Server Error","type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}}}},"summary":"Initiate Fleet setup","tags":["Fleet internals"]}},"/api/fleet/uninstall_tokens":{"get":{"description":"List the metadata for the latest uninstall tokens per agent policy.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-all.","operationId":"get-fleet-uninstall-tokens","parameters":[{"description":"Partial match filtering for policy IDs","in":"query","name":"policyId","required":false,"schema":{"maxLength":50,"type":"string"}},{"in":"query","name":"search","required":false,"schema":{"maxLength":50,"type":"string"}},{"description":"The number of items to return","in":"query","name":"perPage","required":false,"schema":{"minimum":5,"type":"number"}},{"in":"query","name":"page","required":false,"schema":{"minimum":1,"type":"number"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"items":{"items":{"additionalProperties":false,"type":"object","properties":{"created_at":{"type":"string"},"id":{"type":"string"},"namespaces":{"items":{"type":"string"},"type":"array"},"policy_id":{"type":"string"},"policy_name":{"nullable":true,"type":"string"}},"required":["id","policy_id","created_at"]},"type":"array"},"page":{"type":"number"},"perPage":{"type":"number"},"total":{"type":"number"}},"required":["items","total","page","perPage"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get metadata for latest uninstall tokens","tags":["Fleet uninstall tokens"]}},"/api/fleet/uninstall_tokens/{uninstallTokenId}":{"get":{"description":"Get one decrypted uninstall token by its ID.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: fleet-agents-all.","operationId":"get-fleet-uninstall-tokens-uninstalltokenid","parameters":[{"in":"path","name":"uninstallTokenId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"item":{"additionalProperties":false,"type":"object","properties":{"created_at":{"type":"string"},"id":{"type":"string"},"namespaces":{"items":{"type":"string"},"type":"array"},"policy_id":{"type":"string"},"policy_name":{"nullable":true,"type":"string"},"token":{"type":"string"}},"required":["id","policy_id","created_at","token"]}},"required":["item"]}}}},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Generic Error","type":"object","properties":{"attributes":{},"error":{"type":"string"},"errorType":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}},"required":["message","attributes"]}}}}},"summary":"Get a decrypted uninstall token","tags":["Fleet uninstall tokens"]}},"/api/lists":{"delete":{"description":"Delete a value list using the list ID.\n\u003e info\n\u003e When you delete a list, all of its list items are also deleted.\n","operationId":"DeleteList","parameters":[{"in":"query","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListId"}},{"description":"Determines whether exception items referencing this value list should be deleted.","in":"query","name":"deleteReferences","required":false,"schema":{"default":false,"example":false,"type":"boolean"}},{"description":"Determines whether to delete value list without performing any additional checks of where this list may be utilized.","in":"query","name":"ignoreReferences","required":false,"schema":{"default":false,"example":false,"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"examples":{"ipList":{"value":{"_version":"WzIsMV0=","@timestamp":"2025-01-08T04:47:34.273Z","created_at":"2025-01-08T04:47:34.273Z","created_by":"elastic","description":"List of bad internet ips.","id":"21b01cfb-058d-44b9-838c-282be16c91cd","immutable":false,"name":"Bad ips","tie_breaker_id":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"ip","updated_at":"2025-01-08T05:39:39.292Z","updated_by":"elastic","version":3}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_List"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: id: Required","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [DELETE /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"list id: \\\"ip_list\\\" was not found","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Delete a value list","tags":["Security Lists API"]},"get":{"description":"Get the details of a value list using the list ID.","operationId":"ReadList","parameters":[{"in":"query","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListId"}}],"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzEsMV0=","@timestamp":"2025-01-08T04:47:34.273Z","created_at":"2025-01-08T04:47:34.273Z","created_by":"elastic","description":"This list describes bad internet ip","id":"ip_list","immutable":false,"name":"My bad ips","tie_breaker_id":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"ip","updated_at":"2025-01-08T05:21:53.843Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_List"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: id: Required","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"list id: \\\"foo\\\" not found","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get value list details","tags":["Security Lists API"]},"patch":{"description":"Update specific fields of an existing list using the list `id`.","operationId":"PatchList","requestBody":{"content":{"application/json":{"schema":{"example":{"id":"ip_list","name":"Bad ips list - UPDATED"},"type":"object","properties":{"_version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersionId"},"description":{"$ref":"#/components/schemas/Security_Lists_API_ListDescription"},"id":{"$ref":"#/components/schemas/Security_Lists_API_ListId"},"meta":{"$ref":"#/components/schemas/Security_Lists_API_ListMetadata"},"name":{"$ref":"#/components/schemas/Security_Lists_API_ListName"},"version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersion"}},"required":["id"]}}},"description":"Value list's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzEsMV0=","@timestamp":"2025-01-08T04:47:34.273Z","created_at":"2025-01-08T04:47:34.273Z","created_by":"elastic","description":"This list describes bad internet ips","id":"ip_list","immutable":false,"name":"Bad ips list - UPDATED","tie_breaker_id":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"ip","updated_at":"2025-01-08T05:21:53.843Z","updated_by":"elastic","version":2}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_List"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request body]: name: Expected string, received number","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [PATCH /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"list id: \\\"foo\\\" not found","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Patch a value list","tags":["Security Lists API"]},"post":{"description":"Create a new value list.","operationId":"CreateList","requestBody":{"content":{"application/json":{"examples":{"ip":{"value":{"description":"This list describes bad internet ips","id":"ip_list","name":"Simple list with ips","type":"ip"}},"ip_range":{"value":{"description":"This list has ip ranges","id":"ip_range_list","name":"Simple list with ip ranges","type":"ip_range"}},"keyword":{"value":{"description":"This list describes bad host names","id":"keyword_list","name":"Simple list with a keyword","type":"keyword"}},"keyword_custom_format":{"value":{"description":"This parses the first found ipv4 only","deserializer":"{{value}}","id":"keyword_custom_format_list","name":"Simple list with a keyword using a custom format","serializer":"(?\u003cvalue\u003e((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))","type":"keyword"}}},"schema":{"type":"object","properties":{"description":{"$ref":"#/components/schemas/Security_Lists_API_ListDescription"},"deserializer":{"$ref":"#/components/schemas/Security_Lists_API_ListDeserializer"},"id":{"$ref":"#/components/schemas/Security_Lists_API_ListId"},"meta":{"$ref":"#/components/schemas/Security_Lists_API_ListMetadata"},"name":{"$ref":"#/components/schemas/Security_Lists_API_ListName"},"serializer":{"$ref":"#/components/schemas/Security_Lists_API_ListSerializer"},"type":{"$ref":"#/components/schemas/Security_Lists_API_ListType"},"version":{"default":1,"minimum":1,"type":"integer"}},"required":["name","description","type"]}}},"description":"Value list's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzAsMV0=","@timestamp":"2025-01-08T04:47:34.273Z","created_at":"2025-01-08T04:47:34.273Z","created_by":"elastic","description":"This list describes bad internet ips","id":"ip_list","immutable":false,"name":"Simple list with ips","tie_breaker_id":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"ip","updated_at":"2025-01-08T04:47:34.273Z","updated_by":"elastic","version":1}},"ip_range":{"value":{"_version":"WzAsMV0=","@timestamp":"2025-01-09T18:23:52.241Z","created_at":"2025-01-09T18:23:52.241Z","created_by":"elastic","description":"This list has ip ranges","id":"ip_range_list","immutable":false,"name":"Simple list with ip ranges","tie_breaker_id":"74aebdaf-601f-4940-b351-155728ff7003","type":"ip_range","updated_at":"2025-01-09T18:23:52.241Z","updated_by":"elastic","version":1}},"keyword":{"value":{"_version":"WzEsMV0=","@timestamp":"2025-01-09T18:24:55.786Z","created_at":"2025-01-09T18:24:55.786Z","created_by":"elastic","description":"This list describes bad host names","id":"keyword_list","immutable":false,"name":"Simple list with a keyword","tie_breaker_id":"f7e7dbaa-daf7-4c9a-a3dc-56643923ef68","type":"keyword","updated_at":"2025-01-09T18:24:55.786Z","updated_by":"elastic","version":1}},"keyword_custom_format":{"value":{"_version":"WzIsMV0=","@timestamp":"2025-01-09T18:25:39.604Z","created_at":"2025-01-09T18:25:39.604Z","created_by":"elastic","description":"This parses the first found ipv4 only","deserializer":"{{value}}","id":"keyword_custom_format_list","immutable":false,"name":"Simple list with a keyword using a custom format","serializer":"(?\u003cvalue\u003e((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))","tie_breaker_id":"8247ae63-b780-47b8-9a89-948b643e9ec2","type":"keyword","updated_at":"2025-01-09T18:25:39.604Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_List"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"To create a list, the data stream must exist first. Data stream \\\".lists-default\\\" does not exist","status_code":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"409":{"content":{"application/json":{"examples":{"alreadyExists":{"value":{"message":"list id: \"keyword_custom_format_list\" already exists","status_code":409}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List already exists response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Create a value list","tags":["Security Lists API"]},"put":{"description":"Update a value list using the list `id`. The original list is replaced, and all unspecified fields are deleted.\n\u003e info\n\u003e You cannot modify the `id` value.\n","operationId":"UpdateList","requestBody":{"content":{"application/json":{"schema":{"example":{"description":"Latest list of bad ips","id":"ip_list","name":"Bad ips - updated"},"type":"object","properties":{"_version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersionId"},"description":{"$ref":"#/components/schemas/Security_Lists_API_ListDescription"},"id":{"$ref":"#/components/schemas/Security_Lists_API_ListId"},"meta":{"$ref":"#/components/schemas/Security_Lists_API_ListMetadata"},"name":{"$ref":"#/components/schemas/Security_Lists_API_ListName"},"version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersion"}},"required":["id","name","description"]}}},"description":"Value list's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzIsMV0=","@timestamp":"2025-01-08T04:47:34.273Z","created_at":"2025-01-08T04:47:34.273Z","created_by":"elastic","description":"Latest list of bad ips","id":"ip_list","immutable":false,"name":"Bad ips - updated","tie_breaker_id":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"ip","updated_at":"2025-01-08T05:39:39.292Z","updated_by":"elastic","version":3}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_List"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request body]: id: Expected string, received number","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [PUT /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"list id: \\\"foo\\\" not found","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Update a value list","tags":["Security Lists API"]}},"/api/lists/_find":{"get":{"description":"Get a paginated subset of value lists. By default, the first page is returned, with 20 results per page.","operationId":"FindLists","parameters":[{"description":"The page number to return.","in":"query","name":"page","required":false,"schema":{"example":1,"type":"integer"}},{"description":"The number of value lists to return per page.","in":"query","name":"per_page","required":false,"schema":{"example":20,"type":"integer"}},{"description":"Determines which field is used to sort the results.","in":"query","name":"sort_field","required":false,"schema":{"example":"name","format":"nonempty","minLength":1,"type":"string"}},{"description":"Determines the sort order, which can be `desc` or `asc`","in":"query","name":"sort_order","required":false,"schema":{"enum":["desc","asc"],"example":"asc","type":"string"}},{"description":"Returns the lists that come after the last lists returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.","in":"query","name":"cursor","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_FindListsCursor"}},{"description":"Filters the returned results according to the value of the specified field,\nusing the \u003cfield name\u003e:\u003cfield value\u003e syntax.\n","in":"query","name":"filter","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_FindListsFilter"}}],"responses":{"200":{"content":{"application/json":{"examples":{"ipList":{"value":{"cursor":"WzIwLFsiZjU1MDgxODgtYjFlOS00ZTZlLTk2NjItZDAzOWE3ZDg5ODk5Il1d","data":[{"_version":"WzAsMV0=","@timestamp":"2025-01-08T04:47:34.273Z\n","created_at":"2025-01-08T04:47:34.273Z\n","created_by":"elastic","description":"This list describes bad internet ip","id":"ip_list","immutable":false,"name":"Simple list with an ip","tie_breaker_id":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"ip","updated_at":"2025-01-08T04:47:34.273Z\n","updated_by":"elastic","version":1}],"page":1,"per_page":20,"total":1}}},"schema":{"type":"object","properties":{"cursor":{"$ref":"#/components/schemas/Security_Lists_API_FindListsCursor"},"data":{"items":{"$ref":"#/components/schemas/Security_Lists_API_List"},"type":"array"},"page":{"minimum":0,"type":"integer"},"per_page":{"minimum":0,"type":"integer"},"total":{"minimum":0,"type":"integer"}},"required":["data","page","per_page","total","cursor"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request query]: page: Expected number, received nan","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/lists/_find?page=1\u0026per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get value lists","tags":["Security Lists API"]}},"/api/lists/index":{"delete":{"description":"Delete the `.lists` and `.items` data streams.","operationId":"DeleteListIndex","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"acknowledged":{"type":"boolean"}},"required":["acknowledged"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List data stream not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Delete value list data streams","tags":["Security Lists API"]},"get":{"description":"Verify that `.lists` and `.items` data streams exist.","operationId":"ReadListIndex","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"list_index":{"type":"boolean"},"list_item_index":{"type":"boolean"}},"required":["list_index","list_item_index"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List data stream(s) not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get status of value list data streams","tags":["Security Lists API"]},"post":{"description":"Create `.lists` and `.items` data streams in the relevant space.","operationId":"CreateListIndex","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"acknowledged":{"type":"boolean"}},"required":["acknowledged"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]\n","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"409":{"content":{"application/json":{"examples":{"alreadyExists":{"value":{"message":"data stream: \\\".lists-default\\\" and \\\".items-default\\\" already exists","status_code":409}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List data stream exists response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Create list data streams","tags":["Security Lists API"]}},"/api/lists/items":{"delete":{"description":"Delete a value list item using its `id`, or its `list_id` and `value` fields.","operationId":"DeleteListItem","parameters":[{"description":"Value list item's identifier. Required if `list_id` and `value` are not specified.","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListItemId"}},{"description":"Value list's identifier. Required if `id` is not specified.","in":"query","name":"list_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListId"}},{"description":"The value used to evaluate exceptions. Required if `id` is not specified.","in":"query","name":"value","required":false,"schema":{"example":"255.255.255.255","type":"string"}},{"description":"Determines when changes made by the request are made visible to search.","in":"query","name":"refresh","required":false,"schema":{"default":"false","enum":["true","false","wait_for"],"example":false,"type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzIwLDFd","@timestamp":"2025-01-08T05:15:05.159Z","created_at":"2025-01-08T05:15:05.159Z","created_by":"elastic","id":"pd1WRJQBs4HAK3VQeHFI","list_id":"ip_list","tie_breaker_id":"eee41dc7-1666-4876-982f-8b0f7b59eca3","type":"ip","updated_at":"2025-01-08T05:44:14.009Z","updated_by":"elastic","value":"255.255.255.255"}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_ListItem"},{"items":{"$ref":"#/components/schemas/Security_Lists_API_ListItem"},"type":"array"}]}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"message":"Either \\\"list_id\\\" or \\\"id\\\" needs to be defined in the request","status_code":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [DELETE /api/lists/items?id=pd1WRJQBs4HAK3VQeHFI] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"list item with id: \\\"pd1WRJQBs4HAK3VQeHFI\\\" not found","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List item not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Delete a value list item","tags":["Security Lists API"]},"get":{"description":"Get the details of a value list item.","operationId":"ReadListItem","parameters":[{"description":"Value list item identifier. Required if `list_id` and `value` are not specified.","in":"query","name":"id","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListId"}},{"description":"Value list item list's `id` identfier. Required if `id` is not specified.","in":"query","name":"list_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListId"}},{"description":"The value used to evaluate exceptions. Required if `id` is not specified.","in":"query","name":"value","required":false,"schema":{"example":"127.0.0.2","type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzExLDFd","@timestamp":"2025-01-08T05:16:25.882Z","created_at":"2025-01-08T05:16:25.882Z","created_by":"elastic","id":"qN1XRJQBs4HAK3VQs3Gc","list_id":"ip_list","tie_breaker_id":"a9a34c02-a385-436e-86a0-02a3942f3537","type":"ip","updated_at":"2025-01-08T05:16:25.882Z","updated_by":"elastic","value":"127.0.0.2"}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_ListItem"},{"items":{"$ref":"#/components/schemas/Security_Lists_API_ListItem"},"type":"array"}]}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"message":"Either \\\"list_id\\\" or \\\"id\\\" needs to be defined in the request","status_code":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/lists/items?id=qN1XRJQBs4HAK3VQs3Gc] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"list item id: \\\"foo\\\" not found","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List item not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get a value list item","tags":["Security Lists API"]},"patch":{"description":"Update specific fields of an existing value list item using the item `id`.","operationId":"PatchListItem","requestBody":{"content":{"application/json":{"schema":{"example":{"id":"pd1WRJQBs4HAK3VQeHFI","value":"255.255.255.255"},"type":"object","properties":{"_version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersionId"},"id":{"$ref":"#/components/schemas/Security_Lists_API_ListItemId"},"meta":{"$ref":"#/components/schemas/Security_Lists_API_ListItemMetadata"},"refresh":{"description":"Determines when changes made by the request are made visible to search.","enum":["true","false","wait_for"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Lists_API_ListItemValue"}},"required":["id"]}}},"description":"Value list item's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"ipItem":{"value":{"_version":"WzE5LDFd","@timestamp":"2025-01-08T05:15:05.159Z","created_at":"2025-01-08T05:15:05.159Z","created_by":"elastic","id":"pd1WRJQBs4HAK3VQeHFI","list_id":"ip_list","tie_breaker_id":"eee41dc7-1666-4876-982f-8b0f7b59eca3","type":"ip","updated_at":"2025-01-08T05:23:37.602Z","updated_by":"elastic","value":"255.255.255.255"}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"message":"{\"took\":15,\"timed_out\":false,\"total\":1,\"updated\":0,\"deleted\":0,\"batches\":1,\"version_conflicts\":0,\"noops\":0,\"retries\":{\"bulk\":0,\"search\":0},\"throttled_millis\":0,\"requests_per_second\":-1,\"throttled_until_millis\":0,\"failures\":[{\"index\":\".ds-.items-default-2025.01.09-000001\",\"id\":\"ip_item\",\"cause\":{\"type\":\"document_parsing_exception\",\"reason\":\"[1:107] failed to parse field [ip] of type [ip] in document with id ip_item. Preview of fields value: 2\",\"caused_by\":{\"type\":\"illegal_argument_exception\",\"reason\":\"2 is not an IP string literal.\"}},\"status\":400}]}","status_code":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"list item id: \\\"foo\\\" not found","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List item not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Patch a value list item","tags":["Security Lists API"]},"post":{"description":"Create a value list item and associate it with the specified value list.\n\nAll value list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.\n\u003e info\n\u003e Before creating a list item, you must create a list.\n","operationId":"CreateListItem","requestBody":{"content":{"application/json":{"examples":{"ip":{"value":{"list_id":"ip_list","value":"127.0.0.1"}},"ip_range":{"value":{"list_id":"ip_range_list","value":"192.168.0.0/16"}},"keyword":{"value":{"list_id":"keyword_list","value":"zeek"}}},"schema":{"type":"object","properties":{"id":{"$ref":"#/components/schemas/Security_Lists_API_ListItemId"},"list_id":{"$ref":"#/components/schemas/Security_Lists_API_ListId"},"meta":{"$ref":"#/components/schemas/Security_Lists_API_ListItemMetadata"},"refresh":{"description":"Determines when changes made by the request are made visible to search.","enum":["true","false","wait_for"],"example":"wait_for","type":"string"},"value":{"$ref":"#/components/schemas/Security_Lists_API_ListItemValue"}},"required":["list_id","value"]}}},"description":"Value list item's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzAsMV0=","@timestamp":"2025-01-08T04:59:06.154Z","created_at":"2025-01-08T04:59:06.154Z","created_by":"elastic","id":"21b01cfb-058d-44b9-838c-282be16c91cc","list_id":"ip_list","tie_breaker_id":"b57c762c-3036-465c-9bfb-7bfb5e6e515a","type":"ip","updated_at":"2025-01-08T04:59:06.154Z","updated_by":"elastic","value":"127.0.0.1"}},"ip_range":{"value":{"_version":"WzEsMV0=","@timestamp":"2025-01-09T18:33:08.202Z","created_at":"2025-01-09T18:33:08.202Z","created_by":"elastic","id":"ip_range_item","list_id":"ip_range_list","tie_breaker_id":"ea1b4189-efda-4637-b8f9-74655a5ebb61","type":"ip_range","updated_at":"2025-01-09T18:33:08.202Z","updated_by":"elastic","value":"192.168.0.0/16"}},"keyword":{"value":{"_version":"WzIsMV0=","@timestamp":"2025-01-09T18:34:29.422Z","created_at":"2025-01-09T18:34:29.422Z","created_by":"elastic","id":"7f24737d-1da8-4626-a568-33070591bb4e","list_id":"keyword_list","tie_breaker_id":"2108ced2-5e5d-401e-a88e-4dd69fc5fa27","type":"keyword","updated_at":"2025-01-09T18:34:29.422Z","updated_by":"elastic","value":"zeek"}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"uri [/api/lists/items] with method [post] exists but is not available with the current configuration","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"listNotFound":{"value":{"message":"list id: \\\"ip_list\\\" does not exist","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"409":{"content":{"application/json":{"examples":{"alreadyExists":{"value":{"message":"list item id: \\\"ip_item\\\" already exists","status_code":409}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List item already exists response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Create a value list item","tags":["Security Lists API"]},"put":{"description":"Update a value list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.\n\u003e info\n\u003e You cannot modify the `id` value.\n","operationId":"UpdateListItem","requestBody":{"content":{"application/json":{"example":{"id":"ip_item","value":"255.255.255.255"},"schema":{"type":"object","properties":{"_version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersionId"},"id":{"$ref":"#/components/schemas/Security_Lists_API_ListItemId"},"meta":{"$ref":"#/components/schemas/Security_Lists_API_ListItemMetadata"},"value":{"$ref":"#/components/schemas/Security_Lists_API_ListItemValue"}},"required":["id","value"]}}},"description":"Value list item's properties","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzIwLDFd","@timestamp":"2025-01-08T05:15:05.159Z","created_at":"2025-01-08T05:15:05.159Z","created_by":"elastic","id":"pd1WRJQBs4HAK3VQeHFI","list_id":"ip_list","tie_breaker_id":"eee41dc7-1666-4876-982f-8b0f7b59eca3","type":"ip","updated_at":"2025-01-08T05:44:14.009Z","updated_by":"elastic","value":"255.255.255.255"}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListItem"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request","message":"[request body]: id: Expected string, received number","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"examples":{"notFound":{"value":{"message":"list item id: \\\"foo\\\" not found","status_code":404}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List item not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Update a value list item","tags":["Security Lists API"]}},"/api/lists/items/_export":{"post":{"description":"Export list item values from the specified value list.","operationId":"ExportListItems","parameters":[{"description":"Value list's `id` to export.","in":"query","name":"list_id","required":true,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListId"}}],"responses":{"200":{"content":{"application/ndjson":{"schema":{"description":"A `.txt` file containing list items from the specified list","example":"127.0.0.1\n127.0.0.2\n127.0.0.3\n127.0.0.4\n127.0.0.5\n127.0.0.6\n127.0.0.7\n127.0.0.8\n127.0.0.9\n","format":"binary","type":"string"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request\",\"message\":\"[request query]: list_id: Required","statusCode":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/lists/items/_export?list_id=ips.txt] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List not found response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Export value list items","tags":["Security Lists API"]}},"/api/lists/items/_find":{"get":{"description":"Get all value list items in the specified list.","operationId":"FindListItems","parameters":[{"in":"query","name":"list_id","required":true,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListId"}},{"description":"The page number to return.","in":"query","name":"page","required":false,"schema":{"example":1,"type":"integer"}},{"description":"The number of list items to return per page.","in":"query","name":"per_page","required":false,"schema":{"example":20,"type":"integer"}},{"description":"Determines which field is used to sort the results.","in":"query","name":"sort_field","required":false,"schema":{"example":"value","format":"nonempty","minLength":1,"type":"string"}},{"description":"Determines the sort order, which can be `desc` or `asc`","in":"query","name":"sort_order","required":false,"schema":{"enum":["desc","asc"],"example":"asc","type":"string"}},{"in":"query","name":"cursor","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_FindListItemsCursor"}},{"description":"Filters the returned results according to the value of the specified field,\nusing the \u003cfield name\u003e:\u003cfield value\u003e syntax.\n","in":"query","name":"filter","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_FindListItemsFilter"}}],"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"cursor":"WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d","data":[{"_version":"WzAsMV0=","@timestamp":"2025-01-08T04:59:06.154Z","created_at":"2025-01-08T04:59:06.154Z","created_by":"elastic","id":"21b01cfb-058d-44b9-838c-282be16c91cc","list_id":"ip_list","tie_breaker_id":"b57c762c-3036-465c-9bfb-7bfb5e6e515a","type":"ip","updated_at":"2025-01-08T04:59:06.154Z","updated_by":"elastic","value":"127.0.0.1"}],"page":1,"per_page":20,"total":1}}},"schema":{"type":"object","properties":{"cursor":{"$ref":"#/components/schemas/Security_Lists_API_FindListItemsCursor"},"data":{"items":{"$ref":"#/components/schemas/Security_Lists_API_ListItem"},"type":"array"},"page":{"minimum":0,"type":"integer"},"per_page":{"minimum":0,"type":"integer"},"total":{"minimum":0,"type":"integer"}},"required":["data","page","per_page","total","cursor"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"error":"Bad Request,","message":"[request query]: list_id: Required","statusCode":"400,"}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/lists/items/_find?list_id=ip_list\u0026page=1\u0026per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get value list items","tags":["Security Lists API"]}},"/api/lists/items/_import":{"post":{"description":"Import value list items from a TXT or CSV file. The maximum file size is 9 million bytes.\n\nYou can import items to a new or existing list.\n","operationId":"ImportListItems","parameters":[{"description":"List's id.\n\nRequired when importing to an existing list.\n","in":"query","name":"list_id","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListId"}},{"description":"Type of the importing list.\n\nRequired when importing a new list whose list `id` is not specified.\n","examples":{"ip":{"value":"ip"}},"in":"query","name":"type","required":false,"schema":{"$ref":"#/components/schemas/Security_Lists_API_ListType"}},{"description":"Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups:\n\n- `(?\u003cvalue\u003e.+)` - Single value item types, such as ip, long, date, keyword, and text.\n- `(?\u003cgte\u003e.+)-(?\u003clte\u003e.+)|(?\u003cvalue\u003e.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.\n","in":"query","name":"serializer","required":false,"schema":{"example":"(?\u003cvalue\u003e((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))","type":"string"}},{"description":"Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions:\n\n- `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`.\n- `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.\n- `{{{gte}}},{{{lte}}}` - Date range values.\n","in":"query","name":"deserializer","required":false,"schema":{"example":"{{value}}","type":"string"}},{"description":"Determines when changes made by the request are made visible to search.","in":"query","name":"refresh","required":false,"schema":{"enum":["true","false","wait_for"],"example":true,"type":"string"}}],"requestBody":{"content":{"multipart/form-data":{"schema":{"type":"object","properties":{"file":{"description":"A `.txt` or `.csv` file containing newline separated list items.","example":"127.0.0.1\n127.0.0.2\n127.0.0.3\n127.0.0.4\n127.0.0.5\n127.0.0.6\n127.0.0.7\n127.0.0.8\n127.0.0.9\n","format":"binary","type":"string"}}}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"ip":{"value":{"_version":"WzAsMV0=","@timestamp":"2025-01-08T04:47:34.273Z","created_at":"2025-01-08T04:47:34.273Z","created_by":"elastic","description":"This list describes bad internet ip","id":"ip_list","immutable":false,"name":"Simple list with an ip","tie_breaker_id":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"ip","updated_at":"2025-01-08T04:47:34.273Z","updated_by":"elastic","version":1}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_List"}}},"description":"Successful response"},"400":{"content":{"application/json":{"examples":{"badRequest":{"value":{"message":"Either type or list_id need to be defined in the query","status_code":400}}},"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [POST /api/lists/items/_import?list_id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"409":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"List with specified list_id does not exist response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Import value list items","tags":["Security Lists API"]}},"/api/lists/privileges":{"get":{"operationId":"ReadListPrivileges","responses":{"200":{"content":{"application/json":{"examples":{"privileges":{"value":{"is_authenticated":true,"listItems":{"application":{},"cluster":{"all":true,"manage":true,"manage_api_key":true,"manage_index_templates":true,"manage_ml":true,"manage_own_api_key":true,"manage_pipeline":true,"manage_security":true,"manage_transform":true,"monitor":true,"monitor_ml":true,"monitor_transform":true},"has_all_requested":true,"index":{".items-default":{"all":true,"create":true,"create_doc":true,"create_index":true,"delete":true,"delete_index":true,"index":true,"maintenance":true,"manage":true,"monitor":true,"read":true,"view_index_metadata":true,"write":true}},"username":"elastic"},"lists":{"application":{},"cluster":{"all":true,"manage":true,"manage_api_key":true,"manage_index_templates":true,"manage_ml":true,"manage_own_api_key":true,"manage_pipeline":true,"manage_security":true,"manage_transform":true,"monitor":true,"monitor_ml":true,"monitor_transform":true},"has_all_requested":true,"index":{".lists-default":{"all":true,"create":true,"create_doc":true,"create_index":true,"delete":true,"delete_index":true,"index":true,"maintenance":true,"manage":true,"monitor":true,"read":true,"view_index_metadata":true,"write":true}},"username":"elastic"}}}},"schema":{"type":"object","properties":{"is_authenticated":{"type":"boolean"},"listItems":{"$ref":"#/components/schemas/Security_Lists_API_ListItemPrivileges"},"lists":{"$ref":"#/components/schemas/Security_Lists_API_ListPrivileges"}},"required":["lists","listItems","is_authenticated"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"},{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}]}}},"description":"Invalid input data response"},"401":{"content":{"application/json":{"examples":{"unauthorized":{"value":{"error":"Unauthorized","message":"[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]","statusCode":401}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Unsuccessful authentication response"},"403":{"content":{"application/json":{"examples":{"forbidden":{"value":{"error":"Forbidden","message":"API [GET /api/lists/privileges] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]","statusCode":403}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_PlatformErrorResponse"}}},"description":"Not enough privileges response"},"500":{"content":{"application/json":{"examples":{"serverError":{"value":{"message":"Internal Server Error","status_code":500}}},"schema":{"$ref":"#/components/schemas/Security_Lists_API_SiemErrorResponse"}}},"description":"Internal server error response"}},"summary":"Get value list privileges","tags":["Security Lists API"]}},"/api/logstash/pipeline/{id}":{"delete":{"description":"Delete a centrally-managed Logstash pipeline.\nIf your Elasticsearch cluster is protected with basic authentication, you must have either the `logstash_admin` built-in role or a customized Logstash writer role.\n","externalDocs":{"description":"Secure your connection","url":"https://www.elastic.co/docs/reference/logstash/secure-connection"},"operationId":"delete-logstash-pipeline","parameters":[{"description":"An identifier for the pipeline.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call"}},"summary":"Delete a Logstash pipeline","tags":["logstash"],"x-state":"Technical Preview"},"get":{"description":"Get information for a centrally-managed Logstash pipeline.\nTo use this API, you must have either the `logstash_admin` built-in role or a customized Logstash reader role.\n","externalDocs":{"description":"Secure your connection","url":"https://www.elastic.co/docs/reference/logstash/secure-connection"},"operationId":"get-logstash-pipeline","parameters":[{"description":"An identifier for the pipeline.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"getLogstashPipelineResponseExample1":{"value":"{\n \"id\": \"hello-world\",\n \"description\": \"Just a simple pipeline\",\n \"username\": \"elastic\",\n \"pipeline\": \"input { stdin {} } output { stdout {} }\",\n \"settings\": {\n \"queue.type\": \"persistent\"\n }\n}"}},"schema":{"type":"object"}}},"description":"Indicates a successful call"}},"summary":"Get a Logstash pipeline","tags":["logstash"],"x-state":"Technical Preview"},"put":{"description":"Create a centrally-managed Logstash pipeline or update a pipeline.\nTo use this API, you must have either the `logstash_admin` built-in role or a customized Logstash writer role.\n","externalDocs":{"description":"Secure your connection","url":"https://www.elastic.co/docs/reference/logstash/secure-connection"},"operationId":"put-logstash-pipeline","parameters":[{"description":"An identifier for the pipeline. Only alphanumeric characters, hyphens, and underscores are supported.\n","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"examples":{"putLogstashPipelineRequestExample1":{"value":"{\n \"pipeline\": \"input { stdin {} } output { stdout {} }\",\n \"settings\": {\n \"queue.type\": \"persisted\"\n }\n}"}},"schema":{"type":"object","properties":{"description":{"description":"A description of the pipeline.","type":"string"},"pipeline":{"description":"A definition for the pipeline.","type":"string"},"settings":{"description":"Supported settings, represented as object keys, include the following:\n\n- `pipeline.workers`\n- `pipeline.batch.size`\n- `pipeline.batch.delay`\n- `pipeline.ecs_compatibility`\n- `pipeline.ordered`\n- `queue.type`\n- `queue.max_bytes`\n- `queue.checkpoint.writes`\n","type":"object"}},"required":["pipeline"]}}}},"responses":{"204":{"description":"Indicates a successful call"}},"summary":"Create or update a Logstash pipeline","tags":["logstash"],"x-state":"Technical Preview"}},"/api/logstash/pipelines":{"get":{"description":"Get a list of all centrally-managed Logstash pipelines.\n\nTo use this API, you must have either the `logstash_admin` built-in role or a customized Logstash reader role.\n\u003e info\n\u003e Limit the number of pipelines to 10,000 or fewer. As the number of pipelines nears and surpasses 10,000, you may see performance issues on Kibana.\n\nThe `username` property appears in the response when security is enabled and depends on when the pipeline was created or last updated.\n","externalDocs":{"description":"Secure your connection","url":"https://www.elastic.co/docs/reference/logstash/secure-connection"},"operationId":"get-logstash-pipelines","responses":{"200":{"content":{"application/json":{"examples":{"getLogstashPipelinesResponseExample1":{"value":"{\n \"pipelines\": [\n {\n \"id\": \"hello-world\",\n \"description\": \"Just a simple pipeline\",\n \"last_modified\": \"2018-04-14T12:23:29.772Z\",\n \"username\": \"elastic\" \n },\n {\n \"id\": \"sleepy-pipeline\",\n \"description\": \"\",\n \"last_modified\": \"2018-03-24T03:41:30.554Z\"\n }\n ]\n}"}},"schema":{"type":"object"}}},"description":"Indicates a successful call"}},"summary":"Get all Logstash pipelines","tags":["logstash"],"x-state":"Technical Preview"}},"/api/maintenance_window":{"post":{"description":"[Required authorization] Route required privileges: write-maintenance-window.","operationId":"post-maintenance-window","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.","type":"boolean"},"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","minimum":1,"type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"maximum":12,"minimum":1,"type":"number"},"minItems":1,"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"maximum":31,"minimum":1,"type":"number"},"minItems":1,"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"minItems":1,"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]}},"required":["custom"]},"scope":{"additionalProperties":false,"type":"object","properties":{"alerting":{"additionalProperties":false,"type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"kql":{"description":"A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window.","type":"string"}},"required":["kql"]}},"required":["query"]}},"required":["alerting"]},"title":{"description":"The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window.","type":"string"}},"required":["title","schedule"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"created_at":{"description":"The date and time when the maintenance window was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the maintenance window.","nullable":true,"type":"string"},"enabled":{"description":"Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.","type":"boolean"},"id":{"description":"The identifier for the maintenance window.","type":"string"},"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"type":"number"},"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"type":"number"},"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]}},"required":["custom"]},"scope":{"additionalProperties":false,"type":"object","properties":{"alerting":{"additionalProperties":false,"type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql"]}},"required":["query"]}},"required":["alerting"]},"status":{"description":"The current status of the maintenance window.","enum":["running","upcoming","finished","archived"],"type":"string"},"title":{"description":"The name of the maintenance window.","type":"string"},"updated_at":{"description":"The date and time when the maintenance window was last updated.","type":"string"},"updated_by":{"description":"The identifier for the user that last updated this maintenance window.","nullable":true,"type":"string"}},"required":["id","title","enabled","created_by","updated_by","created_at","updated_at","status","schedule"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."}},"summary":"Create a maintenance window.","tags":["maintenance-window"],"x-state":"Generally available; added in 9.1.0"}},"/api/maintenance_window/{id}":{"delete":{"description":"[Required authorization] Route required privileges: write-maintenance-window.","operationId":"delete-maintenance-window-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the maintenance window to be deleted.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a maintenance window with the given ID does not exist."}},"summary":"Delete a maintenance window.","tags":["maintenance-window"],"x-state":"Generally available; added in 9.1.0"},"get":{"description":"[Required authorization] Route required privileges: read-maintenance-window.","operationId":"get-maintenance-window-id","parameters":[{"description":"The identifier for the maintenance window.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"created_at":{"description":"The date and time when the maintenance window was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the maintenance window.","nullable":true,"type":"string"},"enabled":{"description":"Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.","type":"boolean"},"id":{"description":"The identifier for the maintenance window.","type":"string"},"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"type":"number"},"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"type":"number"},"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]}},"required":["custom"]},"scope":{"additionalProperties":false,"type":"object","properties":{"alerting":{"additionalProperties":false,"type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql"]}},"required":["query"]}},"required":["alerting"]},"status":{"description":"The current status of the maintenance window.","enum":["running","upcoming","finished","archived"],"type":"string"},"title":{"description":"The name of the maintenance window.","type":"string"},"updated_at":{"description":"The date and time when the maintenance window was last updated.","type":"string"},"updated_by":{"description":"The identifier for the user that last updated this maintenance window.","nullable":true,"type":"string"}},"required":["id","title","enabled","created_by","updated_by","created_at","updated_at","status","schedule"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a maintenance window with the given ID does not exist."}},"summary":"Get maintenance window details.","tags":["maintenance-window"],"x-state":"Generally available; added in 9.1.0"},"patch":{"description":"[Required authorization] Route required privileges: write-maintenance-window.","operationId":"patch-maintenance-window-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"enabled":{"description":"Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.","type":"boolean"},"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","minimum":1,"type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"maximum":12,"minimum":1,"type":"number"},"minItems":1,"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"maximum":31,"minimum":1,"type":"number"},"minItems":1,"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"minItems":1,"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]}},"required":["custom"]},"scope":{"additionalProperties":false,"type":"object","properties":{"alerting":{"additionalProperties":false,"type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"kql":{"description":"A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window.","type":"string"}},"required":["kql"]}},"required":["query"]}},"required":["alerting"]},"title":{"description":"The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window.","type":"string"}}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"created_at":{"description":"The date and time when the maintenance window was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the maintenance window.","nullable":true,"type":"string"},"enabled":{"description":"Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.","type":"boolean"},"id":{"description":"The identifier for the maintenance window.","type":"string"},"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"type":"number"},"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"type":"number"},"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]}},"required":["custom"]},"scope":{"additionalProperties":false,"type":"object","properties":{"alerting":{"additionalProperties":false,"type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql"]}},"required":["query"]}},"required":["alerting"]},"status":{"description":"The current status of the maintenance window.","enum":["running","upcoming","finished","archived"],"type":"string"},"title":{"description":"The name of the maintenance window.","type":"string"},"updated_at":{"description":"The date and time when the maintenance window was last updated.","type":"string"},"updated_by":{"description":"The identifier for the user that last updated this maintenance window.","nullable":true,"type":"string"}},"required":["id","title","enabled","created_by","updated_by","created_at","updated_at","status","schedule"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a maintenance window with the given ID does not exist."},"409":{"description":"Indicates that the maintenance window has already been updated by another user."}},"summary":"Update a maintenance window.","tags":["maintenance-window"],"x-state":"Generally available; added in 9.1.0"}},"/api/maintenance_window/{id}/_archive":{"post":{"description":"[Required authorization] Route required privileges: write-maintenance-window.","operationId":"post-maintenance-window-id-archive","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the maintenance window to be archived.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"created_at":{"description":"The date and time when the maintenance window was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the maintenance window.","nullable":true,"type":"string"},"enabled":{"description":"Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.","type":"boolean"},"id":{"description":"The identifier for the maintenance window.","type":"string"},"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"type":"number"},"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"type":"number"},"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]}},"required":["custom"]},"scope":{"additionalProperties":false,"type":"object","properties":{"alerting":{"additionalProperties":false,"type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql"]}},"required":["query"]}},"required":["alerting"]},"status":{"description":"The current status of the maintenance window.","enum":["running","upcoming","finished","archived"],"type":"string"},"title":{"description":"The name of the maintenance window.","type":"string"},"updated_at":{"description":"The date and time when the maintenance window was last updated.","type":"string"},"updated_by":{"description":"The identifier for the user that last updated this maintenance window.","nullable":true,"type":"string"}},"required":["id","title","enabled","created_by","updated_by","created_at","updated_at","status","schedule"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a maintenance window with the given ID does not exist."}},"summary":"Archive a maintenance window.","tags":["maintenance-window"],"x-state":"Generally available; added in 9.1.0"}},"/api/maintenance_window/{id}/_unarchive":{"post":{"description":"[Required authorization] Route required privileges: write-maintenance-window.","operationId":"post-maintenance-window-id-unarchive","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The identifier for the maintenance window to be unarchived.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"created_at":{"description":"The date and time when the maintenance window was created.","type":"string"},"created_by":{"description":"The identifier for the user that created the maintenance window.","nullable":true,"type":"string"},"enabled":{"description":"Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.","type":"boolean"},"id":{"description":"The identifier for the maintenance window.","type":"string"},"schedule":{"additionalProperties":false,"type":"object","properties":{"custom":{"additionalProperties":false,"type":"object","properties":{"duration":{"description":"The duration of the schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.","type":"string"},"recurring":{"additionalProperties":false,"type":"object","properties":{"end":{"description":"The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.","type":"string"},"every":{"description":"The interval and frequency of a recurring schedule. It allows values in `\u003cinteger\u003e\u003cunit\u003e` format. `\u003cunit\u003e` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.","type":"string"},"occurrences":{"description":"The total number of recurrences of the schedule.","type":"number"},"onMonth":{"description":"The specific months for a recurring schedule. Valid values are 1-12.","items":{"type":"number"},"type":"array"},"onMonthDay":{"description":"The specific days of the month for a recurring schedule. Valid values are 1-31.","items":{"type":"number"},"type":"array"},"onWeekDay":{"description":"The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.","items":{"type":"string"},"type":"array"}}},"start":{"description":"The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.","type":"string"},"timezone":{"description":"The timezone of the schedule. The default timezone is UTC.","type":"string"}},"required":["start","duration"]}},"required":["custom"]},"scope":{"additionalProperties":false,"type":"object","properties":{"alerting":{"additionalProperties":false,"type":"object","properties":{"query":{"additionalProperties":false,"type":"object","properties":{"kql":{"description":"A filter written in Kibana Query Language (KQL).","type":"string"}},"required":["kql"]}},"required":["query"]}},"required":["alerting"]},"status":{"description":"The current status of the maintenance window.","enum":["running","upcoming","finished","archived"],"type":"string"},"title":{"description":"The name of the maintenance window.","type":"string"},"updated_at":{"description":"The date and time when the maintenance window was last updated.","type":"string"},"updated_by":{"description":"The identifier for the user that last updated this maintenance window.","nullable":true,"type":"string"}},"required":["id","title","enabled","created_by","updated_by","created_at","updated_at","status","schedule"]}}},"description":"Indicates a successful call."},"400":{"description":"Indicates an invalid schema or parameters."},"403":{"description":"Indicates that this call is forbidden."},"404":{"description":"Indicates a maintenance window with the given ID does not exist."}},"summary":"Unarchive a maintenance window.","tags":["maintenance-window"],"x-state":"Generally available; added in 9.1.0"}},"/api/ml/saved_objects/sync":{"get":{"description":"Synchronizes Kibana saved objects for machine learning jobs and trained models in the default space. You must have `all` privileges for the **Machine Learning** feature in the **Analytics** section of the Kibana feature privileges. This API runs automatically when you start Kibana and periodically thereafter.\n","operationId":"mlSync","parameters":[{"$ref":"#/components/parameters/Machine_learning_APIs_simulateParam"}],"responses":{"200":{"content":{"application/json":{"examples":{"syncExample":{"$ref":"#/components/examples/Machine_learning_APIs_mlSyncExample"}},"schema":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSync200Response"}}},"description":"Indicates a successful call"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSync4xxResponse"}}},"description":"Authorization information is missing or invalid."}},"summary":"Sync saved objects in the default space","tags":["ml"]}},"/api/note":{"delete":{"description":"Delete a note from a Timeline using the note ID.","operationId":"DeleteNote","requestBody":{"content":{"application/json":{"schema":{"oneOf":[{"nullable":true,"type":"object","properties":{"noteId":{"type":"string"}},"required":["noteId"]},{"nullable":true,"type":"object","properties":{"noteIds":{"items":{"type":"string"},"nullable":true,"type":"array"}},"required":["noteIds"]}]}}},"description":"The ID of the note to delete.","required":true},"responses":{"200":{"description":"Indicates the note was successfully deleted."}},"summary":"Delete a note","tags":["Security Timeline API"]},"get":{"description":"Get all notes for a given document.","operationId":"GetNotes","parameters":[{"in":"query","name":"documentIds","schema":{"$ref":"#/components/schemas/Security_Timeline_API_DocumentIds"}},{"in":"query","name":"savedObjectIds","schema":{"$ref":"#/components/schemas/Security_Timeline_API_SavedObjectIds"}},{"in":"query","name":"page","schema":{"nullable":true,"type":"string"}},{"in":"query","name":"perPage","schema":{"nullable":true,"type":"string"}},{"in":"query","name":"search","schema":{"nullable":true,"type":"string"}},{"in":"query","name":"sortField","schema":{"nullable":true,"type":"string"}},{"in":"query","name":"sortOrder","schema":{"nullable":true,"type":"string"}},{"in":"query","name":"filter","schema":{"nullable":true,"type":"string"}},{"in":"query","name":"createdByFilter","schema":{"nullable":true,"type":"string"}},{"in":"query","name":"associatedFilter","schema":{"$ref":"#/components/schemas/Security_Timeline_API_AssociatedFilterType"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_GetNotesResult"}}},"description":"Indicates the requested notes were returned."}},"summary":"Get notes","tags":["Security Timeline API"]},"patch":{"description":"Add a note to a Timeline or update an existing note.","operationId":"PersistNoteRoute","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"note":{"$ref":"#/components/schemas/Security_Timeline_API_BareNote","description":"The note to add or update."},"noteId":{"description":"The `savedObjectId` of the note","example":"709f99c6-89b6-4953-9160-35945c8e174e","nullable":true,"type":"string"},"version":{"description":"The version of the note","example":"WzQ2LDFd","nullable":true,"type":"string"}},"required":["note"]}}},"description":"The note to add or update, along with additional metadata.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_ResponseNote"}}},"description":"Indicates the note was successfully created."}},"summary":"Add or update a note","tags":["Security Timeline API"]}},"/api/osquery/live_queries":{"get":{"description":"Get a list of all live queries.","operationId":"OsqueryFindLiveQueries","parameters":[{"in":"query","name":"kuery","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_KueryOrUndefined"}},{"in":"query","name":"page","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PageOrUndefined"}},{"in":"query","name":"pageSize","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PageSizeOrUndefined"}},{"in":"query","name":"sort","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SortOrUndefined"}},{"in":"query","name":"sortOrder","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SortOrderOrUndefined"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_FindLiveQueryResponse"}}},"description":"OK"}},"summary":"Get live queries","tags":["Security Osquery API"]},"post":{"description":"Create and run a live query.","operationId":"OsqueryCreateLiveQuery","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_CreateLiveQueryResponse"}}},"description":"OK"}},"summary":"Create a live query","tags":["Security Osquery API"]}},"/api/osquery/live_queries/{id}":{"get":{"description":"Get the details of a live query using the query ID.","operationId":"OsqueryGetLiveQueryDetails","parameters":[{"in":"path","name":"id","required":true,"schema":{"description":"The ID of the live query result you want to retrieve.","example":"3c42c847-eb30-4452-80e0-728584042334","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_FindLiveQueryDetailsResponse"}}},"description":"OK"}},"summary":"Get live query details","tags":["Security Osquery API"]}},"/api/osquery/live_queries/{id}/results/{actionId}":{"get":{"description":"Get the results of a live query using the query action ID.","operationId":"OsqueryGetLiveQueryResults","parameters":[{"in":"path","name":"id","required":true,"schema":{"description":"The ID of the live query result you want to retrieve.","example":"3c42c847-eb30-4452-80e0-728584042334","type":"string"}},{"in":"path","name":"actionId","required":true,"schema":{"description":"The ID of the query action that generated the live query results.","example":"609c4c66-ba3d-43fa-afdd-53e244577aa0","type":"string"}},{"in":"query","name":"kuery","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_KueryOrUndefined"}},{"in":"query","name":"page","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PageOrUndefined"}},{"in":"query","name":"pageSize","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PageSizeOrUndefined"}},{"in":"query","name":"sort","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SortOrUndefined"}},{"in":"query","name":"sortOrder","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SortOrderOrUndefined"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_GetLiveQueryResultsResponse"}}},"description":"OK"}},"summary":"Get live query results","tags":["Security Osquery API"]}},"/api/osquery/packs":{"get":{"description":"Get a list of all query packs.","operationId":"OsqueryFindPacks","parameters":[{"in":"query","name":"page","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PageOrUndefined"}},{"in":"query","name":"pageSize","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PageSizeOrUndefined"}},{"in":"query","name":"sort","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SortOrUndefined"}},{"in":"query","name":"sortOrder","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SortOrderOrUndefined"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_FindPacksResponse"}}},"description":"OK"}},"summary":"Get packs","tags":["Security Osquery API"]},"post":{"description":"Create a query pack.","operationId":"OsqueryCreatePacks","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_CreatePacksRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_CreatePacksResponse"}}},"description":"OK"}},"summary":"Create a pack","tags":["Security Osquery API"]}},"/api/osquery/packs/{id}":{"delete":{"description":"Delete a query pack using the pack ID.","operationId":"OsqueryDeletePacks","parameters":[{"in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PackId"}}],"responses":{"200":{"content":{"application/json":{"schema":{"example":{},"type":"object","properties":{}}}},"description":"OK"}},"summary":"Delete a pack","tags":["Security Osquery API"]},"get":{"description":"Get the details of a query pack using the pack ID.","operationId":"OsqueryGetPacksDetails","parameters":[{"in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PackId"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_FindPackResponse"}}},"description":"OK"}},"summary":"Get pack details","tags":["Security Osquery API"]},"put":{"description":"Update a query pack using the pack ID.\n\u003e info\n\u003e You cannot update a prebuilt pack.\n","operationId":"OsqueryUpdatePacks","parameters":[{"in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PackId"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_UpdatePacksResponse"}}},"description":"OK"}},"summary":"Update a pack","tags":["Security Osquery API"]}},"/api/osquery/saved_queries":{"get":{"description":"Get a list of all saved queries.","operationId":"OsqueryFindSavedQueries","parameters":[{"in":"query","name":"page","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PageOrUndefined"}},{"in":"query","name":"pageSize","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_PageSizeOrUndefined"}},{"in":"query","name":"sort","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SortOrUndefined"}},{"in":"query","name":"sortOrder","required":false,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SortOrderOrUndefined"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_FindSavedQueryResponse"}}},"description":"OK"}},"summary":"Get saved queries","tags":["Security Osquery API"]},"post":{"description":"Create and run a saved query.","operationId":"OsqueryCreateSavedQuery","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_CreateSavedQueryResponse"}}},"description":"OK"}},"summary":"Create a saved query","tags":["Security Osquery API"]}},"/api/osquery/saved_queries/{id}":{"delete":{"description":"Delete a saved query using the query ID.","operationId":"OsqueryDeleteSavedQuery","parameters":[{"in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryId"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_DefaultSuccessResponse"}}},"description":"OK"}},"summary":"Delete a saved query","tags":["Security Osquery API"]},"get":{"description":"Get the details of a saved query using the query ID.","operationId":"OsqueryGetSavedQueryDetails","parameters":[{"in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryId"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_FindSavedQueryDetailResponse"}}},"description":"OK"}},"summary":"Get saved query details","tags":["Security Osquery API"]},"put":{"description":"Update a saved query using the query ID.\n\u003e info\n\u003e You cannot update a prebuilt saved query.\n","operationId":"OsqueryUpdateSavedQuery","parameters":[{"in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryId"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Osquery_API_UpdateSavedQueryResponse"}}},"description":"OK"}},"summary":"Update a saved query","tags":["Security Osquery API"]}},"/api/pinned_event":{"patch":{"description":"Pin/unpin an event to/from an existing Timeline.","operationId":"PersistPinnedEventRoute","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"eventId":{"description":"The `_id` of the associated event for this pinned event.","example":"d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc","type":"string"},"pinnedEventId":{"description":"The `savedObjectId` of the pinned event you want to unpin.","example":"10r1929b-0af7-42bd-85a8-56e234f98h2f3","nullable":true,"type":"string"},"timelineId":{"description":"The `savedObjectId` of the timeline that you want this pinned event unpinned from.","example":"15c1929b-0af7-42bd-85a8-56e234cc7c4e","type":"string"}},"required":["eventId","timelineId"]}}},"description":"The pinned event to add or unpin, along with additional metadata.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse"}}},"description":"Indicates the event was successfully pinned to or unpinned from the Timeline."}},"summary":"Pin/unpin an event","tags":["Security Timeline API"]}},"/api/risk_score/engine/dangerously_delete_data":{"delete":{"description":"Cleaning up the the Risk Engine by removing the indices, mapping and transforms","operationId":"CleanUpRiskEngine","responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"cleanup_successful":{"type":"boolean"}}}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse"}}},"description":"Task manager is unavailable"},"default":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse"}}},"description":"Unexpected error"}},"summary":"Cleanup the Risk Engine","tags":["Security Entity Analytics API"]}},"/api/risk_score/engine/saved_object/configure":{"patch":{"description":"Configuring the Risk Engine Saved Object","operationId":"ConfigureRiskEngineSavedObject","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"exclude_alert_statuses":{"items":{"type":"string"},"type":"array"},"exclude_alert_tags":{"items":{"type":"string"},"type":"array"},"range":{"type":"object","properties":{"end":{"type":"string"},"start":{"type":"string"}}}}}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"risk_engine_saved_object_configured":{"type":"boolean"}}}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse"}}},"description":"Task manager is unavailable"},"default":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse"}}},"description":"Unexpected error"}},"summary":"Configure the Risk Engine Saved Object","tags":["Security Entity Analytics API"]}},"/api/risk_score/engine/schedule_now":{"post":{"description":"Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality.","operationId":"ScheduleRiskEngineNow","requestBody":{"content":{"application/json":{}}},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse"}}},"description":"Task manager is unavailable"},"default":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse"}}},"description":"Unexpected error"}},"summary":"Run the risk scoring engine","tags":["Security Entity Analytics API"]}},"/api/saved_objects/_bulk_create":{"post":{"deprecated":true,"operationId":"bulkCreateSavedObjects","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"},{"description":"When true, overwrites the document with the same identifier.","in":"query","name":"overwrite","schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"items":{"type":"object"},"type":"array"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request"}},"summary":"Create saved objects","tags":["saved objects"]}},"/api/saved_objects/_bulk_delete":{"post":{"deprecated":true,"description":"WARNING: When you delete a saved object, it cannot be recovered.\n","operationId":"bulkDeleteSavedObjects","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"},{"description":"When true, force delete objects that exist in multiple namespaces. Note that the option applies to the whole request. Use the delete object API to specify per-object deletion behavior. TIP: Use this if you attempted to delete objects and received an HTTP 400 error with the following message: \"Unable to delete saved object that exists in multiple namespaces, use the force option to delete it anyway\". WARNING: When you bulk delete objects that exist in multiple namespaces, the API also deletes legacy url aliases that reference the object. These requests are batched to minimise the impact but they can place a heavy load on Kibana. Make sure you limit the number of objects that exist in multiple namespaces in a single bulk delete operation.\n","in":"query","name":"force","schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"items":{"type":"object"},"type":"array"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body.\n"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request"}},"summary":"Delete saved objects","tags":["saved objects"]}},"/api/saved_objects/_bulk_get":{"post":{"deprecated":true,"operationId":"bulkGetSavedObjects","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"schema":{"items":{"type":"object"},"type":"array"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request"}},"summary":"Get saved objects","tags":["saved objects"]}},"/api/saved_objects/_bulk_resolve":{"post":{"deprecated":true,"description":"Retrieve multiple Kibana saved objects by identifier using any legacy URL aliases if they exist. Under certain circumstances when Kibana is upgraded, saved object migrations may necessitate regenerating some object IDs to enable new features. When an object's ID is regenerated, a legacy URL alias is created for that object, preserving its old ID. In such a scenario, that object can be retrieved by the bulk resolve API using either its new ID or its old ID.\n","operationId":"bulkResolveSavedObjects","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"schema":{"items":{"type":"object"},"type":"array"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. \n"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request"}},"summary":"Resolve saved objects","tags":["saved objects"]}},"/api/saved_objects/_bulk_update":{"post":{"deprecated":true,"description":"Update the attributes for multiple Kibana saved objects.","operationId":"bulkUpdateSavedObjects","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"}],"requestBody":{"content":{"application/json":{"schema":{"items":{"type":"object"},"type":"array"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. \n"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request"}},"summary":"Update saved objects","tags":["saved objects"]}},"/api/saved_objects/_export":{"post":{"description":"Retrieve sets of saved objects that you want to import into Kibana. You must include `type` or `objects` in the request body.\n\nExported saved objects are not backwards compatible and cannot be imported into an older version of Kibana.\n\nNOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be exported.","operationId":"post-saved-objects-export","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"examples":{"exportSavedObjectsRequest":{"summary":"Export a specific saved object.","value":{"excludeExportDetails":true,"includeReferencesDeep":false,"objects":[{"id":"de71f4f0-1902-11e9-919b-ffe5949a18d2","type":"map"}]}}},"schema":{"additionalProperties":false,"type":"object","properties":{"excludeExportDetails":{"default":false,"description":"Do not add export details entry at the end of the stream.","type":"boolean"},"hasReference":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"}},"required":["type","id"]},{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"}},"required":["type","id"]},"type":"array"}]},"includeReferencesDeep":{"default":false,"description":"Includes all of the referenced objects in the exported objects.","type":"boolean"},"objects":{"description":"A list of objects to export. NOTE: this optiona cannot be combined with `types` option","items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"}},"required":["type","id"]},"maxItems":10000,"type":"array"},"search":{"description":"Search for documents to export using the Elasticsearch Simple Query String syntax.","type":"string"},"type":{"anyOf":[{"type":"string"},{"items":{"type":"string"},"type":"array"}],"description":"The saved object types to include in the export. Use `*` to export all the types."}}}}}},"responses":{"200":{"content":{"application/x-ndjson":{"examples":{"exportSavedObjectsResponse":{"summary":"The export objects API response contains a JSON record for each exported object.","value":{"attributes":{"description":"","layerListJSON":"[{\"id\":\"0hmz5\",\"alpha\":1,\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"visible\":true,\"style\":{},\"type\":\"EMS_VECTOR_TILE\",\"minZoom\":0,\"maxZoom\":24},{\"id\":\"edh66\",\"label\":\"Total Requests by Destination\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"sourceDescriptor\":{\"type\":\"EMS_FILE\",\"id\":\"world_countries\",\"tooltipProperties\":[\"name\",\"iso2\"]},\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e\",\"origin\":\"join\"},\"color\":\"Greys\",\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":10}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}}}},\"type\":\"GEOJSON_VECTOR\",\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"type\":\"ES_TERM_SOURCE\",\"id\":\"673ff994-fc75-4c67-909b-69fcb0e1060e\",\"indexPatternTitle\":\"kibana_sample_data_logs\",\"term\":\"geo.dest\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\",\"metrics\":[{\"type\":\"count\",\"label\":\"web logs count\"}],\"applyGlobalQuery\":true}}]},{\"id\":\"gaxya\",\"label\":\"Actual Requests\",\"minZoom\":9,\"maxZoom\":24,\"alpha\":1,\"sourceDescriptor\":{\"id\":\"b7486535-171b-4d3b-bb2e-33c1a0a2854c\",\"type\":\"ES_SEARCH\",\"geoField\":\"geo.coordinates\",\"limit\":2048,\"filterByMapBounds\":true,\"tooltipProperties\":[\"clientip\",\"timestamp\",\"host\",\"request\",\"response\",\"machine.os\",\"agent\",\"bytes\"],\"indexPatternRefName\":\"layer_2_source_index_pattern\",\"applyGlobalQuery\":true,\"scalingType\":\"LIMIT\"},\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#2200ff\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"bytes\",\"origin\":\"source\"},\"minSize\":1,\"maxSize\":23,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}}}},\"type\":\"GEOJSON_VECTOR\"},{\"id\":\"tfi3f\",\"label\":\"Total Requests and Bytes\",\"minZoom\":0,\"maxZoom\":9,\"alpha\":1,\"sourceDescriptor\":{\"type\":\"ES_GEO_GRID\",\"resolution\":\"COARSE\",\"id\":\"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b\",\"geoField\":\"geo.coordinates\",\"requestType\":\"point\",\"metrics\":[{\"type\":\"count\",\"label\":\"web logs count\"},{\"type\":\"sum\",\"field\":\"bytes\"}],\"indexPatternRefName\":\"layer_3_source_index_pattern\",\"applyGlobalQuery\":true},\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\",\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#cccccc\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"sum_of_bytes\",\"origin\":\"source\"},\"minSize\":7,\"maxSize\":25,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"labelText\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"labelSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":12,\"maxSize\":24,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}}}},\"type\":\"GEOJSON_VECTOR\"}]","mapStateJSON":"{\"zoom\":3.64,\"center\":{\"lon\":-88.92107,\"lat\":42.16337},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"settings\":{\"autoFitToDataBounds\":false}}","title":"[Logs] Total Requests and Bytes","uiStateJSON":"{\"isDarkMode\":false}"},"coreMigrationVersion":"8.8.0","created_at":"2023-08-23T20:03:32.204Z","id":"de71f4f0-1902-11e9-919b-ffe5949a18d2","managed":false,"references":[{"id":"90943e30-9a47-11e8-b64d-95841ca0b247","name":"layer_1_join_0_index_pattern","type":"index-pattern"},{"id":"90943e30-9a47-11e8-b64d-95841ca0b247","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"90943e30-9a47-11e8-b64d-95841ca0b247","name":"layer_3_source_index_pattern","type":"index-pattern"}],"type":"map","typeMigrationVersion":"8.4.0","updated_at":"2023-08-23T20:03:32.204Z","version":"WzEzLDFd"}}},"schema":{}}},"description":"Indicates a successfull call."},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Indicates an unsuccessful response.","type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"statusCode":{"enum":[400],"type":"integer"}},"required":["error","message","statusCode"]}}},"description":"Bad request."}},"summary":"Export saved objects","tags":["saved objects"]}},"/api/saved_objects/_find":{"get":{"deprecated":true,"description":"Retrieve a paginated set of Kibana saved objects.","operationId":"findSavedObjects","parameters":[{"description":"An aggregation structure, serialized as a string. The field format is similar to filter, meaning that to use a saved object type attribute in the aggregation, the `savedObjectType.attributes.title: \"myTitle\"` format must be used. For root fields, the syntax is `savedObjectType.rootField`. NOTE: As objects change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.\n","in":"query","name":"aggs","schema":{"type":"string"}},{"description":"The default operator to use for the `simple_query_string`.","in":"query","name":"default_search_operator","schema":{"type":"string"}},{"description":"The fields to return in the attributes key of the response.","in":"query","name":"fields","schema":{"oneOf":[{"type":"string"},{"type":"array"}]}},{"description":"The filter is a KQL string with the caveat that if you filter with an attribute from your saved object type, it should look like that: `savedObjectType.attributes.title: \"myTitle\"`. However, if you use a root attribute of a saved object such as `updated_at`, you will have to define your filter like that: `savedObjectType.updated_at \u003e 2018-12-22`.\n","in":"query","name":"filter","schema":{"type":"string"}},{"description":"Filters to objects that do not have a relationship with the type and identifier combination.","in":"query","name":"has_no_reference","schema":{"type":"object"}},{"description":"The operator to use for the `has_no_reference` parameter. Either `OR` or `AND`. Defaults to `OR`.","in":"query","name":"has_no_reference_operator","schema":{"type":"string"}},{"description":"Filters to objects that have a relationship with the type and ID combination.","in":"query","name":"has_reference","schema":{"type":"object"}},{"description":"The operator to use for the `has_reference` parameter. Either `OR` or `AND`. Defaults to `OR`.","in":"query","name":"has_reference_operator","schema":{"type":"string"}},{"description":"The page of objects to return.","in":"query","name":"page","schema":{"type":"integer"}},{"description":"The number of objects to return per page.","in":"query","name":"per_page","schema":{"type":"integer"}},{"description":"An Elasticsearch `simple_query_string` query that filters the objects in the response.","in":"query","name":"search","schema":{"type":"string"}},{"description":"The fields to perform the `simple_query_string` parsed query against.","in":"query","name":"search_fields","schema":{"oneOf":[{"type":"string"},{"type":"array"}]}},{"description":"Sorts the response. Includes \"root\" and \"type\" fields. \"root\" fields exist for all saved objects, such as \"updated_at\". \"type\" fields are specific to an object type, such as fields returned in the attributes key of the response. When a single type is defined in the type parameter, the \"root\" and \"type\" fields are allowed, and validity checks are made in that order. When multiple types are defined in the type parameter, only \"root\" fields are allowed.\n","in":"query","name":"sort_field","schema":{"type":"string"}},{"description":"The saved object types to include.","in":"query","name":"type","required":true,"schema":{"oneOf":[{"type":"string"},{"type":"array"}]}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request"}},"summary":"Search for saved objects","tags":["saved objects"]}},"/api/saved_objects/_import":{"post":{"description":"Create sets of Kibana saved objects from a file created by the export API. Saved objects can only be imported into the same version, a newer minor on the same major, or the next major. Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana.","operationId":"post-saved-objects-import","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"Overwrites saved objects when they already exist. When used, potential conflict errors are automatically resolved by overwriting the destination object. NOTE: This option cannot be used with the `createNewCopies` option.","in":"query","name":"overwrite","required":false,"schema":{"default":false,"type":"boolean"}},{"description":"Creates copies of saved objects, regenerates each object ID, and resets the origin. When used, potential conflict errors are avoided. NOTE: This option cannot be used with the `overwrite` and `compatibilityMode` options.","in":"query","name":"createNewCopies","required":false,"schema":{"default":false,"type":"boolean"}},{"description":"Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with imported saved objects. NOTE: This option cannot be used with the `createNewCopies` option.","in":"query","name":"compatibilityMode","required":false,"schema":{"default":false,"type":"boolean"}}],"requestBody":{"content":{"multipart/form-data":{"examples":{"importObjectsRequest":{"value":{"file":"file.ndjson"}}},"schema":{"additionalProperties":false,"type":"object","properties":{"file":{"description":"A file exported using the export API. Changing the contents of the exported file in any way before importing it can cause errors, crashes or data loss. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported.","type":"object"}},"required":["file"]}}}},"responses":{"200":{"content":{"application/json":{"examples":{"importObjectsResponse":{"summary":"The import objects API response indicates a successful import and the objects are created. Since these objects are created as new copies, each entry in the successResults array includes a destinationId attribute.","value":{"success":true,"successCount":1,"successResults":[{"destinationId":"82d2760c-468f-49cf-83aa-b9a35b6a8943","id":"90943e30-9a47-11e8-b64d-95841ca0b247","managed":false,"meta":{"icon":"indexPatternApp","title":"Kibana Sample Data Logs"},"type":"index-pattern"}]}}},"schema":{"additionalProperties":false,"type":"object","properties":{"errors":{"description":"Indicates the import was unsuccessful and specifies the objects that failed to import.\n\nNOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error.","items":{"additionalProperties":true,"type":"object","properties":{}},"type":"array"},"success":{"description":"Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties.","type":"boolean"},"successCount":{"description":"Indicates the number of successfully imported records.","type":"number"},"successResults":{"description":"Indicates the objects that are successfully imported, with any metadata if applicable.\n\nNOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute.","items":{"additionalProperties":true,"type":"object","properties":{}},"type":"array"}},"required":["success","successCount","errors","successResults"]}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"additionalProperties":false,"description":"Indicates an unsuccessful response.","type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"statusCode":{"enum":[400],"type":"integer"}},"required":["error","message","statusCode"]}}},"description":"Bad request."}},"summary":"Import saved objects","tags":["saved objects"],"x-codeSamples":[{"label":"Import with createNewCopies","lang":"cURL","source":"curl \\\n -X POST api/saved_objects/_import?createNewCopies=true\n -H \"kbn-xsrf: true\"\n --form file=@file.ndjson\n"}]}},"/api/saved_objects/_resolve_import_errors":{"post":{"description":"To resolve errors from the Import objects API, you can:\n\n* Retry certain saved objects\n* Overwrite specific saved objects\n* Change references to different saved objects\n","operationId":"resolveImportErrors","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"},{"description":"Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. When enabled during the initial import, also enable when resolving import errors. This option cannot be used with the `createNewCopies` option.\n","in":"query","name":"compatibilityMode","required":false,"schema":{"type":"boolean"}},{"description":"Creates copies of the saved objects, regenerates each object ID, and resets the origin. When enabled during the initial import, also enable when resolving import errors.\n","in":"query","name":"createNewCopies","required":false,"schema":{"type":"boolean"}}],"requestBody":{"content":{"multipart/form-data":{"examples":{"resolveImportErrorsRequest":{"$ref":"#/components/examples/Saved_objects_resolve_missing_reference_request"}},"schema":{"type":"object","properties":{"file":{"description":"The same file given to the import API.","format":"binary","type":"string"},"retries":{"description":"The retry operations, which can specify how to resolve different types of errors.","items":{"type":"object","properties":{"destinationId":{"description":"Specifies the destination ID that the imported object should have, if different from the current ID.","type":"string"},"id":{"description":"The saved object ID.","type":"string"},"ignoreMissingReferences":{"description":"When set to `true`, ignores missing reference errors. When set to `false`, does nothing.","type":"boolean"},"overwrite":{"description":"When set to `true`, the source object overwrites the conflicting destination object. When set to `false`, does nothing.","type":"boolean"},"replaceReferences":{"description":"A list of `type`, `from`, and `to` used to change the object references.","items":{"type":"object","properties":{"from":{"type":"string"},"to":{"type":"string"},"type":{"type":"string"}}},"type":"array"},"type":{"description":"The saved object type.","type":"string"}},"required":["type","id"]},"type":"array"}},"required":["retries"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"resolveImportErrorsResponse":{"$ref":"#/components/examples/Saved_objects_resolve_missing_reference_response"}},"schema":{"type":"object","properties":{"errors":{"description":"Specifies the objects that failed to resolve.\n\nNOTE: One object can result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and a `conflict` error.\n","items":{"type":"object"},"type":"array"},"success":{"description":"Indicates a successful import. When set to `false`, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties.\n","type":"boolean"},"successCount":{"description":"Indicates the number of successfully resolved records.\n","type":"number"},"successResults":{"description":"Indicates the objects that are successfully imported, with any metadata if applicable.\n\nNOTE: Objects are only created when all resolvable errors are addressed, including conflict and missing references.\n","items":{"type":"object"},"type":"array"}}}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request."}},"summary":"Resolve import errors","tags":["saved objects"]}},"/api/saved_objects/{type}":{"post":{"deprecated":true,"description":"Create a Kibana saved object with a randomly generated identifier.","operationId":"createSavedObject","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"},{"$ref":"#/components/parameters/Saved_objects_saved_object_type"},{"description":"If true, overwrites the document with the same identifier.","in":"query","name":"overwrite","schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Saved_objects_attributes"},"initialNamespaces":{"$ref":"#/components/schemas/Saved_objects_initial_namespaces"},"references":{"$ref":"#/components/schemas/Saved_objects_references"}},"required":["attributes"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."},"409":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a conflict error."}},"summary":"Create a saved object","tags":["saved objects"]}},"/api/saved_objects/{type}/{id}":{"get":{"deprecated":true,"description":"Retrieve a single Kibana saved object by identifier.","operationId":"getSavedObject","parameters":[{"$ref":"#/components/parameters/Saved_objects_saved_object_id"},{"$ref":"#/components/parameters/Saved_objects_saved_object_type"}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request."}},"summary":"Get a saved object","tags":["saved objects"]},"post":{"deprecated":true,"description":"Create a Kibana saved object and specify its identifier instead of using a randomly generated ID.","operationId":"createSavedObjectId","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"},{"$ref":"#/components/parameters/Saved_objects_saved_object_id"},{"$ref":"#/components/parameters/Saved_objects_saved_object_type"},{"description":"If true, overwrites the document with the same identifier.","in":"query","name":"overwrite","schema":{"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Saved_objects_attributes"},"initialNamespaces":{"$ref":"#/components/schemas/Saved_objects_initial_namespaces"},"references":{"$ref":"#/components/schemas/Saved_objects_initial_namespaces"}},"required":["attributes"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."},"409":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a conflict error."}},"summary":"Create a saved object","tags":["saved objects"]},"put":{"deprecated":true,"description":"Update the attributes for Kibana saved objects.","operationId":"updateSavedObject","parameters":[{"$ref":"#/components/parameters/Saved_objects_kbn_xsrf"},{"$ref":"#/components/parameters/Saved_objects_saved_object_id"},{"$ref":"#/components/parameters/Saved_objects_saved_object_type"}],"requestBody":{"content":{"application/json":{"schema":{"type":"object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."},"404":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates the object was not found."},"409":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a conflict error."}},"summary":"Update a saved object","tags":["saved objects"]}},"/api/saved_objects/resolve/{type}/{id}":{"get":{"deprecated":true,"description":"Retrieve a single Kibana saved object by identifier using any legacy URL alias if it exists. Under certain circumstances, when Kibana is upgraded, saved object migrations may necessitate regenerating some object IDs to enable new features. When an object's ID is regenerated, a legacy URL alias is created for that object, preserving its old ID. In such a scenario, that object can be retrieved using either its new ID or its old ID.\n","operationId":"resolveSavedObject","parameters":[{"$ref":"#/components/parameters/Saved_objects_saved_object_id"},{"$ref":"#/components/parameters/Saved_objects_saved_object_type"}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saved_objects_400_response"}}},"description":"Bad request."}},"summary":"Resolve a saved object","tags":["saved objects"]}},"/api/security_ai_assistant/anonymization_fields/_bulk_action":{"post":{"description":"Apply a bulk action to multiple anonymization fields. The bulk action is applied to all anonymization fields that match the filter or to the list of anonymization fields by their IDs.","operationId":"PerformAnonymizationFieldsBulkAction","requestBody":{"content":{"application/json":{"schema":{"example":{"create":[{"allowed":true,"anonymized":false,"field":"host.name"},{"allowed":false,"anonymized":true,"field":"user.name"}],"delete":{"ids":["field5","field6"],"query":"field: host.name"},"update":[{"allowed":true,"anonymized":false,"id":"field8"},{"allowed":false,"anonymized":true,"id":"field9"}]},"type":"object","properties":{"create":{"description":"Array of anonymization fields to create.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps"},"type":"array"},"delete":{"description":"Object containing the query to filter anonymization fields and/or an array of anonymization field IDs to delete.","type":"object","properties":{"ids":{"description":"Array of IDs to apply the action to.","example":["1234","5678"],"items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter the bulk action.","example":"status: 'inactive'","type":"string"}}},"update":{"description":"Array of anonymization fields to update.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps"},"type":"array"}}}}}},"responses":{"200":{"content":{"application/json":{"example":{"anonymization_fields_count":5,"attributes":{"results":{"created":[{"allowed":false,"anonymized":true,"createdAt":"2023-10-31T12:00:00Z","createdBy":"user1","field":"host.name","id":"field2","namespace":"default","timestamp":"2023-10-31T12:00:00Z","updatedAt":"2023-10-31T12:00:00Z","updatedBy":"user1"}],"deleted":["field3"],"skipped":[{"id":"field4","name":"user.name","skip_reason":"ANONYMIZATION_FIELD_NOT_MODIFIED"}],"updated":[{"allowed":true,"anonymized":false,"createdAt":"2023-10-31T12:00:00Z","createdBy":"user1","field":"url.domain","id":"field8","namespace":"default","timestamp":"2023-10-31T12:00:00Z","updatedAt":"2023-10-31T12:00:00Z","updatedBy":"user1"}]},"summary":{"failed":1,"skipped":1,"succeeded":2,"total":5}},"message":"Bulk action completed successfully","status_code":200,"success":true},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"example":{"error":"Bad Request","message":"Invalid request body","statusCode":400},"schema":{"type":"object","properties":{"error":{"description":"Error type or name.","type":"string"},"message":{"description":"Detailed error message.","type":"string"},"statusCode":{"description":"Status code of the response.","type":"number"}}}}},"description":"Generic Error"}},"summary":"Apply a bulk action to anonymization fields","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/anonymization_fields/_find":{"get":{"description":"Get a list of all anonymization fields.","operationId":"FindAnonymizationFields","parameters":[{"description":"Fields to return","example":["id","field","anonymized","allowed"],"in":"query","name":"fields","required":false,"schema":{"items":{"type":"string"},"type":"array"}},{"description":"Search query","example":"field: \"user.name\"","in":"query","name":"filter","required":false,"schema":{"type":"string"}},{"description":"Field to sort by","example":"created_at","in":"query","name":"sort_field","required":false,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField"}},{"description":"Sort order","example":"asc","in":"query","name":"sort_order","required":false,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_SortOrder"}},{"description":"Page number","example":1,"in":"query","name":"page","required":false,"schema":{"default":1,"minimum":1,"type":"integer"}},{"description":"AnonymizationFields per page","example":20,"in":"query","name":"per_page","required":false,"schema":{"default":20,"minimum":0,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"example":{"data":[{"allowed":true,"anonymized":true,"createdAt":"2023-10-31T12:00:00Z","createdBy":"user1","field":"user.name","id":"1","namespace":"default","timestamp":"2023-10-31T12:00:00Z","updatedAt":"2023-10-31T12:00:00Z","updatedBy":"user1"}],"page":1,"perPage":20,"total":100},"schema":{"type":"object","properties":{"data":{"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse"},"type":"array"},"page":{"type":"integer"},"perPage":{"type":"integer"},"total":{"type":"integer"}},"required":["page","perPage","total","data"]}}},"description":"Successful response"},"400":{"content":{"application/json":{"example":{"error":"Bad Request","message":"Invalid request parameters","statusCode":400},"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"number"}}}}},"description":"Generic Error"}},"summary":"Get anonymization fields","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/chat/complete":{"post":{"description":"Create a model response for the given chat conversation.","operationId":"ChatComplete","parameters":[{"description":"If true, the response will not include content references.","example":false,"in":"query","name":"content_references_disabled","required":false,"schema":{"default":false,"type":"boolean"}}],"requestBody":{"content":{"application/json":{"example":{"connectorId":"conn-001","conversationId":"abc123","isStream":true,"langSmithApiKey":"sk-abc123","langSmithProject":"security_ai_project","messages":[{"content":"What are some common phishing techniques?","data":{"user_id":"user_789"},"fields_to_anonymize":["user.name","source.ip"],"role":"user"}],"model":"gpt-4","persist":true,"promptId":"prompt_456","responseLanguage":"en"},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps"}}},"required":true},"responses":{"200":{"content":{"application/octet-stream":{"schema":{"format":"binary","type":"string"}}},"description":"Indicates a successful model response call."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"Error type.","example":"Bad Request","type":"string"},"message":{"description":"Human-readable error message.","example":"Invalid request payload.","type":"string"},"statusCode":{"description":"HTTP status code.","example":400,"type":"number"}}}}},"description":"Generic Error"}},"summary":"Create a model response","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/current_user/conversations":{"post":{"description":"Create a new Security AI Assistant conversation. This endpoint allows the user to initiate a conversation with the Security AI Assistant by providing the required parameters.","operationId":"CreateConversation","requestBody":{"content":{"application/json":{"example":{"apiConfig":{"actionTypeId":"67890","connectorId":"12345"},"category":"assistant","excludeFromLastConversationStorage":false,"messages":[{"content":"Hello, how can I assist you today?","role":"system","timestamp":"2023-10-31T12:00:00Z"}],"replacements":{},"title":"Security Discussion"},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationCreateProps"}}},"required":true},"responses":{"200":{"content":{"application/json":{"example":{"apiConfig":{"actionTypeId":"67890","connectorId":"12345"},"category":"assistant","createdAt":"2023-10-31T12:01:00Z","excludeFromLastConversationStorage":false,"id":"abc123","messages":[{"content":"Hello, how can I assist you today?","role":"system","timestamp":"2023-10-31T12:00:00Z"}],"replacements":{},"title":"Security Discussion","updatedAt":"2023-10-31T12:01:00Z","users":[{"id":"user1","name":"John Doe"}]},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationResponse"}}},"description":"Indicates a successful call. The conversation was created successfully."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"example":"Bad Request","type":"string"},"message":{"example":"Missing required parameter: title","type":"string"},"statusCode":{"example":400,"type":"number"}}}}},"description":"Generic Error. This response indicates an issue with the request, such as missing required parameters or incorrect data."}},"summary":"Create a conversation","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/current_user/conversations/_find":{"get":{"description":"Get a list of all conversations for the current user. This endpoint allows users to search, filter, sort, and paginate through their conversations.","operationId":"FindConversations","parameters":[{"description":"A list of fields to include in the response. If omitted, all fields are returned.","in":"query","name":"fields","required":false,"schema":{"example":["id","title","createdAt"],"items":{"type":"string"},"type":"array"}},{"description":"A search query to filter the conversations. Can match against titles, messages, or other conversation attributes.","in":"query","name":"filter","required":false,"schema":{"example":"Security Issue","type":"string"}},{"description":"The field by which to sort the results. Valid fields are `created_at`, `title`, and `updated_at`.","in":"query","name":"sort_field","required":false,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_FindConversationsSortField","example":"created_at"}},{"description":"The order in which to sort the results. Can be either `asc` for ascending or `desc` for descending.","in":"query","name":"sort_order","required":false,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_SortOrder","example":"desc"}},{"description":"The page number of the results to retrieve. Default is 1.","in":"query","name":"page","required":false,"schema":{"default":1,"example":1,"minimum":1,"type":"integer"}},{"description":"The number of conversations to return per page. Default is 20.","in":"query","name":"per_page","required":false,"schema":{"default":20,"example":20,"minimum":0,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"data":{"description":"A list of conversations.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationResponse"},"type":"array"},"page":{"description":"The current page of the results.","example":1,"type":"integer"},"perPage":{"description":"The number of results returned per page.","example":20,"type":"integer"},"total":{"description":"The total number of conversations matching the filter criteria.","example":100,"type":"integer"}},"required":["page","perPage","total","data"]}}},"description":"Successful response, returns a paginated list of conversations matching the specified criteria."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"example":"Bad Request","type":"string"},"message":{"example":"Invalid filter query parameter","type":"string"},"statusCode":{"example":400,"type":"number"}}}}},"description":"Generic Error. The request could not be processed due to an invalid query parameter or other issue."}},"summary":"Get conversations","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/current_user/conversations/{id}":{"delete":{"description":"Delete an existing conversation using the conversation ID. This endpoint allows users to permanently delete a conversation.","operationId":"DeleteConversation","parameters":[{"description":"The conversation's `id` value.","example":"abc123","in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"}}],"responses":{"200":{"content":{"application/json":{"example":{"apiConfig":{"actionTypeId":"67890","connectorId":"12345"},"category":"assistant","createdAt":"2023-10-31T12:01:00Z","excludeFromLastConversationStorage":false,"id":"abc123","messages":[{"content":"The conversation has been deleted.","role":"system","timestamp":"2023-10-31T12:35:00Z"}],"replacements":{},"title":"Deleted Security Discussion","updatedAt":"2023-10-31T12:01:00Z","users":[{"id":"user1","name":"John Doe"}]},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationResponse"}}},"description":"Indicates a successful call. The conversation was deleted successfully."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"example":"Bad Request","type":"string"},"message":{"example":"Invalid conversation ID","type":"string"},"statusCode":{"example":400,"type":"number"}}}}},"description":"Generic Error. This response indicates an issue with the request."}},"summary":"Delete a conversation","tags":["Security AI Assistant API"]},"get":{"description":"Get the details of an existing conversation using the conversation ID. This allows users to fetch the specific conversation data by its unique ID.","operationId":"ReadConversation","parameters":[{"description":"The conversation's `id` value, a unique identifier for the conversation.","example":"abc123","in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"}}],"responses":{"200":{"content":{"application/json":{"example":{"apiConfig":{"actionTypeId":"67890","connectorId":"12345"},"category":"assistant","createdAt":"2023-10-31T12:01:00Z","excludeFromLastConversationStorage":false,"id":"abc123","messages":[{"content":"Hello, how can I assist you today?","role":"system","timestamp":"2023-10-31T12:00:00Z"}],"replacements":{},"title":"Security Discussion","updatedAt":"2023-10-31T12:01:00Z","users":[{"id":"user1","name":"John Doe"}]},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationResponse"}}},"description":"Indicates a successful call. The conversation details are returned."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"example":"Bad Request","type":"string"},"message":{"example":"Invalid conversation ID","type":"string"},"statusCode":{"example":400,"type":"number"}}}}},"description":"Generic Error. The request could not be processed due to an error."}},"summary":"Get a conversation","tags":["Security AI Assistant API"]},"put":{"description":"Update an existing conversation using the conversation ID. This endpoint allows users to modify the details of an existing conversation.","operationId":"UpdateConversation","parameters":[{"description":"The conversation's `id` value.","example":"abc123","in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"}}],"requestBody":{"content":{"application/json":{"example":{"apiConfig":{"actionTypeId":"09876","connectorId":"54321"},"category":"insights","excludeFromLastConversationStorage":true,"messages":[{"content":"The issue was resolved.","role":"assistant","timestamp":"2023-10-31T12:30:00Z"}],"replacements":{},"title":"Updated Security Discussion"},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps"}}},"required":true},"responses":{"200":{"content":{"application/json":{"example":{"apiConfig":{"actionTypeId":"09876","connectorId":"54321"},"category":"insights","createdAt":"2023-10-31T12:01:00Z","excludeFromLastConversationStorage":true,"id":"abc123","messages":[{"content":"The issue was resolved.","role":"assistant","timestamp":"2023-10-31T12:30:00Z"}],"replacements":{},"title":"Updated Security Discussion","updatedAt":"2023-10-31T12:31:00Z","users":[{"id":"user1","name":"John Doe"}]},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationResponse"}}},"description":"Indicates a successful call. The conversation was updated successfully."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"example":"Bad Request","type":"string"},"message":{"example":"Missing required field: title","type":"string"},"statusCode":{"example":400,"type":"number"}}}}},"description":"Generic Error. This response indicates an issue with the request, such as missing required parameters or incorrect data."}},"summary":"Update a conversation","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/knowledge_base/{resource}":{"get":{"description":"Read a single KB","operationId":"ReadKnowledgeBase","parameters":[{"description":"The KnowledgeBase `resource` value.","example":"kb12345","in":"path","name":"resource","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"elser_exists":{"description":"Indicates if the ELSER model exists for the KnowledgeBase.","example":true,"type":"boolean"},"is_setup_available":{"description":"Indicates if the setup process is available for the KnowledgeBase.","example":true,"type":"boolean"},"is_setup_in_progress":{"description":"Indicates if the setup process is currently in progress.","example":false,"type":"boolean"},"product_documentation_status":{"description":"The status of the product documentation in the KnowledgeBase.","example":"complete","type":"string"},"security_labs_exists":{"description":"Indicates if Security Labs documentation exists in the KnowledgeBase.","example":true,"type":"boolean"},"user_data_exists":{"description":"Indicates if user data exists in the KnowledgeBase.","example":false,"type":"boolean"}}}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A short description of the error.","example":"Bad Request","type":"string"},"message":{"description":"A detailed error message.","example":"Invalid resource ID provided.","type":"string"},"statusCode":{"description":"The HTTP status code of the error.","example":400,"type":"number"}}}}},"description":"Generic Error"}},"summary":"Read a KnowledgeBase","tags":["Security AI Assistant API"]},"post":{"description":"Create a KnowledgeBase","operationId":"CreateKnowledgeBase","parameters":[{"description":"The KnowledgeBase `resource` value.","example":"kb12345","in":"path","name":"resource","schema":{"type":"string"}},{"description":"ELSER modelId to use when setting up the Knowledge Base. If not provided, a default model will be used.","example":"elser-model-001","in":"query","name":"modelId","required":false,"schema":{"type":"string"}},{"description":"Indicates whether we should or should not install Security Labs docs when setting up the Knowledge Base. Defaults to `false`.","example":true,"in":"query","name":"ignoreSecurityLabs","required":false,"schema":{"default":false,"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseResponse"}}},"description":"Indicates a successful call."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A short description of the error.","example":"Bad Request","type":"string"},"message":{"description":"A detailed error message.","example":"Invalid resource ID provided.","type":"string"},"statusCode":{"description":"The HTTP status code of the error.","example":400,"type":"number"}}}}},"description":"Generic Error"}},"summary":"Create a KnowledgeBase","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/knowledge_base/entries":{"post":{"description":"Create a Knowledge Base Entry","operationId":"CreateKnowledgeBaseEntry","requestBody":{"content":{"application/json":{"example":{"content":"To reset your password, go to the settings page and click 'Reset Password'.","tags":["password","reset","help"],"title":"How to reset a password"},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps"}}},"required":true},"responses":{"200":{"content":{"application/json":{"example":{"content":"To reset your password, go to the settings page and click 'Reset Password'.","id":"12345","tags":["password","reset","help"],"title":"How to reset a password"},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse"}}},"description":"Successful request returning Knowledge Base Entries"},"400":{"content":{"application/json":{"example":{"error":"Invalid input","message":"The 'title' field is required."},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema"}}},"description":"A generic error occurred, such as invalid input or missing required fields."}},"summary":"Create a Knowledge Base Entry","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/knowledge_base/entries/_bulk_action":{"post":{"description":"The bulk action is applied to all Knowledge Base Entries that match the filter or to the list of Knowledge Base Entries by their IDs.","operationId":"PerformKnowledgeBaseEntryBulkAction","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"create":{"description":"List of Knowledge Base Entries to create.","example":[{"content":"This is the content of the new entry.","title":"New Entry"}],"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps"},"type":"array"},"delete":{"type":"object","properties":{"ids":{"description":"Array of Knowledge Base Entry IDs.","example":["123","456","789"],"items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter Knowledge Base Entries.","example":"status:active AND category:technology","type":"string"}}},"update":{"description":"List of Knowledge Base Entries to update.","example":[{"content":"Updated content.","id":"123","title":"Updated Entry"}],"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryUpdateProps"},"type":"array"}}}}}},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResponse"}}},"description":"Successful bulk operation request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema"}}},"description":"Generic Error"}},"summary":"Applies a bulk action to multiple Knowledge Base Entries","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/knowledge_base/entries/_find":{"get":{"description":"Finds Knowledge Base Entries that match the given query.","operationId":"FindKnowledgeBaseEntries","parameters":[{"description":"A list of fields to include in the response. If not provided, all fields will be included.","in":"query","name":"fields","required":false,"schema":{"example":["title","created_at"],"items":{"type":"string"},"type":"array"}},{"description":"Search query to filter Knowledge Base Entries by specific criteria.","in":"query","name":"filter","required":false,"schema":{"example":"error handling","type":"string"}},{"description":"Field to sort the Knowledge Base Entries by.","in":"query","name":"sort_field","required":false,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_FindKnowledgeBaseEntriesSortField","example":"created_at"}},{"description":"Sort order for the results, either asc or desc.","in":"query","name":"sort_order","required":false,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_SortOrder","example":"asc"}},{"description":"Page number for paginated results. Defaults to 1.","in":"query","name":"page","required":false,"schema":{"default":1,"example":2,"minimum":1,"type":"integer"}},{"description":"Number of Knowledge Base Entries to return per page. Defaults to 20.","in":"query","name":"per_page","required":false,"schema":{"default":20,"example":10,"minimum":0,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"data":{"description":"The list of Knowledge Base Entries for the current page.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse"},"type":"array"},"page":{"description":"The current page number.","example":1,"type":"integer"},"perPage":{"description":"The number of Knowledge Base Entries returned per page.","example":20,"type":"integer"},"total":{"description":"The total number of Knowledge Base Entries available.","example":100,"type":"integer"}},"required":["page","perPage","total","data"]}}},"description":"Successful response containing the paginated Knowledge Base Entries."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A short description of the error.","example":"Bad Request","type":"string"},"message":{"description":"A detailed message explaining the error.","example":"Invalid query parameter: sort_order","type":"string"},"statusCode":{"description":"The HTTP status code of the error.","example":400,"type":"number"}}}}},"description":"Generic Error indicating an issue with the request."}},"summary":"Finds Knowledge Base Entries that match the given query.","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/knowledge_base/entries/{id}":{"delete":{"description":"Delete a Knowledge Base Entry by its unique `id`.","operationId":"DeleteKnowledgeBaseEntry","parameters":[{"description":"The unique identifier (`id`) of the Knowledge Base Entry to delete.","example":"12345","in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"}}],"responses":{"200":{"content":{"application/json":{"example":{"id":"12345","message":"Knowledge Base Entry successfully deleted."},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_DeleteResponseFields"}}},"description":"Successful request returning the `id` of the deleted Knowledge Base Entry."},"400":{"content":{"application/json":{"example":{"error":"Not Found","message":"No Knowledge Base Entry found with the provided `id`."},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema"}}},"description":"A generic error occurred, such as an invalid `id` or the entry not being found."}},"summary":"Deletes a single Knowledge Base Entry using the `id` field","tags":["Security AI Assistant API"]},"get":{"description":"Retrieve a Knowledge Base Entry by its unique `id`.","operationId":"ReadKnowledgeBaseEntry","parameters":[{"description":"The unique identifier (`id`) of the Knowledge Base Entry to retrieve.","example":"12345","in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"}}],"responses":{"200":{"content":{"application/json":{"example":{"content":"To reset your password, go to the settings page and click 'Reset Password'.","id":"12345","tags":["password","reset","help"],"title":"How to reset a password"},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse"}}},"description":"Successful request returning the requested Knowledge Base Entry."},"400":{"content":{"application/json":{"example":{"error":"Not Found","message":"No Knowledge Base Entry found with the provided `id`."},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema"}}},"description":"A generic error occurred, such as an invalid `id` or the entry not being found."}},"summary":"Read a Knowledge Base Entry","tags":["Security AI Assistant API"]},"put":{"description":"Update an existing Knowledge Base Entry by its unique `id`.","operationId":"UpdateKnowledgeBaseEntry","parameters":[{"description":"The unique identifier (`id`) of the Knowledge Base Entry to update.","example":"12345","in":"path","name":"id","required":true,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"}}],"requestBody":{"content":{"application/json":{"example":{"content":"To reset your password, go to the settings page, click 'Reset Password', and follow the instructions.","tags":["password","reset","help","update"],"title":"How to reset a password (updated)"},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryUpdateRouteProps"}}},"required":true},"responses":{"200":{"content":{"application/json":{"example":{"content":"To reset your password, go to the settings page, click 'Reset Password', and follow the instructions.","id":"12345","tags":["password","reset","help","update"],"title":"How to reset a password (updated)"},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse"}}},"description":"Successful request returning the updated Knowledge Base Entry."},"400":{"content":{"application/json":{"example":{"error":"Invalid input","message":"The 'content' field cannot be empty."},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema"}}},"description":"A generic error occurred, such as invalid input or the entry not being found."}},"summary":"Update a Knowledge Base Entry","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/prompts/_bulk_action":{"post":{"description":"Apply a bulk action to multiple prompts. The bulk action is applied to all prompts that match the filter or to the list of prompts by their IDs. This action allows for bulk create, update, or delete operations.","operationId":"PerformPromptsBulkAction","requestBody":{"content":{"application/json":{"example":{"create":[{"content":"Please verify the security settings.","name":"New Security Prompt","promptType":"system"}],"delete":{"ids":["prompt1","prompt2"]},"update":[{"content":"Updated content for security prompt.","id":"prompt123"}]},"schema":{"type":"object","properties":{"create":{"description":"List of prompts to be created.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptCreateProps"},"type":"array"},"delete":{"description":"Criteria for deleting prompts in bulk.","type":"object","properties":{"ids":{"description":"Array of IDs to apply the action to.","example":["1234","5678"],"items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter the bulk action.","example":"status: 'inactive'","type":"string"}}},"update":{"description":"List of prompts to be updated.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps"},"type":"array"}}}}}},"responses":{"200":{"content":{"application/json":{"examples":{"success":{"value":{"attributes":{"errors":[],"results":{"created":[{"content":"Please verify the security settings.","id":"prompt6","name":"New Security Prompt","promptType":"system"}],"deleted":["prompt2","prompt3"],"skipped":[{"id":"prompt4","name":"Security Prompt","skip_reason":"PROMPT_FIELD_NOT_MODIFIED"}],"updated":[{"content":"Updated security settings prompt","id":"prompt1","name":"Security Prompt","promptType":"system"}]},"summary":{"failed":0,"skipped":1,"succeeded":4,"total":5}},"message":"Bulk action completed successfully.","prompts_count":5,"status_code":200,"success":true}}},"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse"}}},"description":"Indicates a successful call with the results of the bulk action."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A short error message.","example":"Bad Request","type":"string"},"message":{"description":"A detailed error message.","example":"Invalid prompt ID or missing required fields.","type":"string"},"statusCode":{"description":"The HTTP status code for the error.","example":400,"type":"number"}}}}},"description":"Indicates a generic error due to a bad request."}},"summary":"Apply a bulk action to prompts","tags":["Security AI Assistant API"]}},"/api/security_ai_assistant/prompts/_find":{"get":{"description":"Get a list of all prompts based on optional filters, sorting, and pagination.","operationId":"FindPrompts","parameters":[{"description":"List of specific fields to include in each returned prompt.","in":"query","name":"fields","required":false,"schema":{"example":["id","name","content"],"items":{"type":"string"},"type":"array"}},{"description":"Search query string to filter prompts by matching fields.","in":"query","name":"filter","required":false,"schema":{"example":"error handling","type":"string"}},{"description":"Field to sort prompts by.","in":"query","name":"sort_field","required":false,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_FindPromptsSortField"}},{"description":"Sort order, either asc or desc.","in":"query","name":"sort_order","required":false,"schema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_SortOrder"}},{"description":"Page number for pagination.","in":"query","name":"page","required":false,"schema":{"default":1,"example":1,"minimum":1,"type":"integer"}},{"description":"Number of prompts per page.","in":"query","name":"per_page","required":false,"schema":{"default":20,"example":20,"minimum":0,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"example":{"data":[{"categories":["troubleshooting","logging"],"color":"#FF5733","consumer":"security","content":"If you encounter an error, check the logs and retry.","createdAt":"2025-04-20T21:00:00Z","createdBy":"jdoe","id":"prompt-123","isDefault":true,"isNewConversationDefault":false,"name":"Error Troubleshooting Prompt","namespace":"default","promptType":"standard","timestamp":"2025-04-30T22:30:00Z","updatedAt":"2025-04-30T22:45:00Z","updatedBy":"jdoe","users":[{"full_name":"John Doe","username":"jdoe"}]}],"page":1,"perPage":20,"total":142},"type":"object","properties":{"data":{"description":"The list of prompts returned based on the search query, sorting, and pagination.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptResponse"},"type":"array"},"page":{"description":"Current page number.","example":1,"type":"integer"},"perPage":{"description":"Number of prompts per page.","example":20,"type":"integer"},"total":{"description":"Total number of prompts matching the query.","example":142,"type":"integer"}},"required":["page","perPage","total","data"]}}},"description":"Successful response containing a list of prompts."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"Short error message.","example":"Bad Request","type":"string"},"message":{"description":"Detailed description of the error.","example":"Invalid sort order value provided.","type":"string"},"statusCode":{"description":"HTTP status code for the error.","example":400,"type":"number"}}}}},"description":"Bad request due to invalid parameters or malformed query."}},"summary":"Get prompts","tags":["Security AI Assistant API"]}},"/api/security/role":{"get":{"operationId":"get-security-role","parameters":[{"description":"If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.","in":"query","name":"replaceDeprecatedPrivileges","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"description":"Indicates a successful call.","content":{"application/json":{"examples":{"getRolesResponse1":{"$ref":"#/components/examples/get_roles_response1"}}}}}},"summary":"Get all roles","tags":["roles"]}},"/api/security/role/_query":{"post":{"operationId":"post-security-role-query","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"filters":{"additionalProperties":false,"type":"object","properties":{"showReservedRoles":{"type":"boolean"}}},"from":{"type":"number"},"query":{"type":"string"},"size":{"type":"number"},"sort":{"additionalProperties":false,"type":"object","properties":{"direction":{"enum":["asc","desc"],"type":"string"},"field":{"type":"string"}},"required":["field","direction"]}}}}}},"responses":{"200":{"description":"Indicates a successful call."}},"summary":"Query roles","tags":[]}},"/api/security/role/{name}":{"delete":{"operationId":"delete-security-role-name","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"minLength":1,"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."}},"summary":"Delete a role","tags":["roles"]},"get":{"operationId":"get-security-role-name","parameters":[{"description":"The role name.","in":"path","name":"name","required":true,"schema":{"minLength":1,"type":"string"}},{"description":"If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.","in":"query","name":"replaceDeprecatedPrivileges","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"description":"Indicates a successful call.","content":{"application/json":{"examples":{"getRoleResponse1":{"$ref":"#/components/examples/get_role_response1"}}}}}},"summary":"Get a role","tags":["roles"]},"put":{"description":"Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.","operationId":"put-security-role-name","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The role name.","in":"path","name":"name","required":true,"schema":{"maxLength":1024,"minLength":1,"type":"string"}},{"description":"When true, a role is not overwritten if it already exists.","in":"query","name":"createOnly","required":false,"schema":{"default":false,"type":"boolean"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"description":{"description":"A description for the role.","maxLength":2048,"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"cluster":{"items":{"description":"Cluster privileges that define the cluster level actions that users can perform.","type":"string"},"type":"array"},"indices":{"items":{"additionalProperties":false,"type":"object","properties":{"allow_restricted_indices":{"description":"Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.","type":"boolean"},"field_security":{"additionalProperties":{"items":{"description":"The document fields that the role members have read access to.","type":"string"},"type":"array"},"type":"object"},"names":{"items":{"description":"The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).","type":"string"},"minItems":1,"type":"array"},"privileges":{"items":{"description":"The index level privileges that the role members have for the data streams and indices.","type":"string"},"minItems":1,"type":"array"},"query":{"description":"A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.","type":"string"}},"required":["names","privileges"]},"type":"array"},"remote_cluster":{"items":{"additionalProperties":false,"type":"object","properties":{"clusters":{"items":{"description":"A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.","type":"string"},"minItems":1,"type":"array"},"privileges":{"items":{"description":"The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.","type":"string"},"minItems":1,"type":"array"}},"required":["privileges","clusters"]},"type":"array"},"remote_indices":{"items":{"additionalProperties":false,"type":"object","properties":{"allow_restricted_indices":{"description":"Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.","type":"boolean"},"clusters":{"items":{"description":"A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.","type":"string"},"minItems":1,"type":"array"},"field_security":{"additionalProperties":{"items":{"description":"The document fields that the role members have read access to.","type":"string"},"type":"array"},"type":"object"},"names":{"items":{"description":"A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).","type":"string"},"minItems":1,"type":"array"},"privileges":{"items":{"description":"The index level privileges that role members have for the specified indices.","type":"string"},"minItems":1,"type":"array"},"query":{"description":"A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ","type":"string"}},"required":["clusters","names","privileges"]},"type":"array"},"run_as":{"items":{"description":"A user name that the role member can impersonate.","type":"string"},"type":"array"}}},"kibana":{"items":{"additionalProperties":false,"type":"object","properties":{"base":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"items":{"description":"A base privilege that grants applies to all spaces.","type":"string"},"type":"array"},{"items":{"description":"A base privilege that applies to specific spaces.","type":"string"},"type":"array"}]},"feature":{"additionalProperties":{"items":{"description":"The privileges that the role member has for the feature.","type":"string"},"type":"array"},"type":"object"},"spaces":{"anyOf":[{"items":{"enum":["*"],"type":"string"},"maxItems":1,"minItems":1,"type":"array"},{"items":{"description":"A space that the privilege applies to.","type":"string"},"type":"array"}],"default":["*"]}},"required":["base"]},"type":"array"},"metadata":{"additionalProperties":{},"type":"object"}},"required":["elasticsearch"]},"examples":{"createRoleRequest1":{"$ref":"#/components/examples/create_role_request1"},"createRoleRequest2":{"$ref":"#/components/examples/create_role_request2"},"createRoleRequest3":{"$ref":"#/components/examples/create_role_request3"},"createRoleRequest4":{"$ref":"#/components/examples/create_role_request4"}}}}},"responses":{"204":{"description":"Indicates a successful call."}},"summary":"Create or update a role","tags":["roles"]}},"/api/security/roles":{"post":{"operationId":"post-security-roles","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"roles":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"description":{"description":"A description for the role.","maxLength":2048,"type":"string"},"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"cluster":{"items":{"description":"Cluster privileges that define the cluster level actions that users can perform.","type":"string"},"type":"array"},"indices":{"items":{"additionalProperties":false,"type":"object","properties":{"allow_restricted_indices":{"description":"Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.","type":"boolean"},"field_security":{"additionalProperties":{"items":{"description":"The document fields that the role members have read access to.","type":"string"},"type":"array"},"type":"object"},"names":{"items":{"description":"The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).","type":"string"},"minItems":1,"type":"array"},"privileges":{"items":{"description":"The index level privileges that the role members have for the data streams and indices.","type":"string"},"minItems":1,"type":"array"},"query":{"description":"A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.","type":"string"}},"required":["names","privileges"]},"type":"array"},"remote_cluster":{"items":{"additionalProperties":false,"type":"object","properties":{"clusters":{"items":{"description":"A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.","type":"string"},"minItems":1,"type":"array"},"privileges":{"items":{"description":"The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.","type":"string"},"minItems":1,"type":"array"}},"required":["privileges","clusters"]},"type":"array"},"remote_indices":{"items":{"additionalProperties":false,"type":"object","properties":{"allow_restricted_indices":{"description":"Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.","type":"boolean"},"clusters":{"items":{"description":"A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.","type":"string"},"minItems":1,"type":"array"},"field_security":{"additionalProperties":{"items":{"description":"The document fields that the role members have read access to.","type":"string"},"type":"array"},"type":"object"},"names":{"items":{"description":"A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).","type":"string"},"minItems":1,"type":"array"},"privileges":{"items":{"description":"The index level privileges that role members have for the specified indices.","type":"string"},"minItems":1,"type":"array"},"query":{"description":"A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ","type":"string"}},"required":["clusters","names","privileges"]},"type":"array"},"run_as":{"items":{"description":"A user name that the role member can impersonate.","type":"string"},"type":"array"}}},"kibana":{"items":{"additionalProperties":false,"type":"object","properties":{"base":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"items":{"description":"A base privilege that grants applies to all spaces.","type":"string"},"type":"array"},{"items":{"description":"A base privilege that applies to specific spaces.","type":"string"},"type":"array"}]},"feature":{"additionalProperties":{"items":{"description":"The privileges that the role member has for the feature.","type":"string"},"type":"array"},"type":"object"},"spaces":{"anyOf":[{"items":{"enum":["*"],"type":"string"},"maxItems":1,"minItems":1,"type":"array"},{"items":{"description":"A space that the privilege applies to.","type":"string"},"type":"array"}],"default":["*"]}},"required":["base"]},"type":"array"},"metadata":{"additionalProperties":{},"type":"object"}},"required":["elasticsearch"]},"type":"object"}},"required":["roles"]}}}},"responses":{"200":{"description":"Indicates a successful call."}},"summary":"Create or update roles","tags":["roles"]}},"/api/security/session/_invalidate":{"post":{"description":"Invalidate user sessions that match a query. To use this API, you must be a superuser.\n","operationId":"post-security-session-invalidate","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"examples":{"invalidateRequestExample1":{"description":"Run `POST api/security/session/_invalidate` to invalidate all existing sessions.","summary":"Invalidate all sessions","value":"{\n \"match\" : \"all\"\n}"},"invalidateRequestExample2":{"description":"Run `POST api/security/session/_invalidate` to invalidate sessions that were created by any SAML authentication provider.","summary":"Invalidate all SAML sessions","value":"{\n \"match\" : \"query\",\n \"query\": {\n \"provider\" : { \"type\": \"saml\" }\n }\n}"},"invalidateRequestExample3":{"description":"Run `POST api/security/session/_invalidate` to invalidate sessions that were created by the SAML authentication provider named `saml1`.","summary":"Invalidate sessions for a provider","value":"{\n \"match\" : \"query\",\n \"query\": {\n \"provider\" : { \"type\": \"saml\", \"name\": \"saml1\" }\n }\n}"},"invalidateRequestExample4":{"description":"Run `POST api/security/session/_invalidate` to invalidate sessions that were created by any OpenID Connect authentication provider for the user with the username `user@my-oidc-sso.com`.","summary":"Invalidate sessions for a user","value":"{\n \"match\" : \"query\",\n \"query\": {\n \"provider\" : { \"type\": \"oidc\" },\n \"username\": \"user@my-oidc-sso.com\"\n }\n}"}},"schema":{"type":"object","properties":{"match":{"description":"The method Kibana uses to determine which sessions to invalidate. If it is `all`, all existing sessions will be invalidated. If it is `query`, only the sessions that match the query will be invalidated.\n","enum":["all","query"],"type":"string"},"query":{"description":"The query that Kibana uses to match the sessions to invalidate when the `match` parameter is set to `query`.\n","type":"object","properties":{"provider":{"description":"The authentication providers that will have their user sessions invalidated.","type":"object","properties":{"name":{"description":"The authentication provider name.","type":"string"},"type":{"description":"The authentication provide type. For example: `basic`, `token`, `saml`, `oidc`, `kerberos`, or `pki`.\n","type":"string"}},"required":["type"]},"username":{"description":"The username that will have its sessions invalidated.","type":"string"}},"required":["provider"]}},"required":["match"]}}}},"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"total":{"description":"The number of sessions that were successfully invalidated.","type":"integer"}}}}},"description":"Indicates a successful call"},"403":{"description":"Indicates that the user may not be authorized to invalidate sessions for other users."}},"summary":"Invalidate user sessions","tags":["user session"],"x-state":"Technical Preview"}},"/api/short_url":{"post":{"description":"Kibana URLs may be long and cumbersome, short URLs are much easier to remember and share.\nShort URLs are created by specifying the locator ID and locator parameters. When a short URL is resolved, the locator ID and locator parameters are used to redirect user to the right Kibana page.\n","operationId":"post-url","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"humanReadableSlug":{"description":"When the `slug` parameter is omitted, the API will generate a random human-readable slug if `humanReadableSlug` is set to true.\n","type":"boolean"},"locatorId":{"description":"The identifier for the locator.","type":"string"},"params":{"description":"An object which contains all necessary parameters for the given locator to resolve to a Kibana location.\n\u003e warn\n\u003e When you create a short URL, locator params are not validated, which allows you to pass arbitrary and ill-formed data into the API that can break Kibana. Make sure any data that you send to the API is properly formed.\n","type":"object"},"slug":{"description":"A custom short URL slug. The slug is the part of the short URL that identifies it. You can provide a custom slug which consists of latin alphabet letters, numbers, and `-._` characters. The slug must be at least 3 characters long, but no longer than 255 characters.\n","type":"string"}},"required":["locatorId","params"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Short_URL_APIs_urlResponse"}}},"description":"Indicates a successful call."}},"summary":"Create a short URL","tags":["short url"],"x-state":"Technical Preview"}},"/api/short_url/_slug/{slug}":{"get":{"description":"Resolve a Kibana short URL by its slug.\n","operationId":"resolve-url","parameters":[{"description":"The slug of the short URL.","in":"path","name":"slug","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Short_URL_APIs_urlResponse"}}},"description":"Indicates a successful call."}},"summary":"Resolve a short URL","tags":["short url"],"x-state":"Technical Preview"}},"/api/short_url/{id}":{"delete":{"description":"Delete a Kibana short URL.\n","operationId":"delete-url","parameters":[{"$ref":"#/components/parameters/Short_URL_APIs_idParam"}],"responses":{"200":{"description":"Indicates a successful call."}},"summary":"Delete a short URL","tags":["short url"],"x-state":"Technical Preview"},"get":{"description":"Get a single Kibana short URL.\n","operationId":"get-url","parameters":[{"$ref":"#/components/parameters/Short_URL_APIs_idParam"}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Short_URL_APIs_urlResponse"}}},"description":"Indicates a successful call."}},"summary":"Get a short URL","tags":["short url"],"x-state":"Technical Preview"}},"/api/spaces/_copy_saved_objects":{"post":{"description":"It also allows you to automatically copy related objects, so when you copy a dashboard, this can automatically copy over the associated visualizations, data views, and saved Discover sessions, as required. You can request to overwrite any objects that already exist in the target space if they share an identifier or you can use the resolve copy saved objects conflicts API to do this on a per-object basis.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: copySavedObjectsToSpaces.","operationId":"post-spaces-copy-saved-objects","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"compatibilityMode":{"default":false,"description":"Apply various adjustments to the saved objects that are being copied to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with copied saved objects. This option cannot be used with the `createNewCopies` option.","type":"boolean"},"createNewCopies":{"default":true,"description":"Create new copies of saved objects, regenerate each object identifier, and reset the origin. When used, potential conflict errors are avoided. This option cannot be used with the `overwrite` and `compatibilityMode` options.","type":"boolean"},"includeReferences":{"default":false,"description":"When set to true, all saved objects related to the specified saved objects will also be copied into the target spaces.","type":"boolean"},"objects":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"description":"The identifier of the saved object to copy.","type":"string"},"type":{"description":"The type of the saved object to copy.","type":"string"}},"required":["type","id"]},"type":"array"},"overwrite":{"default":false,"description":"When set to true, all conflicts are automatically overridden. When a saved object with a matching type and identifier exists in the target space, that version is replaced with the version from the source space. This option cannot be used with the `createNewCopies` option.","type":"boolean"},"spaces":{"items":{"description":"The identifiers of the spaces where you want to copy the specified objects.","type":"string"},"type":"array"}},"required":["spaces","objects"]},"examples":{"copySavedObjectsRequestExample1":{"$ref":"#/components/examples/copy_saved_objects_request1"},"copySavedObjectsRequestExample2":{"$ref":"#/components/examples/copy_saved_objects_request2"}}}}},"responses":{"200":{"content":{"application/json":{"examples":{"copySavedObjectsResponseExample1":{"$ref":"#/components/examples/copy_saved_objects_response1"},"copySavedObjectsResponseExample2":{"$ref":"#/components/examples/copy_saved_objects_response2"},"copySavedObjectsResponseExample3":{"$ref":"#/components/examples/copy_saved_objects_response3"},"copySavedObjectsResponseExample4":{"$ref":"#/components/examples/copy_saved_objects_response4"}}}}}},"summary":"Copy saved objects between spaces","tags":["spaces"]}},"/api/spaces/_disable_legacy_url_aliases":{"post":{"operationId":"post-spaces-disable-legacy-url-aliases","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"aliases":{"items":{"additionalProperties":false,"type":"object","properties":{"sourceId":{"description":"The alias source object identifier. This is the legacy object identifier.","type":"string"},"targetSpace":{"description":"The space where the alias target object exists.","type":"string"},"targetType":{"description":"The type of alias target object. ","type":"string"}},"required":["targetSpace","targetType","sourceId"]},"type":"array"}},"required":["aliases"]},"examples":{"disableLegacyURLRequestExample1":{"$ref":"#/components/examples/disable_legacy_url_request1"}}}}},"responses":{},"summary":"Disable legacy URL aliases","tags":["spaces"]}},"/api/spaces/_get_shareable_references":{"post":{"description":"Collect references and space contexts for saved objects.","operationId":"post-spaces-get-shareable-references","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"objects":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"}},"required":["type","id"]},"type":"array"}},"required":["objects"]}}}},"responses":{},"summary":"Get shareable references","tags":["spaces"]}},"/api/spaces/_resolve_copy_saved_objects_errors":{"post":{"description":"Overwrite saved objects that are returned as errors from the copy saved objects to space API.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: copySavedObjectsToSpaces.","operationId":"post-spaces-resolve-copy-saved-objects-errors","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"compatibilityMode":{"default":false,"type":"boolean"},"createNewCopies":{"default":true,"type":"boolean"},"includeReferences":{"default":false,"type":"boolean"},"objects":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"}},"required":["type","id"]},"type":"array"},"retries":{"additionalProperties":{"items":{"additionalProperties":false,"type":"object","properties":{"createNewCopy":{"description":"Creates new copies of the saved objects, regenerates each object ID, and resets the origin.","type":"boolean"},"destinationId":{"description":"Specifies the destination identifier that the copied object should have, if different from the current identifier.","type":"string"},"id":{"description":"The saved object identifier.","type":"string"},"ignoreMissingReferences":{"description":"When set to true, any missing references errors are ignored.","type":"boolean"},"overwrite":{"default":false,"description":"When set to true, the saved object from the source space overwrites the conflicting object in the destination space.","type":"boolean"},"type":{"description":"The saved object type.","type":"string"}},"required":["type","id"]},"type":"array"},"type":"object"}},"required":["retries","objects"]},"examples":{"resolveCopySavedObjectsRequestExample1":{"$ref":"#/components/examples/resolve_copy_saved_objects_request1"},"resolveCopySavedObjectsRequestExample2":{"$ref":"#/components/examples/resolve_copy_saved_objects_request2"}}}}},"responses":{"200":{"content":{"application/json":{"examples":{"resolveCopySavedObjectsResponseExample1":{"$ref":"#/components/examples/copy_saved_objects_response1"},"resolveCopySavedObjectsResponseExample2":{"$ref":"#/components/examples/copy_saved_objects_response2"}}}}}},"summary":"Resolve conflicts copying saved objects","tags":[]}},"/api/spaces/_update_objects_spaces":{"post":{"description":"Update one or more saved objects to add or remove them from some spaces.","operationId":"post-spaces-update-objects-spaces","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"objects":{"items":{"additionalProperties":false,"type":"object","properties":{"id":{"description":"The identifier of the saved object to update.","type":"string"},"type":{"description":"The type of the saved object to update.","type":"string"}},"required":["type","id"]},"type":"array"},"spacesToAdd":{"items":{"description":"The identifiers of the spaces the saved objects should be added to or removed from.","type":"string"},"type":"array"},"spacesToRemove":{"items":{"description":"The identifiers of the spaces the saved objects should be added to or removed from.","type":"string"},"type":"array"}},"required":["objects","spacesToAdd","spacesToRemove"]},"examples":{"updateObjectSpacesRequestExample1":{"$ref":"#/components/examples/update_saved_objects_spaces_request1"}}}}},"responses":{"200":{"content":{"application/json":{"examples":{"updateObjectSpacesResponseExample1":{"$ref":"#/components/examples/update_saved_objects_spaces_response1"}}}}}},"summary":"Update saved objects in spaces","tags":["spaces"]}},"/api/spaces/space":{"get":{"operationId":"get-spaces-space","parameters":[{"description":"Specifies which authorization checks are applied to the API call. The default value is `any`.","in":"query","name":"purpose","required":false,"schema":{"enum":["any","copySavedObjectsIntoSpace","shareSavedObjectsIntoSpace"],"type":"string"}},{"description":"When enabled, the API returns any spaces that the user is authorized to access in any capacity and each space will contain the purposes for which the user is authorized. This can be useful to determine which spaces a user can read but not take a specific action in. If the security plugin is not enabled, this parameter has no effect, since no authorization checks take place. This parameter cannot be used in with the `purpose` parameter.","in":"query","name":"include_authorized_purposes","required":true,"schema":{"anyOf":[{"items":{},"type":"array"},{"type":"boolean"},{"type":"number"},{"type":"object"},{"type":"string"}],"nullable":true,"oneOf":[{"enum":[false],"type":"boolean","x-oas-optional":true},{"type":"boolean","x-oas-optional":true}]}}],"responses":{"200":{"description":"Indicates a successful call.","content":{"application/json":{"examples":{"getSpacesResponseExample1":{"$ref":"#/components/examples/get_spaces_response1"},"getSpacesResponseExample2":{"$ref":"#/components/examples/get_spaces_response2"}}}}}},"summary":"Get all spaces","tags":["spaces"]},"post":{"operationId":"post-spaces-space","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"_reserved":{"type":"boolean"},"color":{"description":"The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.","type":"string"},"description":{"description":"A description for the space.","type":"string"},"disabledFeatures":{"default":[],"items":{"description":"The list of features that are turned off in the space.","type":"string"},"type":"array"},"id":{"description":"The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.","type":"string"},"imageUrl":{"description":"The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.","type":"string"},"initials":{"description":"One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.","maxLength":2,"type":"string"},"name":{"description":"The display name for the space. ","minLength":1,"type":"string"},"solution":{"enum":["security","oblt","es","classic"],"type":"string"}},"required":["id","name"]},"examples":{"createSpaceRequest":{"$ref":"#/components/examples/create_space_request"}}}}},"responses":{"200":{"description":"Indicates a successful call."}},"summary":"Create a space","tags":["spaces"]}},"/api/spaces/space/{id}":{"delete":{"description":"When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone.","operationId":"delete-spaces-space-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The space identifier.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"Indicates a successful call."},"404":{"description":"Indicates that the request failed."}},"summary":"Delete a space","tags":["spaces"]},"get":{"operationId":"get-spaces-space-id","parameters":[{"description":"The space identifier.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Indicates a successful call.","content":{"application/json":{"examples":{"getSpaceResponseExample":{"$ref":"#/components/examples/get_space_response"}}}}}},"summary":"Get a space","tags":["spaces"]},"put":{"operationId":"put-spaces-space-id","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"description":"The space identifier. You are unable to change the ID with the update operation.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"_reserved":{"type":"boolean"},"color":{"description":"The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.","type":"string"},"description":{"description":"A description for the space.","type":"string"},"disabledFeatures":{"default":[],"items":{"description":"The list of features that are turned off in the space.","type":"string"},"type":"array"},"id":{"description":"The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.","type":"string"},"imageUrl":{"description":"The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.","type":"string"},"initials":{"description":"One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.","maxLength":2,"type":"string"},"name":{"description":"The display name for the space. ","minLength":1,"type":"string"},"solution":{"enum":["security","oblt","es","classic"],"type":"string"}},"required":["id","name"]},"examples":{"updateSpaceRequest":{"$ref":"#/components/examples/update_space_request"}}}}},"responses":{"200":{"description":"Indicates a successful call."}},"summary":"Update a space","tags":["spaces"]}},"/api/status":{"get":{"operationId":"get-status","parameters":[{"description":"Set to \"true\" to get the response in v7 format.","in":"query","name":"v7format","required":false,"schema":{"type":"boolean"}},{"description":"Set to \"true\" to get the response in v8 format.","in":"query","name":"v8format","required":false,"schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"anyOf":[{"$ref":"#/components/schemas/Kibana_HTTP_APIs_core_status_response"},{"$ref":"#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse"}],"description":"Kibana's operational status. A minimal response is sent for unauthorized users."}}},"description":"Overall status is OK and Kibana should be functioning normally."},"503":{"content":{"application/json":{"schema":{"anyOf":[{"$ref":"#/components/schemas/Kibana_HTTP_APIs_core_status_response"},{"$ref":"#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse"}],"description":"Kibana's operational status. A minimal response is sent for unauthorized users."}}},"description":"Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable."}},"summary":"Get Kibana's current status","tags":["system"]}},"/api/streams":{"get":{"description":"Fetches list of all streams\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: read_stream.","operationId":"get-streams","parameters":[],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Get stream list","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/_disable":{"post":{"description":"Disables wired streams and deletes all existing stream definitions. The data of wired streams is deleted, but the data of classic streams is preserved.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"post-streams-disable","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Disable streams","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/_enable":{"post":{"description":"Enables wired streams\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"post-streams-enable","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Enable streams","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/_resync":{"post":{"description":"Resyncs all streams, making sure that Elasticsearch assets are up to date\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"post-streams-resync","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Resync streams","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}":{"delete":{"description":"Deletes a stream definition and the underlying data stream\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"delete-streams-name","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Delete a stream","tags":["streams"],"x-state":"Technical Preview"},"get":{"description":"Fetches a stream definition and associated dashboards\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: read_stream.","operationId":"get-streams-name","parameters":[{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Get a stream","tags":["streams"],"x-state":"Technical Preview"},"put":{"description":"Creates or updates a stream definition. Classic streams can not be created through this API, only updated\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"put-streams-name","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"anyOf":[{"allOf":[{"type":"object","properties":{}},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"additionalProperties":false,"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name","description"]}]}},"required":["stream"]},{"type":"object","properties":{"dashboards":{"items":{"type":"string"},"type":"array"},"queries":{"items":{"allOf":[{"type":"object","properties":{"id":{"minLength":1,"type":"string"},"title":{"minLength":1,"type":"string"}},"required":["id","title"]},{"type":"object","properties":{"kql":{"additionalProperties":false,"type":"object","properties":{"query":{"minLength":1,"type":"string"}},"required":["query"]}},"required":["kql"]}]},"type":"array"}},"required":["dashboards","queries"]},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"allOf":[{"type":"object","properties":{}},{"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name","description"]},{"type":"object","properties":{"ingest":{"additionalProperties":false,"type":"object","properties":{"lifecycle":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"dsl":{"additionalProperties":false,"type":"object","properties":{"data_retention":{"minLength":1,"type":"string"}}}},"required":["dsl"]},{"additionalProperties":false,"type":"object","properties":{"ilm":{"additionalProperties":false,"type":"object","properties":{"policy":{"minLength":1,"type":"string"}},"required":["policy"]}},"required":["ilm"]},{"additionalProperties":false,"type":"object","properties":{"inherit":{"additionalProperties":false,"type":"object","properties":{}}},"required":["inherit"]}]},"processing":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"date":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"formats":{"items":{"minLength":1,"type":"string"},"type":"array"},"locale":{"minLength":1,"type":"string"},"output_format":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"},"timezone":{"minLength":1,"type":"string"}},"required":["field","formats"]}]}},"required":["date"]},{"additionalProperties":false,"type":"object","properties":{"dissect":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"append_separator":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern":{"minLength":1,"type":"string"}},"required":["field","pattern"]}]}},"required":["dissect"]},{"additionalProperties":false,"type":"object","properties":{"grok":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern_definitions":{"additionalProperties":{"type":"string"},"type":"object"},"patterns":{"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"}},"required":["field","patterns"]}]}},"required":["grok"]},{"additionalProperties":false,"type":"object","properties":{"kv":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"exclude_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"field":{"minLength":1,"type":"string"},"field_split":{"type":"string"},"ignore_missing":{"type":"boolean"},"include_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"prefix":{"minLength":1,"type":"string"},"strip_brackets":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"},"trim_key":{"minLength":1,"type":"string"},"trim_value":{"minLength":1,"type":"string"},"value_split":{"type":"string"}},"required":["field","field_split","value_split"]}]}},"required":["kv"]},{"additionalProperties":false,"type":"object","properties":{"geoip":{"additionalProperties":false,"type":"object","properties":{"database_file":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"first_only":{"type":"boolean"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["geoip"]},{"additionalProperties":false,"type":"object","properties":{"rename":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"override":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field","target_field"]}]}},"required":["rename"]},{"additionalProperties":false,"type":"object","properties":{"set":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_empty_value":{"type":"boolean"},"media_type":{"type":"string"},"override":{"type":"boolean"},"value":{"minLength":1,"type":"string"}},"required":["field","value"]}]}},"required":["set"]},{"additionalProperties":false,"type":"object","properties":{"urldecode":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}]}},"required":["urldecode"]},{"additionalProperties":false,"type":"object","properties":{"user_agent":{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"regex_file":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["user_agent"]}]},"type":"array"}},"required":["lifecycle","processing"]}},"required":["ingest"]},{"type":"object","properties":{"ingest":{"additionalProperties":false,"type":"object","properties":{"wired":{"additionalProperties":false,"type":"object","properties":{"fields":{"additionalProperties":{"allOf":[{"additionalProperties":{"anyOf":[{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"},{"enum":["null"],"nullable":true},{"not":{}}]},{"items":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"},{"enum":["null"],"nullable":true},{"not":{}}]},"type":"array"},{}]},"type":"object"},{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"format":{"minLength":1,"type":"string"},"type":{"enum":["keyword","match_only_text","long","double","date","boolean","ip"],"type":"string"}},"required":["type"]},{"additionalProperties":false,"type":"object","properties":{"type":{"enum":["system"],"type":"string"}},"required":["type"]}]}]},"type":"object"},"routing":{"items":{"additionalProperties":false,"type":"object","properties":{"destination":{"minLength":1,"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]}},"required":["destination","if"]},"type":"array"}},"required":["fields","routing"]}},"required":["wired"]}},"required":["ingest"]}]}]}},"required":["stream"]},{"type":"object","properties":{}},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"additionalProperties":false,"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name","description"]}]}},"required":["stream"]},{"type":"object","properties":{"dashboards":{"items":{"type":"string"},"type":"array"},"queries":{"items":{"allOf":[{"type":"object","properties":{"id":{"minLength":1,"type":"string"},"title":{"minLength":1,"type":"string"}},"required":["id","title"]},{"type":"object","properties":{"kql":{"additionalProperties":false,"type":"object","properties":{"query":{"minLength":1,"type":"string"}},"required":["query"]}},"required":["kql"]}]},"type":"array"}},"required":["dashboards","queries"]},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"additionalProperties":false,"type":"object","properties":{"ingest":{"additionalProperties":false,"type":"object","properties":{"lifecycle":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"dsl":{"additionalProperties":false,"type":"object","properties":{"data_retention":{"minLength":1,"type":"string"}}}},"required":["dsl"]},{"additionalProperties":false,"type":"object","properties":{"ilm":{"additionalProperties":false,"type":"object","properties":{"policy":{"minLength":1,"type":"string"}},"required":["policy"]}},"required":["ilm"]},{"additionalProperties":false,"type":"object","properties":{"inherit":{"additionalProperties":false,"type":"object","properties":{}}},"required":["inherit"]}]},"processing":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"date":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"formats":{"items":{"minLength":1,"type":"string"},"type":"array"},"locale":{"minLength":1,"type":"string"},"output_format":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"},"timezone":{"minLength":1,"type":"string"}},"required":["field","formats"]}]}},"required":["date"]},{"additionalProperties":false,"type":"object","properties":{"dissect":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"append_separator":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern":{"minLength":1,"type":"string"}},"required":["field","pattern"]}]}},"required":["dissect"]},{"additionalProperties":false,"type":"object","properties":{"grok":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern_definitions":{"additionalProperties":{"type":"string"},"type":"object"},"patterns":{"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"}},"required":["field","patterns"]}]}},"required":["grok"]},{"additionalProperties":false,"type":"object","properties":{"kv":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"exclude_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"field":{"minLength":1,"type":"string"},"field_split":{"type":"string"},"ignore_missing":{"type":"boolean"},"include_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"prefix":{"minLength":1,"type":"string"},"strip_brackets":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"},"trim_key":{"minLength":1,"type":"string"},"trim_value":{"minLength":1,"type":"string"},"value_split":{"type":"string"}},"required":["field","field_split","value_split"]}]}},"required":["kv"]},{"additionalProperties":false,"type":"object","properties":{"geoip":{"additionalProperties":false,"type":"object","properties":{"database_file":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"first_only":{"type":"boolean"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["geoip"]},{"additionalProperties":false,"type":"object","properties":{"rename":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"override":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field","target_field"]}]}},"required":["rename"]},{"additionalProperties":false,"type":"object","properties":{"set":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_empty_value":{"type":"boolean"},"media_type":{"type":"string"},"override":{"type":"boolean"},"value":{"minLength":1,"type":"string"}},"required":["field","value"]}]}},"required":["set"]},{"additionalProperties":false,"type":"object","properties":{"urldecode":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}]}},"required":["urldecode"]},{"additionalProperties":false,"type":"object","properties":{"user_agent":{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"regex_file":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["user_agent"]}]},"type":"array"}},"required":["lifecycle","processing"]}},"required":["ingest"]}]}},"required":["stream"]},{"type":"object","properties":{}},{"type":"object","properties":{}}]},{"allOf":[{"type":"object","properties":{}},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"additionalProperties":false,"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name","description"]}]}},"required":["stream"]},{"type":"object","properties":{"dashboards":{"items":{"type":"string"},"type":"array"},"queries":{"items":{"allOf":[{"type":"object","properties":{"id":{"minLength":1,"type":"string"},"title":{"minLength":1,"type":"string"}},"required":["id","title"]},{"type":"object","properties":{"kql":{"additionalProperties":false,"type":"object","properties":{"query":{"minLength":1,"type":"string"}},"required":["query"]}},"required":["kql"]}]},"type":"array"}},"required":["dashboards","queries"]},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"allOf":[{"type":"object","properties":{}},{"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name","description"]},{"type":"object","properties":{"ingest":{"additionalProperties":false,"type":"object","properties":{"lifecycle":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"dsl":{"additionalProperties":false,"type":"object","properties":{"data_retention":{"minLength":1,"type":"string"}}}},"required":["dsl"]},{"additionalProperties":false,"type":"object","properties":{"ilm":{"additionalProperties":false,"type":"object","properties":{"policy":{"minLength":1,"type":"string"}},"required":["policy"]}},"required":["ilm"]},{"additionalProperties":false,"type":"object","properties":{"inherit":{"additionalProperties":false,"type":"object","properties":{}}},"required":["inherit"]}]},"processing":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"date":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"formats":{"items":{"minLength":1,"type":"string"},"type":"array"},"locale":{"minLength":1,"type":"string"},"output_format":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"},"timezone":{"minLength":1,"type":"string"}},"required":["field","formats"]}]}},"required":["date"]},{"additionalProperties":false,"type":"object","properties":{"dissect":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"append_separator":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern":{"minLength":1,"type":"string"}},"required":["field","pattern"]}]}},"required":["dissect"]},{"additionalProperties":false,"type":"object","properties":{"grok":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern_definitions":{"additionalProperties":{"type":"string"},"type":"object"},"patterns":{"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"}},"required":["field","patterns"]}]}},"required":["grok"]},{"additionalProperties":false,"type":"object","properties":{"kv":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"exclude_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"field":{"minLength":1,"type":"string"},"field_split":{"type":"string"},"ignore_missing":{"type":"boolean"},"include_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"prefix":{"minLength":1,"type":"string"},"strip_brackets":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"},"trim_key":{"minLength":1,"type":"string"},"trim_value":{"minLength":1,"type":"string"},"value_split":{"type":"string"}},"required":["field","field_split","value_split"]}]}},"required":["kv"]},{"additionalProperties":false,"type":"object","properties":{"geoip":{"additionalProperties":false,"type":"object","properties":{"database_file":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"first_only":{"type":"boolean"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["geoip"]},{"additionalProperties":false,"type":"object","properties":{"rename":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"override":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field","target_field"]}]}},"required":["rename"]},{"additionalProperties":false,"type":"object","properties":{"set":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_empty_value":{"type":"boolean"},"media_type":{"type":"string"},"override":{"type":"boolean"},"value":{"minLength":1,"type":"string"}},"required":["field","value"]}]}},"required":["set"]},{"additionalProperties":false,"type":"object","properties":{"urldecode":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}]}},"required":["urldecode"]},{"additionalProperties":false,"type":"object","properties":{"user_agent":{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"regex_file":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["user_agent"]}]},"type":"array"}},"required":["lifecycle","processing"]}},"required":["ingest"]},{"type":"object","properties":{"ingest":{"additionalProperties":false,"type":"object","properties":{"unwired":{"additionalProperties":false,"type":"object","properties":{}}},"required":["unwired"]}},"required":["ingest"]}]}]}},"required":["stream"]},{"type":"object","properties":{}},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"additionalProperties":false,"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name","description"]}]}},"required":["stream"]},{"type":"object","properties":{"dashboards":{"items":{"type":"string"},"type":"array"},"queries":{"items":{"allOf":[{"type":"object","properties":{"id":{"minLength":1,"type":"string"},"title":{"minLength":1,"type":"string"}},"required":["id","title"]},{"type":"object","properties":{"kql":{"additionalProperties":false,"type":"object","properties":{"query":{"minLength":1,"type":"string"}},"required":["query"]}},"required":["kql"]}]},"type":"array"}},"required":["dashboards","queries"]},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"additionalProperties":false,"type":"object","properties":{"ingest":{"additionalProperties":false,"type":"object","properties":{"lifecycle":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"dsl":{"additionalProperties":false,"type":"object","properties":{"data_retention":{"minLength":1,"type":"string"}}}},"required":["dsl"]},{"additionalProperties":false,"type":"object","properties":{"ilm":{"additionalProperties":false,"type":"object","properties":{"policy":{"minLength":1,"type":"string"}},"required":["policy"]}},"required":["ilm"]},{"additionalProperties":false,"type":"object","properties":{"inherit":{"additionalProperties":false,"type":"object","properties":{}}},"required":["inherit"]}]},"processing":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"date":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"formats":{"items":{"minLength":1,"type":"string"},"type":"array"},"locale":{"minLength":1,"type":"string"},"output_format":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"},"timezone":{"minLength":1,"type":"string"}},"required":["field","formats"]}]}},"required":["date"]},{"additionalProperties":false,"type":"object","properties":{"dissect":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"append_separator":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern":{"minLength":1,"type":"string"}},"required":["field","pattern"]}]}},"required":["dissect"]},{"additionalProperties":false,"type":"object","properties":{"grok":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern_definitions":{"additionalProperties":{"type":"string"},"type":"object"},"patterns":{"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"}},"required":["field","patterns"]}]}},"required":["grok"]},{"additionalProperties":false,"type":"object","properties":{"kv":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"exclude_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"field":{"minLength":1,"type":"string"},"field_split":{"type":"string"},"ignore_missing":{"type":"boolean"},"include_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"prefix":{"minLength":1,"type":"string"},"strip_brackets":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"},"trim_key":{"minLength":1,"type":"string"},"trim_value":{"minLength":1,"type":"string"},"value_split":{"type":"string"}},"required":["field","field_split","value_split"]}]}},"required":["kv"]},{"additionalProperties":false,"type":"object","properties":{"geoip":{"additionalProperties":false,"type":"object","properties":{"database_file":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"first_only":{"type":"boolean"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["geoip"]},{"additionalProperties":false,"type":"object","properties":{"rename":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"override":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field","target_field"]}]}},"required":["rename"]},{"additionalProperties":false,"type":"object","properties":{"set":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_empty_value":{"type":"boolean"},"media_type":{"type":"string"},"override":{"type":"boolean"},"value":{"minLength":1,"type":"string"}},"required":["field","value"]}]}},"required":["set"]},{"additionalProperties":false,"type":"object","properties":{"urldecode":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}]}},"required":["urldecode"]},{"additionalProperties":false,"type":"object","properties":{"user_agent":{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"regex_file":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["user_agent"]}]},"type":"array"}},"required":["lifecycle","processing"]}},"required":["ingest"]}]}},"required":["stream"]},{"type":"object","properties":{}},{"type":"object","properties":{}}]}]},{"allOf":[{"type":"object","properties":{}},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"additionalProperties":false,"type":"object","properties":{"description":{"type":"string"},"name":{"type":"string"}},"required":["name","description"]}]}},"required":["stream"]},{"type":"object","properties":{"dashboards":{"items":{"type":"string"},"type":"array"},"queries":{"items":{"allOf":[{"type":"object","properties":{"id":{"minLength":1,"type":"string"},"title":{"minLength":1,"type":"string"}},"required":["id","title"]},{"type":"object","properties":{"kql":{"additionalProperties":false,"type":"object","properties":{"query":{"minLength":1,"type":"string"}},"required":["query"]}},"required":["kql"]}]},"type":"array"}},"required":["dashboards","queries"]},{"type":"object","properties":{"stream":{"allOf":[{"additionalProperties":true,"type":"object","properties":{"name":{"not":{}}}},{"additionalProperties":false,"type":"object","properties":{"group":{"additionalProperties":false,"type":"object","properties":{"members":{"items":{"type":"string"},"type":"array"}},"required":["members"]}},"required":["group"]}]}},"required":["stream"]},{"type":"object","properties":{}}]}]}}}},"responses":{},"summary":"Create or update a stream","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/_fork":{"post":{"description":"Forks a wired stream and creates a child stream\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"post-streams-name-fork","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"stream":{"additionalProperties":false,"type":"object","properties":{"name":{"type":"string"}},"required":["name"]}},"required":["stream","if"]}}}},"responses":{},"summary":"Fork a stream","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/_group":{"get":{"description":"Fetches the group settings of a group stream definition\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: read_stream.","operationId":"get-streams-name-group","parameters":[{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Get group stream settings","tags":["streams"],"x-state":"Technical Preview"},"put":{"description":"Upserts the group settings of a group stream definition\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"put-streams-name-group","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"group":{"additionalProperties":false,"type":"object","properties":{"members":{"items":{"type":"string"},"type":"array"}},"required":["members"]}},"required":["group"]}}}},"responses":{},"summary":"Upsert group stream settings","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/_ingest":{"get":{"description":"Fetches the ingest settings of an ingest stream definition\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: read_stream.","operationId":"get-streams-name-ingest","parameters":[{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Get ingest stream settings","tags":["streams"],"x-state":"Technical Preview"},"put":{"description":"Upserts the ingest settings of an ingest stream definition\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"put-streams-name-ingest","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"ingest":{"anyOf":[{"allOf":[{"type":"object","properties":{"lifecycle":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"dsl":{"additionalProperties":false,"type":"object","properties":{"data_retention":{"minLength":1,"type":"string"}}}},"required":["dsl"]},{"additionalProperties":false,"type":"object","properties":{"ilm":{"additionalProperties":false,"type":"object","properties":{"policy":{"minLength":1,"type":"string"}},"required":["policy"]}},"required":["ilm"]},{"additionalProperties":false,"type":"object","properties":{"inherit":{"additionalProperties":false,"type":"object","properties":{}}},"required":["inherit"]}]},"processing":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"date":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"formats":{"items":{"minLength":1,"type":"string"},"type":"array"},"locale":{"minLength":1,"type":"string"},"output_format":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"},"timezone":{"minLength":1,"type":"string"}},"required":["field","formats"]}]}},"required":["date"]},{"additionalProperties":false,"type":"object","properties":{"dissect":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"append_separator":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern":{"minLength":1,"type":"string"}},"required":["field","pattern"]}]}},"required":["dissect"]},{"additionalProperties":false,"type":"object","properties":{"grok":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern_definitions":{"additionalProperties":{"type":"string"},"type":"object"},"patterns":{"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"}},"required":["field","patterns"]}]}},"required":["grok"]},{"additionalProperties":false,"type":"object","properties":{"kv":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"exclude_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"field":{"minLength":1,"type":"string"},"field_split":{"type":"string"},"ignore_missing":{"type":"boolean"},"include_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"prefix":{"minLength":1,"type":"string"},"strip_brackets":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"},"trim_key":{"minLength":1,"type":"string"},"trim_value":{"minLength":1,"type":"string"},"value_split":{"type":"string"}},"required":["field","field_split","value_split"]}]}},"required":["kv"]},{"additionalProperties":false,"type":"object","properties":{"geoip":{"additionalProperties":false,"type":"object","properties":{"database_file":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"first_only":{"type":"boolean"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["geoip"]},{"additionalProperties":false,"type":"object","properties":{"rename":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"override":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field","target_field"]}]}},"required":["rename"]},{"additionalProperties":false,"type":"object","properties":{"set":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_empty_value":{"type":"boolean"},"media_type":{"type":"string"},"override":{"type":"boolean"},"value":{"minLength":1,"type":"string"}},"required":["field","value"]}]}},"required":["set"]},{"additionalProperties":false,"type":"object","properties":{"urldecode":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}]}},"required":["urldecode"]},{"additionalProperties":false,"type":"object","properties":{"user_agent":{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"regex_file":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["user_agent"]}]},"type":"array"}},"required":["lifecycle","processing"]},{"type":"object","properties":{"wired":{"additionalProperties":false,"type":"object","properties":{"fields":{"additionalProperties":{"allOf":[{"additionalProperties":{"anyOf":[{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"},{"enum":["null"],"nullable":true},{"not":{}}]},{"items":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"},{"enum":["null"],"nullable":true},{"not":{}}]},"type":"array"},{}]},"type":"object"},{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"format":{"minLength":1,"type":"string"},"type":{"enum":["keyword","match_only_text","long","double","date","boolean","ip"],"type":"string"}},"required":["type"]},{"additionalProperties":false,"type":"object","properties":{"type":{"enum":["system"],"type":"string"}},"required":["type"]}]}]},"type":"object"},"routing":{"items":{"additionalProperties":false,"type":"object","properties":{"destination":{"minLength":1,"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]}},"required":["destination","if"]},"type":"array"}},"required":["fields","routing"]}},"required":["wired"]}]},{"allOf":[{"type":"object","properties":{"lifecycle":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"dsl":{"additionalProperties":false,"type":"object","properties":{"data_retention":{"minLength":1,"type":"string"}}}},"required":["dsl"]},{"additionalProperties":false,"type":"object","properties":{"ilm":{"additionalProperties":false,"type":"object","properties":{"policy":{"minLength":1,"type":"string"}},"required":["policy"]}},"required":["ilm"]},{"additionalProperties":false,"type":"object","properties":{"inherit":{"additionalProperties":false,"type":"object","properties":{}}},"required":["inherit"]}]},"processing":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"date":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"formats":{"items":{"minLength":1,"type":"string"},"type":"array"},"locale":{"minLength":1,"type":"string"},"output_format":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"},"timezone":{"minLength":1,"type":"string"}},"required":["field","formats"]}]}},"required":["date"]},{"additionalProperties":false,"type":"object","properties":{"dissect":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"append_separator":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern":{"minLength":1,"type":"string"}},"required":["field","pattern"]}]}},"required":["dissect"]},{"additionalProperties":false,"type":"object","properties":{"grok":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"pattern_definitions":{"additionalProperties":{"type":"string"},"type":"object"},"patterns":{"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"}},"required":["field","patterns"]}]}},"required":["grok"]},{"additionalProperties":false,"type":"object","properties":{"kv":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"exclude_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"field":{"minLength":1,"type":"string"},"field_split":{"type":"string"},"ignore_missing":{"type":"boolean"},"include_keys":{"items":{"minLength":1,"type":"string"},"type":"array"},"prefix":{"minLength":1,"type":"string"},"strip_brackets":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"},"trim_key":{"minLength":1,"type":"string"},"trim_value":{"minLength":1,"type":"string"},"value_split":{"type":"string"}},"required":["field","field_split","value_split"]}]}},"required":["kv"]},{"additionalProperties":false,"type":"object","properties":{"geoip":{"additionalProperties":false,"type":"object","properties":{"database_file":{"minLength":1,"type":"string"},"field":{"minLength":1,"type":"string"},"first_only":{"type":"boolean"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["geoip"]},{"additionalProperties":false,"type":"object","properties":{"rename":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"override":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field","target_field"]}]}},"required":["rename"]},{"additionalProperties":false,"type":"object","properties":{"set":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_empty_value":{"type":"boolean"},"media_type":{"type":"string"},"override":{"type":"boolean"},"value":{"minLength":1,"type":"string"}},"required":["field","value"]}]}},"required":["set"]},{"additionalProperties":false,"type":"object","properties":{"urldecode":{"allOf":[{"type":"object","properties":{"description":{"type":"string"},"if":{"anyOf":[{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["exists","notExists"],"type":"string"}},"required":["field","operator"]},{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"operator":{"enum":["eq","neq","lt","lte","gt","gte","contains","startsWith","endsWith"],"type":"string"},"value":{"anyOf":[{"type":"string"},{"type":"number"},{"type":"boolean"}]}},"required":["field","operator","value"]}]},{"additionalProperties":false,"type":"object","properties":{"and":{"items":{},"type":"array"}},"required":["and"]},{"additionalProperties":false,"type":"object","properties":{"or":{"items":{},"type":"array"}},"required":["or"]},{"additionalProperties":false,"type":"object","properties":{"never":{"additionalProperties":false,"type":"object","properties":{}}},"required":["never"]},{"additionalProperties":false,"type":"object","properties":{"always":{"additionalProperties":false,"type":"object","properties":{}}},"required":["always"]}]},"ignore_failure":{"type":"boolean"}}},{"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}]}},"required":["urldecode"]},{"additionalProperties":false,"type":"object","properties":{"user_agent":{"additionalProperties":false,"type":"object","properties":{"field":{"minLength":1,"type":"string"},"ignore_missing":{"type":"boolean"},"properties":{"items":{"minLength":1,"type":"string"},"type":"array"},"regex_file":{"minLength":1,"type":"string"},"target_field":{"minLength":1,"type":"string"}},"required":["field"]}},"required":["user_agent"]}]},"type":"array"}},"required":["lifecycle","processing"]},{"type":"object","properties":{"unwired":{"additionalProperties":false,"type":"object","properties":{}}},"required":["unwired"]}]}]}},"required":["ingest"]}}}},"responses":{},"summary":"Update ingest stream settings","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/content/export":{"post":{"description":"Exports the content associated to a stream.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"post-streams-name-content-export","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"description":{"type":"string"},"include":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"objects":{"additionalProperties":false,"type":"object","properties":{"dashboards":{"items":{"type":"string"},"type":"array"}},"required":["dashboards"]}},"required":["objects"]},{"additionalProperties":false,"type":"object","properties":{"all":{"additionalProperties":false,"type":"object","properties":{}}},"required":["all"]}]},"name":{"type":"string"},"replaced_patterns":{"items":{"type":"string"},"type":"array"},"version":{"type":"string"}},"required":["name","description","version","replaced_patterns","include"]}}}},"responses":{},"summary":"Export stream content","tags":["streams"]}},"/api/streams/{name}/content/import":{"post":{"description":"Links content objects to a stream.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"post-streams-name-content-import","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"multipart/form-data":{"schema":{"additionalProperties":false,"type":"object","properties":{"content":{},"include":{"type":"string"}},"required":["include","content"]}}}},"responses":{},"summary":"Import content into a stream","tags":["streams"]}},"/api/streams/{name}/dashboards":{"get":{"description":"Fetches all dashboards linked to a stream that are visible to the current user in the current space.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: read_stream.","operationId":"get-streams-name-dashboards","parameters":[{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Get stream dashboards","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/dashboards/_bulk":{"post":{"description":"Bulk update dashboards linked to a stream. Can link new dashboards and delete existing ones.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"post-streams-name-dashboards-bulk","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"operations":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"index":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}},"required":["index"]},{"additionalProperties":false,"type":"object","properties":{"delete":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}},"required":["delete"]}]},"type":"array"}},"required":["operations"]}}}},"responses":{},"summary":"Bulk update dashboards","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/dashboards/{dashboardId}":{"delete":{"description":"Unlinks a dashboard from a stream. Noop if the dashboard is not linked to the stream.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"delete-streams-name-dashboards-dashboardid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}},{"in":"path","name":"dashboardId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Unlink a dashboard from a stream","tags":["streams"],"x-state":"Technical Preview"},"put":{"description":"Links a dashboard to a stream. Noop if the dashboard is already linked to the stream.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"put-streams-name-dashboards-dashboardid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}},{"in":"path","name":"dashboardId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Link a dashboard to a stream","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/queries":{"get":{"description":"Fetches all queries linked to a stream that are visible to the current user in the current space.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: read_stream.","operationId":"get-streams-name-queries","parameters":[{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Get stream queries","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/queries/_bulk":{"post":{"description":"Bulk update queries of a stream. Can add new queries and delete existing ones.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"post-streams-name-queries-bulk","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"operations":{"items":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{"index":{"allOf":[{"type":"object","properties":{"id":{"minLength":1,"type":"string"},"title":{"minLength":1,"type":"string"}},"required":["id","title"]},{"type":"object","properties":{"kql":{"additionalProperties":false,"type":"object","properties":{"query":{"minLength":1,"type":"string"}},"required":["query"]}},"required":["kql"]}]}},"required":["index"]},{"additionalProperties":false,"type":"object","properties":{"delete":{"additionalProperties":false,"type":"object","properties":{"id":{"type":"string"}},"required":["id"]}},"required":["delete"]}]},"type":"array"}},"required":["operations"]}}}},"responses":{},"summary":"Bulk update queries","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/queries/{queryId}":{"delete":{"description":"Remove a query from a stream. Noop if the query is not found on the stream.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"delete-streams-name-queries-queryid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}},{"in":"path","name":"queryId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Remove a query from a stream","tags":["streams"],"x-state":"Technical Preview"},"put":{"description":"Adds a query to a stream. Noop if the query is already present on the stream.\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: manage_stream.","operationId":"put-streams-name-queries-queryid","parameters":[{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},{"in":"path","name":"name","required":true,"schema":{"type":"string"}},{"in":"path","name":"queryId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"additionalProperties":false,"type":"object","properties":{"kql":{"additionalProperties":false,"type":"object","properties":{"query":{"minLength":1,"type":"string"}},"required":["query"]},"title":{"minLength":1,"type":"string"}},"required":["title","kql"]}}}},"responses":{},"summary":"Upsert a query to a stream","tags":["streams"],"x-state":"Technical Preview"}},"/api/streams/{name}/significant_events":{"get":{"description":"Read the significant events\u003cbr/\u003e\u003cbr/\u003e[Required authorization] Route required privileges: read_stream.","operationId":"get-streams-name-significant-events","parameters":[{"in":"path","name":"name","required":true,"schema":{"type":"string"}},{"in":"query","name":"from","required":true,"schema":{"format":"date-time","type":"string"}},{"in":"query","name":"to","required":true,"schema":{"format":"date-time","type":"string"}},{"in":"query","name":"bucketSize","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"additionalProperties":false,"type":"object","properties":{}},{"enum":["null"],"nullable":true},{"not":{}}]}}}},"responses":{},"summary":"Read the significant events","tags":["streams"],"x-state":"Technical Preview"}},"/api/synthetics/monitors":{"get":{"description":"Get a list of monitors.\nYou must have `read` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"get-synthetic-monitors","parameters":[{"description":"Additional filtering criteria.","in":"query","name":"filter","schema":{"type":"string"}},{"description":"The locations to filter by.","in":"query","name":"locations","schema":{"oneOf":[{"type":"string"},{"type":"array"}]}},{"description":"The monitor types to filter.","in":"query","name":"monitorTypes","schema":{"oneOf":[{"enum":["browser","http","icmp","tcp"],"type":"string"},{"type":"array"}]}},{"description":"The page number for paginated results.","in":"query","name":"page","schema":{"type":"integer"}},{"description":"The number of items to return per page.","in":"query","name":"per_page","schema":{"type":"integer"}},{"description":"The projects to filter by.","in":"query","name":"projects","schema":{"oneOf":[{"type":"string"},{"type":"array"}]}},{"description":"A free-text query string.","in":"query","name":"query","schema":{"type":"string"}},{"description":"The schedules to filter by.","in":"query","name":"schedules","schema":{"oneOf":[{"type":"array"},{"type":"string"}]}},{"description":"The field to sort the results by.","in":"query","name":"sortField","schema":{"enum":["name","createdAt","updatedAt","status"],"type":"string"}},{"description":"The sort order.","in":"query","name":"sortOrder","schema":{"enum":["asc","desc"],"type":"string"}},{"description":"The status to filter by.","in":"query","name":"status","schema":{"oneOf":[{"type":"array"},{"type":"string"}]}},{"description":"Tags to filter monitors.","in":"query","name":"tags","schema":{"oneOf":[{"type":"string"},{"type":"array"}]}},{"description":"Specifies whether to apply logical AND filtering for specific fields. Accepts either a string with values \"tags\" or \"locations\" or an array containing both.\n","in":"query","name":"useLogicalAndFor","schema":{"oneOf":[{"enum":["tags","locations"],"type":"string"},{"items":{"enum":["tags","locations"],"type":"string"},"type":"array"}]}}],"responses":{"200":{"content":{"application/json":{"examples":{"getSyntheticMonitorsResponseExample1":{"description":"A successful response from `GET /api/synthetics/monitors?tags=prod\u0026monitorTypes=http\u0026locations=us-east-1\u0026projects=project1\u0026status=up`.","value":"{\n \"page\": 1,\n \"total\": 24,\n \"monitors\": [\n {\n \"type\": \"icmp\",\n \"enabled\": false,\n \"alert\": {\n \"status\": {\n \"enabled\": true\n },\n \"tls\": {\n \"enabled\": true\n }\n },\n \"schedule\": {\n \"number\": \"3\",\n \"unit\": \"m\"\n },\n \"config_id\": \"e59142e5-1fe3-4aae-b0b0-19d6345e65a1\",\n \"timeout\": \"16\",\n \"name\": \"8.8.8.8:80\",\n \"locations\": [\n {\n \"id\": \"us_central\",\n \"label\": \"North America - US Central\",\n \"geo\": {\n \"lat\": 41.25,\n \"lon\": -95.86\n },\n \"isServiceManaged\": true\n }\n ],\n \"namespace\": \"default\",\n \"origin\": \"ui\",\n \"id\": \"e59142e5-1fe3-4aae-b0b0-19d6345e65a1\",\n \"max_attempts\": 2,\n \"wait\": \"7\",\n \"revision\": 3,\n \"mode\": \"all\",\n \"ipv4\": true,\n \"ipv6\": true,\n \"created_at\": \"2023-11-07T09:57:04.152Z\",\n \"updated_at\": \"2023-12-04T19:19:34.039Z\",\n \"host\": \"8.8.8.8:80\"\n }\n ],\n \"absoluteTotal\": 24,\n \"perPage\": 10,\n}"}},"schema":{"type":"object"}}},"description":"A successful response."}},"summary":"Get monitors","tags":["synthetics"]},"post":{"description":"Create a new monitor with the specified attributes. A monitor can be one of the following types: HTTP, TCP, ICMP, or Browser. The required and default fields may vary based on the monitor type.\nYou must have `all` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"post-synthetic-monitors","requestBody":{"content":{"application/json":{"examples":{"postSyntheticMonitorsRequestExample1":{"description":"Create an HTTP monitor to check a website's availability.","summary":"HTTP monitor","value":"{\n \"type\": \"http\",\n \"name\": \"Website Availability\",\n \"url\": \"https://example.com\",\n \"tags\": [\"website\", \"availability\"],\n \"locations\": [\"united_kingdom\"]\n}"},"postSyntheticMonitorsRequestExample2":{"description":"Create a TCP monitor to monitor a server's availability.","summary":"TCP monitor","value":"{\n \"type\": \"tcp\",\n \"name\": \"Server Availability\",\n \"host\": \"example.com\",\n \"private_locations\": [\"my_private_location\"]\n}"},"postSyntheticMonitorsRequestExample3":{"description":"Create an ICMP monitor to perform ping checks.","summary":"ICMP monitor","value":"{\n \"type\": \"icmp\",\n \"name\": \"Ping Test\",\n \"host\": \"example.com\",\n \"locations\": [\"united_kingdom\"]\n}"},"postSyntheticMonitorsRequestExample4":{"description":"Create a browser monitor to check a website.","summary":"Browser monitor","value":"{\n \"type\": \"browser\",\n \"name\": \"Example journey\",\n \"inline_script\": \"step('Go to https://google.com.co', () =\u003e page.goto('https://www.google.com'))\",\n \"locations\": [\"united_kingdom\"]\n}"}},"schema":{"description":"The request body should contain the attributes of the monitor you want to create. The required and default fields differ depending on the monitor type.\n","discriminator":{"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/Synthetics_browserMonitorFields"},{"$ref":"#/components/schemas/Synthetics_httpMonitorFields"},{"$ref":"#/components/schemas/Synthetics_icmpMonitorFields"},{"$ref":"#/components/schemas/Synthetics_tcpMonitorFields"}]}}},"required":true},"responses":{"200":{"description":"A successful response."}},"summary":"Create a monitor","tags":["synthetics"]}},"/api/synthetics/monitors/_bulk_delete":{"post":{"description":"Delete multiple monitors by sending a list of config IDs.\n","operationId":"delete-synthetic-monitors","requestBody":{"content":{"application/json":{"examples":{"bulkDeleteRequestExample1":{"description":"Run `POST /api/synthetics/monitors/_bulk_delete` to delete a list of monitors.","value":"{\n \"ids\": [\n \"monitor1-id\",\n \"monitor2-id\"\n ]\n}"}},"schema":{"type":"object","properties":{"ids":{"description":"An array of monitor IDs to delete.","items":{"type":"string"},"type":"array"}},"required":["ids"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"deleteMonitorsResponseExample1":{"description":"A response from successfully deleting multiple monitors.","value":"[\n {\n \"id\": \"monitor1-id\",\n \"deleted\": true\n },\n {\n \"id\": \"monitor2-id\",\n \"deleted\": true\n }\n]"}},"schema":{"items":{"description":"The API response includes information about the deleted monitors.","type":"object","properties":{"deleted":{"description":"If it is `true`, the monitor was successfully deleted If it is `false`, the monitor was not deleted.\n","type":"boolean"},"ids":{"description":"The unique identifier of the deleted monitor.","type":"string"}}},"type":"array"}}}}},"summary":"Delete monitors","tags":["synthetics"]}},"/api/synthetics/monitors/{id}":{"delete":{"description":"Delete a monitor from the Synthetics app.\nYou must have `all` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"delete-synthetic-monitor","parameters":[{"description":"The identifier for the monitor that you want to delete.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"summary":"Delete a monitor","tags":["synthetics"]},"get":{"operationId":"get-synthetic-monitor","parameters":[{"description":"The ID of the monitor.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"getSyntheticMonitorResponseExample1":{"description":"A successful response from `GET /api/synthetics/monitors/\u003cid\u003e`.","value":"{\n \"type\": \"http\",\n \"enabled\": true,\n \"alert\": {\n \"status\": {\n \"enabled\": true\n },\n \"tls\": {\n \"enabled\": true\n }\n },\n \"schedule\": {\n \"number\": \"3\",\n \"unit\": \"m\"\n },\n \"config_id\": \"a8188705-d01e-4bb6-87a1-64fa5e4b07ec\",\n \"timeout\": \"16\",\n \"name\": \"am i something\",\n \"locations\": [\n {\n \"id\": \"us_central\",\n \"label\": \"North America - US Central\",\n \"geo\": {\n \"lat\": 41.25,\n \"lon\": -95.86\n },\n \"isServiceManaged\": true\n }\n ],\n \"namespace\": \"default\",\n \"origin\": \"ui\",\n \"id\": \"a8188705-d01e-4bb6-87a1-64fa5e4b07ec\",\n \"max_attempts\": 2,\n \"__ui\": {\n \"is_tls_enabled\": false\n },\n \"max_redirects\": \"0\",\n \"response.include_body\": \"on_error\",\n \"response.include_headers\": true,\n \"check.request.method\": \"GET\",\n \"mode\": \"any\",\n \"response.include_body_max_bytes\": \"1024\",\n \"ipv4\": true,\n \"ipv6\": true,\n \"ssl.verification_mode\": \"full\",\n \"ssl.supported_protocols\": [\n \"TLSv1.1\",\n \"TLSv1.2\",\n \"TLSv1.3\"\n ],\n \"revision\": 13,\n \"created_at\": \"2023-11-08T08:45:29.334Z\",\n \"updated_at\": \"2023-12-18T20:31:44.770Z\",\n \"url\": \"https://fast.com\"\n}"}},"schema":{"type":"object"}}}},"404":{"description":"If the monitor is not found, the API returns a 404 error."}},"summary":"Get a monitor","tags":["synthetics"]},"put":{"description":"Update a monitor with the specified attributes. The required and default fields may vary based on the monitor type.\nYou must have `all` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\nYou can also partially update a monitor. This will only update the fields that are specified in the request body. All other fields are left unchanged. The specified fields should conform to the monitor type. For example, you can't update the `inline_scipt` field of a HTTP monitor.\n","operationId":"put-synthetic-monitor","parameters":[{"description":"The identifier for the monitor that you want to update.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"examples":{"putSyntheticMonitorsRequestExample1":{"description":"Update an HTTP monitor that checks a website's availability.","summary":"HTTP monitor","value":"{\n \"type\": \"http\",\n \"name\": \"Website Availability\",\n \"url\": \"https://example.com\",\n \"tags\": [\"website\", \"availability\"],\n \"locations\": [\"united_kingdom\"]\n}"},"putSyntheticMonitorsRequestExample2":{"description":"Update a TCP monitor that monitors a server's availability.","summary":"TCP monitor","value":"{\n \"type\": \"tcp\",\n \"name\": \"Server Availability\",\n \"host\": \"example.com\",\n \"private_locations\": [\"my_private_location\"]\n}"},"putSyntheticMonitorsRequestExample3":{"description":"Update an ICMP monitor that performs ping checks.","summary":"ICMP monitor","value":"{\n \"type\": \"icmp\",\n \"name\": \"Ping Test\",\n \"host\": \"example.com\",\n \"locations\": [\"united_kingdom\"]\n}"},"putSyntheticMonitorsRequestExample4":{"description":"Update a browser monitor that checks a website.","summary":"Browser monitor","value":"{\n \"type\": \"browser\",\n \"name\": \"Example journey\",\n \"inline_script\": \"step('Go to https://google.com.co', () =\u003e page.goto('https://www.google.com'))\",\n \"locations\": [\"united_kingdom\"]\n}"}},"schema":{"description":"The request body should contain the attributes of the monitor you want to update. The required and default fields differ depending on the monitor type.\n","discriminator":{"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/Synthetics_browserMonitorFields"},{"$ref":"#/components/schemas/Synthetics_httpMonitorFields"},{"$ref":"#/components/schemas/Synthetics_icmpMonitorFields"},{"$ref":"#/components/schemas/Synthetics_tcpMonitorFields"}],"type":"object"}}},"required":true},"summary":"Update a monitor","tags":["synthetics"]}},"/api/synthetics/params":{"get":{"description":"Get a list of all parameters. You must have `read` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"get-parameters","responses":{"200":{"content":{"application/json":{"examples":{"getParametersResponseExample1":{"description":"A successful response for a user with read-only permissions to get a list of parameters.","summary":"Read access","value":"[\n {\n \"id\": \"param1-id\",\n \"key\": \"param1\",\n \"description\": \"Description for param1\",\n \"tags\": [\"tag1\", \"tag2\"],\n \"namespaces\": [\"namespace1\"]\n },\n {\n \"id\": \"param2-id\",\n \"key\": \"param2\",\n \"description\": \"Description for param2\",\n \"tags\": [\"tag3\"],\n \"namespaces\": [\"namespace2\"]\n }\n]"},"getParametersResponseExample2":{"description":"A successful response for a user with write permissions to get a list of parameters.","summary":"Write access","value":"[\n {\n \"id\": \"param1-id\",\n \"key\": \"param1\",\n \"description\": \"Description for param1\",\n \"tags\": [\"tag1\", \"tag2\"],\n \"namespaces\": [\"namespace1\"],\n \"value\": \"value1\"\n },\n {\n \"id\": \"param2-id\",\n \"key\": \"param2\",\n \"description\": \"Description for param2\",\n \"tags\": [\"tag3\"],\n \"namespaces\": [\"namespace2\"],\n \"value\": \"value2\"\n }\n]"}},"schema":{"items":[{"$ref":"#/components/schemas/Synthetics_getParameterResponse"}],"type":"array"}}},"description":"A successful response."}},"summary":"Get parameters","tags":["synthetics"]},"post":{"description":"Add one or more parameters to the Synthetics app.\nYou must have `all` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"post-parameters","requestBody":{"content":{"application/json":{"examples":{"postParametersRequestExample1":{"description":"Add a single parameter.","summary":"Single parameter","value":"{\n \"key\": \"your-key-name\",\n \"value\": \"your-parameter-value\",\n \"description\": \"Param to use in browser monitor\",\n \"tags\": [\"authentication\", \"security\"],\n \"share_across_spaces\": true\n}"},"postParametersRequestExample2":{"description":"Add multiple parameters.","summary":"Multiple parameters","value":"[\n {\n \"key\": \"param1\",\n \"value\": \"value1\"\n },\n {\n \"key\": \"param2\",\n \"value\": \"value2\"\n }\n]"}},"schema":{"oneOf":[{"items":{"$ref":"#/components/schemas/Synthetics_parameterRequest"},"type":"array"},{"$ref":"#/components/schemas/Synthetics_parameterRequest"}]}}},"description":"The request body can contain either a single parameter object or an array of parameter objects.","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"postParametersResponseExample1":{"description":"A successful response for a single added parameter.","summary":"Single parameter","value":"{\n \"id\": \"unique-parameter-id\",\n \"key\": \"your-key-name\",\n \"value\": \"your-param-value\",\n \"description\": \"Param to use in browser monitor\",\n \"tags\": [\"authentication\", \"security\"],\n \"share_across_spaces\": true\n}"},"postParametersResponseExample2":{"description":"A successful response for multiple added parameters.","summary":"Multiple parameters","value":"[\n {\n \"id\": \"param1-id\",\n \"key\": \"param1\",\n \"value\": \"value1\"\n },\n {\n \"id\": \"param2-id\",\n \"key\": \"param2\",\n \"value\": \"value2\"\n }\n]"}},"schema":{"oneOf":[{"items":{"$ref":"#/components/schemas/Synthetics_postParameterResponse"},"type":"array"},{"$ref":"#/components/schemas/Synthetics_postParameterResponse"}]}}},"description":"A successful response."}},"summary":"Add parameters","tags":["synthetics"]}},"/api/synthetics/params/_bulk_delete":{"delete":{"description":"Delete parameters from the Synthetics app.\nYou must have `all` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"delete-parameters","requestBody":{"content":{"application/json":{"examples":{"deleteParametersRequestExample1":{"description":"Run `POST /api/synthetics/params/_bulk_delete` to delete multiple parameters.","value":"{\n \"ids\": [\"param1-id\", \"param2-id\"]\n}"}},"schema":{"property":{"ids":{"description":"An array of parameter IDs to delete.","items":{"type":"string"},"type":"array"}},"type":"object"}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"deleteParametersResponseExample1":{"value":"[\n {\n \"id\": \"param1-id\",\n \"deleted\": true\n }\n]"}},"schema":{"items":{"type":"object","properties":{"deleted":{"description":"Indicates whether the parameter was successfully deleted. It is `true` if it was deleted. It is `false` if it was not deleted.\n","type":"boolean"},"id":{"description":"The unique identifier for the deleted parameter.","type":"string"}}},"type":"array"}}},"description":"A successful response."}},"summary":"Delete parameters","tags":["synthetics"]}},"/api/synthetics/params/{id}":{"delete":{"description":"Delete a parameter from the Synthetics app.\nYou must have `all` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"delete-parameter","parameters":[{"description":"The ID for the parameter to delete.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"summary":"Delete a parameter","tags":["synthetics"]},"get":{"description":"Get a parameter from the Synthetics app.\nYou must have `read` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"get-parameter","parameters":[{"description":"The unique identifier for the parameter.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"getParameterResponseExample1":{"description":"A successful response for a user with read-only permissions to get a single parameter.","summary":"Read access","value":"{\n \"id\": \"unique-parameter-id\",\n \"key\": \"your-api-key\",\n \"description\": \"Param to use in browser monitor\",\n \"tags\": [\"authentication\", \"security\"],\n \"namespaces\": [\"namespace1\", \"namespace2\"]\n}"},"getParameterResponseExample2":{"description":"A successful response for a user with write permissions to get a single parameter.","summary":"Write access","value":"{\n \"id\": \"unique-parameter-id\",\n \"key\": \"your-param-key\",\n \"description\": \"Param to use in browser monitor\",\n \"tags\": [\"authentication\", \"security\"],\n \"namespaces\": [\"namespace1\", \"namespace2\"],\n \"value\": \"your-param-value\"\n}"}},"schema":{"$ref":"#/components/schemas/Synthetics_getParameterResponse"}}},"description":"A successful response."}},"summary":"Get a parameter","tags":["synthetics"]},"put":{"description":"Update a parameter in the Synthetics app.\nYou must have `all` privileges for the Synthetics feature in the Observability section of the Kibana feature privileges.\n","operationId":"put-parameter","parameters":[{"description":"The unique identifier for the parameter.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"examples":{"putParameterRequestExample1":{"value":"{\n \"key\": \"updated_param_key\",\n \"value\": \"updated-param-value\",\n \"description\": \"Updated Param to be used in browser monitor\",\n \"tags\": [\"authentication\", \"security\", \"updated\"]\n}"}},"schema":{"type":"object","properties":{"description":{"description":"The updated description of the parameter.","type":"string"},"key":{"description":"The key of the parameter.","type":"string"},"tags":{"description":"An array of updated tags to categorize the parameter.","items":{"type":"string"},"type":"array"},"value":{"description":"The updated value associated with the parameter.","type":"string"}}}}},"description":"The request body cannot be empty; at least one attribute is required.","required":true},"responses":{"200":{"content":{"application/json":{"examples":{"putParameterResponseExample1":{"value":"{\n \"id\": \"param_id1\",\n \"key\": \"updated_param_key\",\n \"value\": \"updated-param-value\",\n \"description\": \"Updated Param to be used in browser monitor\",\n \"tags\": [\"authentication\", \"security\", \"updated\"]\n}"}},"schema":{"type":"object"}}},"description":"A successful response."}},"summary":"Update a parameter","tags":["synthetics"]}},"/api/synthetics/private_locations":{"get":{"description":"Get a list of private locations.\nYou must have `read` privileges for the Synthetics and Uptime feature in the Observability section of the Kibana feature privileges.\n","operationId":"get-private-locations","responses":{"200":{"content":{"application/json":{"examples":{"getPrivateLocationsResponseExample1":{"value":"[\n {\n \"label\": \"Test private location\",\n \"id\": \"fleet-server-policy\",\n \"agentPolicyId\": \"fleet-server-policy\",\n \"isInvalid\": false,\n \"geo\": {\n \"lat\": 0,\n \"lon\": 0\n },\n \"namespace\": \"default\"\n },\n {\n \"label\": \"Test private location 2\",\n \"id\": \"691225b0-6ced-11ee-8f5a-376306ee85ae\",\n \"agentPolicyId\": \"691225b0-6ced-11ee-8f5a-376306ee85ae\",\n \"isInvalid\": false,\n \"geo\": {\n \"lat\": 0,\n \"lon\": 0\n },\n \"namespace\": \"test\"\n }\n]"}},"schema":{"items":{"$ref":"#/components/schemas/Synthetics_getPrivateLocation"},"type":"array"}}},"description":"A successful response."}},"summary":"Get private locations","tags":["synthetics"]},"post":{"description":"You must have `all` privileges for the Synthetics and Uptime feature in the Observability section of the Kibana feature privileges.","operationId":"post-private-location","requestBody":{"content":{"application/json":{"examples":{"postPrivateLocationRequestExample1":{"description":"Run `POST /api/private_locations` to create a private location.","value":"{\n \"label\": \"Private Location 1\",\n \"agentPolicyId\": \"abcd1234\",\n \"tags\": [\"private\", \"testing\"],\n \"geo\": {\n \"lat\": 40.7128,\n \"lon\": -74.0060\n }\n \"spaces\": [\"default\"]\n}"}},"schema":{"type":"object","properties":{"agentPolicyId":{"description":"The ID of the agent policy associated with the private location.","type":"string"},"geo":{"description":"Geographic coordinates (WGS84) for the location.","type":"object","properties":{"lat":{"description":"The latitude of the location.","type":"number"},"lon":{"description":"The longitude of the location.","type":"number"}},"required":["lat","lon"]},"label":{"description":"A label for the private location.","type":"string"},"spaces":{"description":"An array of space IDs where the private location is available. If it is not provided, the private location is available in all spaces.\n","items":{"type":"string"},"type":"array"},"tags":{"description":"An array of tags to categorize the private location.","items":{"type":"string"},"type":"array"}},"required":["agentPolicyId","label"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"examples":{"postPrivateLocationResponseExample1":{"value":"{\n \"id\": \"abcd1234\",\n \"label\": \"Private Location 1\",\n \"agentPolicyId\": \"abcd1234\",\n \"tags\": [\"private\", \"testing\"],\n \"geo\": {\n \"lat\": 40.7128,\n \"lon\": -74.0060\n }\n}"}},"schema":{"type":"object"}}},"description":"A successful response."},"400":{"description":"If the `agentPolicyId` is already used by an existing private location or if the `label` already exists, the API will return a 400 Bad Request response with a corresponding error message."}},"summary":"Create a private location","tags":["synthetics"]}},"/api/synthetics/private_locations/{id}":{"delete":{"description":"You must have `all` privileges for the Synthetics and Uptime feature in the Observability section of the Kibana feature privileges.\nThe API does not return a response body for deletion, but it will return an appropriate status code upon successful deletion.\nA location cannot be deleted if it has associated monitors in use. You must delete all monitors associated with the location before deleting the location.\n","operationId":"delete-private-location","parameters":[{"description":"The unique identifier of the private location to be deleted.","in":"path","name":"id","required":true,"schema":{"maxLength":1024,"minLength":1,"type":"string"}}],"summary":"Delete a private location","tags":["synthetics"]},"get":{"description":"You must have `read` privileges for the Synthetics and Uptime feature in the Observability section of the Kibana feature privileges.\n","operationId":"get-private-location","parameters":[{"description":"A private location identifier or label.","in":"path","name":"id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"getPrivateLocationResponseExample1":{"value":"{\n \"label\": \"Test private location\",\n \"id\": \"test-private-location-id\",\n \"agentPolicyId\": \"test-private-location-id\",\n \"isServiceManaged\": false,\n \"isInvalid\": false,\n \"geo\": {\n \"lat\": 0,\n \"lon\": 0\n },\n \"namespace\": \"default\"\n}"}},"schema":{"$ref":"#/components/schemas/Synthetics_getPrivateLocation"}}},"description":"A successful response."}},"summary":"Get a private location","tags":["synthetics"]}},"/api/task_manager/_health":{"get":{"description":"Get the health status of the Kibana task manager.\n","operationId":"task-manager-health","responses":{"200":{"content":{"application/json":{"examples":{"taskManagerHealthResponse1":{"$ref":"#/components/examples/Task_manager_health_APIs_health_200response"}},"schema":{"$ref":"#/components/schemas/Task_manager_health_APIs_health_response"}}},"description":"Indicates a successful call"}},"summary":"Get the task manager health","tags":["task manager"]}},"/api/timeline":{"delete":{"description":"Delete one or more Timelines or Timeline templates.","operationId":"DeleteTimelines","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"savedObjectIds":{"description":"The list of IDs of the Timelines or Timeline templates to delete","example":["15c1929b-0af7-42bd-85a8-56e234cc7c4e"],"items":{"type":"string"},"type":"array"},"searchIds":{"description":"Saved search IDs that should be deleted alongside the timelines","example":["23f3-43g34g322-e5g5hrh6h-45454","6ce1b592-84e3-4b4a-9552-f189d4b82075"],"items":{"type":"string"},"type":"array"}},"required":["savedObjectIds"]}}},"description":"The IDs of the Timelines or Timeline templates to delete.","required":true},"responses":{"200":{"description":"Indicates the Timeline was successfully deleted."}},"summary":"Delete Timelines or Timeline templates","tags":["Security Timeline API"]},"get":{"description":"Get the details of an existing saved Timeline or Timeline template.","operationId":"GetTimeline","parameters":[{"description":"The `savedObjectId` of the template timeline to retrieve","in":"query","name":"template_timeline_id","schema":{"type":"string"}},{"description":"The `savedObjectId` of the Timeline to retrieve.","in":"query","name":"id","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineResponse"}}},"description":"Indicates that the (template) Timeline was found and returned."}},"summary":"Get Timeline or Timeline template details","tags":["Security Timeline API"]},"patch":{"description":"Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline.","operationId":"PatchTimeline","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"timeline":{"$ref":"#/components/schemas/Security_Timeline_API_SavedTimeline","description":"The timeline object of the Timeline or Timeline template that you’re updating."},"timelineId":{"description":"The `savedObjectId` of the Timeline or Timeline template that you’re updating.","example":"15c1929b-0af7-42bd-85a8-56e234cc7c4e","nullable":true,"type":"string"},"version":{"description":"The version of the Timeline or Timeline template that you’re updating.","example":"WzE0LDFd","nullable":true,"type":"string"}},"required":["timelineId","version","timeline"]}}},"description":"The Timeline updates, along with the Timeline ID and version.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_PersistTimelineResponse"}}},"description":"Indicates that the Timeline was successfully updated."},"405":{"content":{"application/json":{"schema":{"type":"object","properties":{"body":{"description":"The error message","example":"update timeline error","type":"string"},"statusCode":{"example":405,"type":"number"}}}}},"description":"Indicates that the user does not have the required access to create a Timeline."}},"summary":"Update a Timeline","tags":["Security Timeline API"]},"post":{"description":"Create a new Timeline or Timeline template.","operationId":"CreateTimelines","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"status":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineStatus","nullable":true},"templateTimelineId":{"description":"A unique identifier for the Timeline template.","example":"6ce1b592-84e3-4b4a-9552-f189d4b82075","nullable":true,"type":"string"},"templateTimelineVersion":{"description":"Timeline template version number.","example":12,"nullable":true,"type":"number"},"timeline":{"$ref":"#/components/schemas/Security_Timeline_API_SavedTimeline"},"timelineId":{"description":"A unique identifier for the Timeline.","example":"6ce1b592-84e3-4b4a-9552-f189d4b82075","nullable":true,"type":"string"},"timelineType":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineType","nullable":true},"version":{"nullable":true,"type":"string"}},"required":["timeline"]}}},"description":"The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_PersistTimelineResponse"}}},"description":"Indicates the Timeline was successfully created."},"405":{"content":{"application/json":{"schema":{"type":"object","properties":{"body":{"description":"The error message","example":"update timeline error","type":"string"},"statusCode":{"example":405,"type":"number"}}}}},"description":"Indicates that there was an error in the Timeline creation."}},"summary":"Create a Timeline or Timeline template","tags":["Security Timeline API"]}},"/api/timeline/_copy":{"get":{"description":"Copies and returns a timeline or timeline template.\n","operationId":"CopyTimeline","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"timeline":{"$ref":"#/components/schemas/Security_Timeline_API_SavedTimeline"},"timelineIdToCopy":{"type":"string"}},"required":["timeline","timelineIdToCopy"]}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_PersistTimelineResponse"}}},"description":"Indicates that the timeline has been successfully copied."}},"summary":"Copies timeline or timeline template","tags":["Security Timeline API"]}},"/api/timeline/_draft":{"get":{"description":"Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned.","operationId":"GetDraftTimelines","parameters":[{"in":"query","name":"timelineType","required":true,"schema":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineType"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_PersistTimelineResponse"}}},"description":"Indicates that the draft Timeline was successfully retrieved."},"403":{"content":{"application:json":{"schema":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"number"}}}}},"description":"If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline."},"409":{"content":{"application:json":{"schema":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"number"}}}}},"description":"This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`."}},"summary":"Get draft Timeline or Timeline template details","tags":["Security Timeline API"]},"post":{"description":"Create a clean draft Timeline or Timeline template for the current user.\n\u003e info\n\u003e If the user already has a draft Timeline, the existing draft Timeline is cleared and returned.\n","operationId":"CleanDraftTimelines","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"timelineType":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineType"}},"required":["timelineType"]}}},"description":"The type of Timeline to create. Valid values are `default` and `template`.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_PersistTimelineResponse"}}},"description":"Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned."},"403":{"content":{"application:json":{"schema":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"number"}}}}},"description":"Indicates that the user does not have the required permissions to create a draft Timeline."},"409":{"content":{"application:json":{"schema":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"number"}}}}},"description":"Indicates that there is already a draft Timeline with the given `timelineId`."}},"summary":"Create a clean draft Timeline or Timeline template","tags":["Security Timeline API"]}},"/api/timeline/_export":{"post":{"description":"Export Timelines as an NDJSON file.","operationId":"ExportTimelines","parameters":[{"description":"The name of the file to export","in":"query","name":"file_name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"ids":{"items":{"type":"string"},"nullable":true,"type":"array"}}}}},"description":"The IDs of the Timelines to export.","required":true},"responses":{"200":{"content":{"application/ndjson":{"schema":{"description":"NDJSON of the exported Timelines","type":"string"}}},"description":"Indicates the Timelines were successfully exported."},"400":{"content":{"application/ndjson":{"schema":{"type":"object","properties":{"body":{"type":"string"},"statusCode":{"type":"number"}}}}},"description":"Indicates that the export size limit was exceeded."}},"summary":"Export Timelines","tags":["Security Timeline API"]}},"/api/timeline/_favorite":{"patch":{"description":"Favorite a Timeline or Timeline template for the current user.","operationId":"PersistFavoriteRoute","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"templateTimelineId":{"nullable":true,"type":"string"},"templateTimelineVersion":{"nullable":true,"type":"number"},"timelineId":{"nullable":true,"type":"string"},"timelineType":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineType","nullable":true}},"required":["timelineId","templateTimelineId","templateTimelineVersion","timelineType"]}}},"description":"The required fields used to favorite a (template) Timeline.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse"}}},"description":"Indicates the favorite status was successfully updated."},"403":{"content":{"application:json":{"schema":{"type":"object","properties":{"body":{"type":"string"},"statusCode":{"type":"number"}}}}},"description":"Indicates the user does not have the required permissions to persist the favorite status."}},"summary":"Favorite a Timeline or Timeline template","tags":["Security Timeline API"]}},"/api/timeline/_import":{"post":{"description":"Import Timelines.","operationId":"ImportTimelines","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"file":{},"isImmutable":{"description":"Whether the Timeline should be immutable","enum":["true","false"],"type":"string"}},"required":["file"]}}},"description":"The Timelines to import as a readable stream.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_ImportTimelineResult"}}},"description":"Indicates the import of Timelines was successful."},"400":{"content":{"application/json":{"schema":{"type":"object","properties":{"body":{"description":"The error message","example":"Invalid file extension","type":"string"},"statusCode":{"example":400,"type":"number"}}}}},"description":"Indicates the import of Timelines was unsuccessful because of an invalid file extension."},"404":{"content":{"application/json":{"schema":{"type":"object","properties":{"body":{"description":"The error message","example":"Unable to find saved object client","type":"string"},"statusCode":{"example":404,"type":"number"}}}}},"description":"Indicates that we were unable to locate the saved object client necessary to handle the import."},"409":{"content":{"application/json":{"schema":{"type":"object","properties":{"body":{"description":"The error message","example":"Could not import timelines","type":"string"},"statusCode":{"example":409,"type":"number"}}}}},"description":"Indicates the import of Timelines was unsuccessful."}},"summary":"Import Timelines","tags":["Security Timeline API"]}},"/api/timeline/_prepackaged":{"post":{"description":"Install or update prepackaged Timelines.","operationId":"InstallPrepackedTimelines","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"prepackagedTimelines":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject","nullable":true},"type":"array"},"timelinesToInstall":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_ImportTimelines","nullable":true},"type":"array"},"timelinesToUpdate":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_ImportTimelines","nullable":true},"type":"array"}},"required":["timelinesToInstall","timelinesToUpdate","prepackagedTimelines"]}}},"description":"The Timelines to install or update.","required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_ImportTimelineResult"}}},"description":"Indicates the installation of prepackaged Timelines was successful."},"500":{"content":{"application:json":{"schema":{"type":"object","properties":{"body":{"type":"string"},"statusCode":{"type":"number"}}}}},"description":"Indicates the installation of prepackaged Timelines was unsuccessful."}},"summary":"Install prepackaged Timelines","tags":["Security Timeline API"]}},"/api/timeline/resolve":{"get":{"operationId":"ResolveTimeline","parameters":[{"description":"The ID of the template timeline to resolve","in":"query","name":"template_timeline_id","schema":{"type":"string"}},{"description":"The ID of the timeline to resolve","in":"query","name":"id","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Security_Timeline_API_ResolvedTimeline"}}},"description":"The (template) Timeline has been found"},"400":{"description":"The request is missing parameters"},"404":{"description":"The (template) Timeline was not found"}},"summary":"Get an existing saved Timeline or Timeline template","tags":["Security Timeline API"]}},"/api/timelines":{"get":{"description":"Get a list of all saved Timelines or Timeline templates.","operationId":"GetTimelines","parameters":[{"description":"If true, only timelines that are marked as favorites by the user are returned.","in":"query","name":"only_user_favorite","schema":{"enum":["true","false"],"nullable":true,"type":"string"}},{"in":"query","name":"timeline_type","schema":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineType","nullable":true}},{"in":"query","name":"sort_field","schema":{"$ref":"#/components/schemas/Security_Timeline_API_SortFieldTimeline"}},{"description":"Whether to sort the results `ascending` or `descending`","in":"query","name":"sort_order","schema":{"enum":["asc","desc"],"type":"string"}},{"description":"How many results should returned at once","in":"query","name":"page_size","schema":{"nullable":true,"type":"string"}},{"description":"How many pages should be skipped","in":"query","name":"page_index","schema":{"nullable":true,"type":"string"}},{"description":"Allows to search for timelines by their title","in":"query","name":"search","schema":{"nullable":true,"type":"string"}},{"in":"query","name":"status","schema":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineStatus","nullable":true}}],"responses":{"200":{"content":{"application/json":{"schema":{"type":"object","properties":{"customTemplateTimelineCount":{"description":"The amount of custom Timeline templates in the results","example":2,"type":"number"},"defaultTimelineCount":{"description":"The amount of `default` type Timelines in the results","example":90,"type":"number"},"elasticTemplateTimelineCount":{"description":"The amount of Elastic's Timeline templates in the results","example":8,"type":"number"},"favoriteCount":{"description":"The amount of favorited Timelines","example":5,"type":"number"},"templateTimelineCount":{"description":"The amount of Timeline templates in the results","example":10,"type":"number"},"timeline":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineResponse"},"type":"array"},"totalCount":{"description":"The total amount of results","example":100,"type":"number"}},"required":["timeline","totalCount"]}}},"description":"Indicates that the (template) Timelines were found and returned."},"400":{"content":{"application:json":{"schema":{"type":"object","properties":{"body":{"description":"The error message","example":"get timeline error","type":"string"},"statusCode":{"example":405,"type":"number"}}}}},"description":"Bad request. The user supplied invalid data."}},"summary":"Get Timelines or Timeline templates","tags":["Security Timeline API"]}},"/api/upgrade_assistant/status":{"get":{"description":"Check the status of your cluster.","operationId":"get-upgrade-status","responses":{"200":{"content":{"application/json":{"examples":{"getUpgradeStatusResponseExample1":{"value":"{\n \"readyForUpgrade\": false,\n \"cluster\": [\n {\n \"message\": \"Cluster deprecated issue\",\n \"details\":\"You have 2 system indices that must be migrated and 5 Elasticsearch deprecation issues and 0 Kibana deprecation issues that must be resolved before upgrading.\"\n }\n ]\n}"}}}},"description":"Indicates a successful call."}},"summary":"Get the upgrade readiness status","tags":["upgrade"],"x-state":"Technical Preview"}},"/api/uptime/settings":{"get":{"description":"You must have `read` privileges for the uptime feature in the Observability section of the Kibana feature privileges.\n","operationId":"get-uptime-settings","responses":{"200":{"content":{"application/json":{"examples":{"getUptimeSettingsResponseExample1":{"value":"{\n \"heartbeatIndices\": \"heartbeat-8*\",\n \"certExpirationThreshold\": 30,\n \"certAgeThreshold\": 730,\n \"defaultConnectors\": [\n \"08990f40-09c5-11ee-97ae-912b222b13d4\",\n \"db25f830-2318-11ee-9391-6b0c030836d6\"\n ],\n \"defaultEmail\": {\n \"to\": [],\n \"cc\": [],\n \"bcc\": []\n }\n}"}},"schema":{"type":"object"}}},"description":"Indicates a successful call"}},"summary":"Get uptime settings","tags":["uptime"]},"put":{"description":"Update uptime setting attributes like `heartbeatIndices`, `certExpirationThreshold`, `certAgeThreshold`, `defaultConnectors`, or `defaultEmail`. You must have `all` privileges for the uptime feature in the Observability section of the Kibana feature privileges. A partial update is supported, provided settings keys will be merged with existing settings.\n","operationId":"put-uptime-settings","requestBody":{"content":{"application/json":{"examples":{"putUptimeSettingsRequestExample1":{"description":"Run `PUT api/uptime/settings` to update multiple Uptime settings.","summary":"Update multiple settings","value":"{\n \"heartbeatIndices\": \"heartbeat-8*\",\n \"certExpirationThreshold\": 30,\n \"certAgeThreshold\": 730,\n \"defaultConnectors\": [\n \"08990f40-09c5-11ee-97ae-912b222b13d4\",\n \"db25f830-2318-11ee-9391-6b0c030836d6\"\n ],\n \"defaultEmail\": {\n \"to\": [],\n \"cc\": [],\n \"bcc\": []\n }\n}"},"putUptimeSettingsRequestExample2":{"description":"Run `PUT api/uptime/settings` to update a single Uptime setting.","summary":"Update a setting","value":"{\n \"heartbeatIndices\": \"heartbeat-8*\",\n}"}},"schema":{"type":"object","properties":{"certAgeThreshold":{"default":730,"description":"The number of days after a certificate is created to trigger an alert.","type":"number"},"certExpirationThreshold":{"default":30,"description":"The number of days before a certificate expires to trigger an alert.","type":"number"},"defaultConnectors":{"default":[],"description":"A list of connector IDs to be used as default connectors for new alerts.","type":"array"},"defaultEmail":{"description":"The default email configuration for new alerts.\n","type":"object","properties":{"bcc":{"default":[],"items":[{"type":"string"}],"type":"array"},"cc":{"default":[],"items":[{"type":"string"}],"type":"array"},"to":{"default":[],"items":[{"type":"string"}],"type":"array"}}},"heartbeatIndices":{"default":"heartbeat-*","description":"An index pattern string to be used within the Uptime app and alerts to query Heartbeat data. \n","type":"string"}}}}}},"responses":{"200":{"content":{"application/json":{"examples":{"putUptimeSettingsResponseExample1":{"description":"A successful response from `PUT api/uptime/settings`.","value":"{\n \"heartbeatIndices\": \"heartbeat-8*\",\n \"certExpirationThreshold\": 30,\n \"certAgeThreshold\": 730,\n \"defaultConnectors\": [\n \"08990f40-09c5-11ee-97ae-912b222b13d4\",\n \"db25f830-2318-11ee-9391-6b0c030836d6\"\n ],\n \"defaultEmail\": {\n \"to\": [],\n \"cc\": [],\n \"bcc\": []\n }\n}"}},"schema":{"type":"object"}}},"description":"Indicates a successful call"}},"summary":"Update uptime settings","tags":["uptime"]}},"/s/{spaceId}/api/observability/slos":{"get":{"description":"You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"findSlosOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"description":"A valid kql query to filter the SLO with","example":"slo.name:latency* and slo.tags : \"prod\"","in":"query","name":"kqlQuery","schema":{"type":"string"}},{"description":"The page size to use for cursor-based pagination, must be greater or equal than 1","example":1,"in":"query","name":"size","schema":{"default":1,"type":"integer"}},{"description":"The cursor to use for fetching the results from, when using a cursor-base pagination.","in":"query","name":"searchAfter","schema":{"items":{"type":"string"},"type":"array"}},{"description":"The page to use for pagination, must be greater or equal than 1","example":1,"in":"query","name":"page","schema":{"default":1,"type":"integer"}},{"description":"Number of SLOs returned by page","example":25,"in":"query","name":"perPage","schema":{"default":25,"maximum":5000,"type":"integer"}},{"description":"Sort by field","example":"status","in":"query","name":"sortBy","schema":{"default":"status","enum":["sli_value","status","error_budget_consumed","error_budget_remaining"],"type":"string"}},{"description":"Sort order","example":"asc","in":"query","name":"sortDirection","schema":{"default":"asc","enum":["asc","desc"],"type":"string"}},{"description":"Hide stale SLOs from the list as defined by stale SLO threshold in SLO settings","in":"query","name":"hideStale","schema":{"type":"boolean"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_find_slo_response"}}},"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_404_response"}}},"description":"Not found response"}},"summary":"Get a paginated list of SLOs","tags":["slo"]},"post":{"description":"You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"createSloOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_create_slo_request"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_create_slo_response"}}},"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"},"409":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_409_response"}}},"description":"Conflict - The SLO id already exists"}},"summary":"Create an SLO","tags":["slo"]}},"/s/{spaceId}/api/observability/slos/_bulk_delete":{"post":{"description":"Bulk delete SLO definitions and their associated summary and rollup data. This endpoint initiates a bulk deletion operation for SLOs, which may take some time to complete. The status of the operation can be checked using the `GET /api/slo/_bulk_delete/{taskId}` endpoint.\n","operationId":"bulkDeleteOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_bulk_delete_request"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_bulk_delete_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"}},"summary":"Bulk delete SLO definitions and their associated summary and rollup data.","tags":["slo"]}},"/s/{spaceId}/api/observability/slos/_bulk_delete/{taskId}":{"get":{"description":"Retrieve the status of the bulk deletion operation for SLOs. This endpoint returns the status of the bulk deletion operation, including whether it is completed and the results of the operation.\n","operationId":"bulkDeleteStatusOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"description":"The task id of the bulk delete operation","in":"path","name":"taskId","required":true,"schema":{"example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_bulk_delete_status_response"}}},"description":"Successful response"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"}},"summary":"Retrieve the status of the bulk deletion","tags":["slo"]}},"/s/{spaceId}/api/observability/slos/_bulk_purge_rollup":{"post":{"description":"The deletion occurs for the specified list of `sloId`. You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"deleteRollupDataOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_bulk_purge_rollup_request"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_bulk_purge_rollup_response"}}},"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"}},"summary":"Batch delete rollup and summary data","tags":["slo"]}},"/s/{spaceId}/api/observability/slos/_delete_instances":{"post":{"description":"The deletion occurs for the specified list of `sloId` and `instanceId`. You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"deleteSloInstancesOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_delete_slo_instances_request"}}},"required":true},"responses":{"204":{"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"}},"summary":"Batch delete rollup and summary data","tags":["slo"]}},"/s/{spaceId}/api/observability/slos/{sloId}":{"delete":{"description":"You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"deleteSloOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"$ref":"#/components/parameters/SLOs_slo_id"}],"responses":{"204":{"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_404_response"}}},"description":"Not found response"}},"summary":"Delete an SLO","tags":["slo"]},"get":{"description":"You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"getSloOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"$ref":"#/components/parameters/SLOs_slo_id"},{"description":"the specific instanceId used by the summary calculation","example":"host-abcde","in":"query","name":"instanceId","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_slo_with_summary_response"}}},"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_404_response"}}},"description":"Not found response"}},"summary":"Get an SLO","tags":["slo"]},"put":{"description":"You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"updateSloOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"$ref":"#/components/parameters/SLOs_slo_id"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_update_slo_request"}}},"required":true},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_slo_definition_response"}}},"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_404_response"}}},"description":"Not found response"}},"summary":"Update an SLO","tags":["slo"]}},"/s/{spaceId}/api/observability/slos/{sloId}/_reset":{"post":{"description":"You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"resetSloOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"$ref":"#/components/parameters/SLOs_slo_id"}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_slo_definition_response"}}},"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_404_response"}}},"description":"Not found response"}},"summary":"Reset an SLO","tags":["slo"]}},"/s/{spaceId}/api/observability/slos/{sloId}/disable":{"post":{"description":"You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"disableSloOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"$ref":"#/components/parameters/SLOs_slo_id"}],"responses":{"204":{"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_404_response"}}},"description":"Not found response"}},"summary":"Disable an SLO","tags":["slo"]}},"/s/{spaceId}/api/observability/slos/{sloId}/enable":{"post":{"description":"You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"enableSloOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"$ref":"#/components/parameters/SLOs_slo_id"}],"responses":{"204":{"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"},"404":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_404_response"}}},"description":"Not found response"}},"summary":"Enable an SLO","tags":["slo"]}},"/s/{spaceId}/internal/observability/slos/_definitions":{"get":{"description":"You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.\n","operationId":"getDefinitionsOp","parameters":[{"$ref":"#/components/parameters/SLOs_kbn_xsrf"},{"$ref":"#/components/parameters/SLOs_space_id"},{"description":"Indicates if the API returns only outdated SLO or all SLO definitions","example":true,"in":"query","name":"includeOutdatedOnly","schema":{"type":"boolean"}},{"description":"Filters the SLOs by tag","in":"query","name":"tags","schema":{"type":"string"}},{"description":"Filters the SLOs by name","example":"my service availability","in":"query","name":"search","schema":{"type":"string"}},{"description":"The page to use for pagination, must be greater or equal than 1","example":1,"in":"query","name":"page","schema":{"type":"number"}},{"description":"Number of SLOs returned by page","example":100,"in":"query","name":"perPage","schema":{"default":100,"maximum":1000,"type":"integer"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_find_slo_definitions_response"}}},"description":"Successful request"},"400":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_400_response"}}},"description":"Bad request"},"401":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_401_response"}}},"description":"Unauthorized response"},"403":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SLOs_403_response"}}},"description":"Unauthorized response"}},"summary":"Get the SLO definitions","tags":["slo"]}}},"components":{"examples":{"Alerting_get_health_response":{"summary":"Retrieve information about the health of the alerting framework.","value":{"alerting_framework_health":{"decryption_health":{"status":"ok","timestamp":"2023-01-13T01:28:00.280Z"},"execution_health":{"status":"ok","timestamp":"2023-01-13T01:28:00.280Z"},"read_health":{"status":"ok","timestamp":"2023-01-13T01:28:00.280Z"}},"has_permanent_encryption_key":true,"is_sufficiently_secure":true}},"Alerting_get_rule_types_response":{"summary":"Retrieve rule types associated with Kibana machine learning features","value":[{"action_groups":[{"id":"anomaly_score_match","name":"Anomaly score matched the condition"},{"id":"recovered","name":"Recovered"}],"action_variables":{"context":[{"description":"The bucket timestamp of the anomaly","name":"timestamp"},{"description":"The bucket time of the anomaly in ISO8601 format","name":"timestampIso8601"},{"description":"List of job IDs that triggered the alert","name":"jobIds"},{"description":"Alert info message","name":"message"},{"description":"Indicate if top hits contain interim results","name":"isInterim"},{"description":"Anomaly score at the time of the notification action","name":"score"},{"description":"Top records","name":"topRecords"},{"description":"Top influencers","name":"topInfluencers"},{"description":"URL to open in the Anomaly Explorer","name":"anomalyExplorerUrl","useWithTripleBracesInTemplates":true}],"params":[],"state":[]},"alerts":{"context":"ml.anomaly-detection","mappings":{"fieldMap":{"kibana.alert.anomaly_score":{"array":false,"type":"double","required":false},"kibana.alert.anomaly_timestamp":{"array":false,"type":"date","required":false},"kibana.alert.is_interim":{"array":false,"type":"boolean","required":false},"kibana.alert.job_id":{"array":false,"type":"keyword","required":true},"kibana.alert.top_influencers":{"array":true,"dynamic":false,"type":"object","properties":{"influencer_field_name":{"type":"keyword"},"influencer_field_value":{"type":"keyword"},"influencer_score":{"type":"double"},"initial_influencer_score":{"type":"double"},"is_interim":{"type":"boolean"},"job_id":{"type":"keyword"},"timestamp":{"type":"date"}},"required":false},"kibana.alert.top_records":{"array":true,"dynamic":false,"type":"object","properties":{"actual":{"type":"double"},"by_field_name":{"type":"keyword"},"by_field_value":{"type":"keyword"},"detector_index":{"type":"integer"},"field_name":{"type":"keyword"},"function":{"type":"keyword"},"initial_record_score":{"type":"double"},"is_interim":{"type":"boolean"},"job_id":{"type":"keyword"},"over_field_name":{"type":"keyword"},"over_field_value":{"type":"keyword"},"partition_field_name":{"type":"keyword"},"partition_field_value":{"type":"keyword"},"record_score":{"type":"double"},"timestamp":{"type":"date"},"typical":{"type":"double"}},"required":false}}},"shouldWrite":true},"authorized_consumers":{"alerts":{"all":true,"read":true},"apm":{"all":true,"read":true},"discover":{"all":true,"read":true},"infrastructure":{"all":true,"read":true},"logs":{"all":true,"read":true},"ml":{"all":true,"read":true},"monitoring":{"all":true,"read":true},"siem":{"all":true,"read":true},"slo":{"all":true,"read":true},"stackAlerts":{"all":true,"read":true},"uptime":{"all":true,"read":true}},"category":"management","default_action_group_id":"anomaly_score_match","does_set_recovery_context":true,"enabled_in_license":true,"has_alerts_mappings":true,"has_fields_for_a_a_d":true,"id":"xpack.ml.anomaly_detection_alert","is_exportable":true,"minimum_license_required":"platinum","name":"Anomaly detection alert","producer":"ml","recovery_action_group":{"id":"recovered","name":"Recovered"},"rule_task_timeout":"5m"},{"action_groups":[{"id":"anomaly_detection_realtime_issue","name":"Issue detected"},{"id":"recovered","name":"Recovered"}],"action_variables":{"context":[{"description":"Results of the rule execution","name":"results"},{"description":"Alert info message","name":"message"}],"params":[],"state":[]},"authorized_consumers":{"alerts":{"all":true,"read":true},"apm":{"all":true,"read":true},"discover":{"all":true,"read":true},"infrastructure":{"all":true,"read":true},"logs":{"all":true,"read":true},"ml":{"all":true,"read":true},"monitoring":{"all":true,"read":true},"siem":{"all":true,"read":true},"slo":{"all":true,"read":true},"stackAlerts":{"all":true,"read":true},"uptime":{"all":true,"read":true}},"category":"management","default_action_group_id":"anomaly_detection_realtime_issue","does_set_recovery_context":true,"enabled_in_license":true,"has_alerts_mappings":false,"has_fields_for_a_a_d":false,"id":"xpack.ml.anomaly_detection_jobs_health","is_exportable":true,"minimum_license_required":"platinum","name":"Anomaly detection jobs health","producer":"ml","recovery_action_group":{"id":"recovered","name":"Recovered"},"rule_task_timeout":"5m"}]},"APM_UI_agent_configuration_intake_object_delete_request1":{"description":"Run `DELETE /api/apm/settings/agent-configuration` to delete a configuration.","value":"{\n \"service\" : {\n \"name\": \"frontend\",\n \"environment\": \"production\"\n }\n}\n"},"APM_UI_agent_configuration_intake_object_get_200_response1":{"description":"An example of a successful response from `GET /api/apm/settings/agent-configuration`.","value":"[\n {\n \"agent_name\": \"go\",\n \"service\": {\n \"name\": \"opbeans-go\",\n \"environment\": \"production\"\n },\n \"settings\": {\n \"transaction_sample_rate\": \"1\",\n \"capture_body\": \"off\",\n \"transaction_max_spans\": \"200\"\n },\n \"@timestamp\": 1581934104843,\n \"applied_by_agent\": false,\n \"etag\": \"1e58c178efeebae15c25c539da740d21dee422fc\"\n },\n {\n \"agent_name\": \"go\",\n \"service\": {\n \"name\": \"opbeans-go\"\n },\n \"settings\": {\n \"transaction_sample_rate\": \"1\",\n \"capture_body\": \"off\",\n \"transaction_max_spans\": \"300\"\n },\n \"@timestamp\": 1581934111727,\n \"applied_by_agent\": false,\n \"etag\": \"3eed916d3db434d9fb7f039daa681c7a04539a64\"\n },\n {\n \"agent_name\": \"nodejs\",\n \"service\": {\n \"name\": \"frontend\"\n },\n \"settings\": {\n \"transaction_sample_rate\": \"1\",\n },\n \"@timestamp\": 1582031336265,\n \"applied_by_agent\": false,\n \"etag\": \"5080ed25785b7b19f32713681e79f46996801a5b\"\n }\n]\n"},"APM_UI_agent_configuration_intake_object_put_request1":{"description":"Run `PUT /api/apm/settings/agent-configuration` to create or update configuration details.","value":"{\n \"service\": {\n \"name\": \"frontend\",\n \"environment\": \"production\"\n },\n \"settings\": {\n \"transaction_sample_rate\": \"0.4\",\n \"capture_body\": \"off\",\n \"transaction_max_spans\": \"500\"\n },\n \"agent_name\": \"nodejs\"\n}\n"},"APM_UI_agent_configuration_intake_object_search_200_response1":{"description":"An example of a successful response from `POST /api/apm/settings/agent-configuration/search`.","value":"{\n \"_index\": \".apm-agent-configuration\",\n \"_id\": \"CIaqXXABmQCdPphWj8EJ\",\n \"_score\": 2,\n \"_source\": {\n \"agent_name\": \"nodejs\",\n \"service\": {\n \"name\": \"frontend\"\n },\n \"settings\": {\n \"transaction_sample_rate\": \"1\",\n },\n \"@timestamp\": 1582031336265,\n \"applied_by_agent\": false,\n \"etag\": \"5080ed25785b7b19f32713681e79f46996801a5b\"\n }\n}\n"},"APM_UI_agent_configuration_intake_object_search_request1":{"description":"Run `POST /api/apm/settings/agent-configuration/search` to search configuration details.","value":"{\n \"etag\": \"1e58c178efeebae15c25c539da740d21dee422fc\",\n \"service\" : {\n \"name\": \"frontend\",\n \"environment\": \"production\"\n }\n}\n"},"APM_UI_agent_keys_object_post_200_response1":{"description":"An example of a successful response from `POST /api/apm/agent_keys`, which creates an APM agent API key.","value":"{\n \"agentKey\": {\n \"id\": \"3DCLmn0B3ZMhLUa7WBG9\",\n \"name\": \"apm-key\",\n \"api_key\": \"PjGloCGOTzaZr8ilUPvkjA\",\n \"encoded\": \"M0RDTG1uMEIzWk1oTFVhN1dCRzk6UGpHbG9DR09UemFacjhpbFVQdmtqQQ==\"\n }\n}\n"},"APM_UI_agent_keys_object_post_request1":{"description":"Run `POST /api/apm/agent_keys` to create an APM agent API key with the specified privileges.","value":"{\n \"name\": \"apm-key\",\n \"privileges\": [\"event:write\", \"config_agent:read\"]\n}\n"},"APM_UI_annotation_object_post_200_response1":{"description":"An example of a successful response from `POST /api/apm/services/opbeans-java/annotation`, which creates an annotation for a service named `opbeans-java`.","value":"{\n \"_index\": \"observability-annotations\",\n \"_id\": \"Lc9I93EBh6DbmkeV7nFX\",\n \"_version\": 1,\n \"_seq_no\": 12,\n \"_primary_term\": 1,\n \"found\": true,\n \"_source\": {\n \"message\": \"Deployment 1.2\",\n \"@timestamp\": \"2020-05-08T10:31:30.452Z\",\n \"service\": {\n \"version\": \"1.2\",\n \"name\": \"opbeans-java\"\n },\n \"tags\": [\n \"apm\",\n \"elastic.co\",\n \"customer\"\n ],\n \"annotation\": {\n \"type\": \"deployment\"\n },\n \"event\": {\n \"created\": \"2020-05-09T02:34:43.937Z\"\n }\n }\n}\n"},"APM_UI_source_maps_get_200_response1":{"description":"A successful response from `GET /api/apm/sourcemaps`.","value":"{\n \"artifacts\": [\n {\n \"type\": \"sourcemap\",\n \"identifier\": \"foo-1.0.0\",\n \"relative_url\": \"/api/fleet/artifacts/foo-1.0.0/644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456\",\n \"body\": {\n \"serviceName\": \"foo\",\n \"serviceVersion\": \"1.0.0\",\n \"bundleFilepath\": \"/test/e2e/general-usecase/bundle.js\",\n \"sourceMap\": {\n \"version\": 3,\n \"file\": \"static/js/main.chunk.js\",\n \"sources\": [\n \"fleet-source-map-client/src/index.css\",\n \"fleet-source-map-client/src/App.js\",\n \"webpack:///./src/index.css?bb0a\",\n \"fleet-source-map-client/src/index.js\",\n \"fleet-source-map-client/src/reportWebVitals.js\"\n ],\n \"sourcesContent\": [\n \"content\"\n ],\n \"mappings\": \"mapping\",\n \"sourceRoot\": \"\"\n }\n },\n \"created\": \"2021-07-09T20:47:44.812Z\",\n \"id\": \"apm:foo-1.0.0-644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456\",\n \"compressionAlgorithm\": \"zlib\",\n \"decodedSha256\": \"644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456\",\n \"decodedSize\": 441,\n \"encodedSha256\": \"024c72749c3e3dd411b103f7040ae62633558608f480bce4b108cf5b2275bd24\",\n \"encodedSize\": 237,\n \"encryptionAlgorithm\": \"none\",\n \"packageName\": \"apm\"\n }\n ]\n}\n"},"APM_UI_source_maps_upload_200_response1":{"description":"A successful response from `POST /api/apm/sourcemaps`.","value":{"body":"eJyFkL1OwzAUhd/Fc+MbYMuCEBIbHRjKgBgc96R16tiWr1OQqr47NwqJxEK3q/PzWccXxchnZ7E1A1SjuhjVZtF2yOxiEPlO17oWox3D3uPFeSRTjmJQARfCPeiAgGx8NTKsYdAc1T3rwaSJGcds8Sp3c1HnhfywUZ3QhMTFFGepZxqMC9oex3CS9tpk1XyozgOlmoVKuJX1DqEQZ0su7PGtLU+V/3JPKc3cL7TJ2FNDRPov4bFta3MDM4f7W69lpJjLO9qdK8bzVPhcJz3HUCQ4LbO/p5hCSC4cZPByrp/wFqOklbpefwAhzpqI","compressionAlgorithm":"zlib","created":"2021-07-09T20:47:44.812Z","decodedSha256":"644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456","decodedSize":441,"encodedSha256":"024c72749c3e3dd411b103f7040ae62633558608f480bce4b108cf5b2275bd24","encodedSize":237,"encryptionAlgorithm":"none","id":"apm:foo-1.0.0-644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456","identifier":"foo-1.0.0","packageName":"apm","relative_url":"/api/fleet/artifacts/foo-1.0.0/644fd5a997d1ddd90ee131ba18e2b3d03931d89dd1fe4599143c0b3264b3e456","type":"sourcemap"}},"Cases_add_comment_request":{"summary":"Adds a comment to a case.","value":{"comment":"A new comment.","owner":"cases","type":"user"}},"Cases_add_comment_response":{"summary":"The add comment to case API returns a JSON object that contains details about the case and its comments.","value":{"assignees":[],"category":null,"closed_at":null,"closed_by":null,"comments":[{"comment":"A new comment.","created_at":"2022-10-02T00:49:47.716Z","created_by":{"email":null,"full_name":null,"username":"elastic"},"id":"8af6ac20-74f6-11ea-b83a-553aecdb28b6","owner":"cases","type":"user","version":"WzIwNDMxLDFd"}],"connector":{"fields":null,"id":"none","name":"none","type":".none"},"created_at":"2022-03-24T00:37:03.906Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"Field value"},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","type":"toggle","value":true}],"description":"A case description.","duration":null,"external_service":null,"id":"293f1bc0-74f6-11ea-b83a-553aecdb28b6","owner":"cases","settings":{"syncAlerts":false},"severity":"low","status":"open","tags":["tag 1"],"title":"Case title 1","totalAlerts":0,"totalComment":1,"updated_at":"2022-06-03T00:49:47.716Z","updated_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"version":"WzIzMzgsMV0="}},"Cases_create_case_request":{"summary":"Create a security case that uses a Jira connector.","value":{"connector":{"fields":{"issueType":"10006","parent":null,"priority":"High"},"id":"131d4448-abe0-4789-939d-8ef60680b498","name":"My connector","type":".jira"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"My field value"}],"description":"A case description.","owner":"cases","settings":{"syncAlerts":true},"tags":["tag-1"],"title":"Case title 1"}},"Cases_create_case_response":{"summary":"The create case API returns a JSON object that contains details about the case.","value":{"assignees":[],"closed_at":null,"closed_by":null,"comments":[],"connector":{"fields":{"issueType":"10006","parent":null,"priority":"High"},"id":"131d4448-abe0-4789-939d-8ef60680b498","name":"My connector","type":".jira"},"created_at":"2022-10-13T15:33:50.604Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"My field value"},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","type":"toggle","value":null}],"description":"A case description.","duration":null,"external_service":null,"id":"66b9aa00-94fa-11ea-9f74-e7e108796192","owner":"cases","settings":{"syncAlerts":true},"severity":"low","status":"open","tags":["tag 1"],"title":"Case title 1","totalAlerts":0,"totalComment":0,"updated_at":null,"updated_by":null,"version":"WzUzMiwxXQ=="}},"Cases_find_case_activity_response":{"summary":"Retrieves all activity for a case","value":{"page":1,"perPage":20,"total":3,"userActions":[{"action":"create","comment_id":null,"created_at":"2023-10-20T01:17:22.150Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"id":"b4cd0770-07c9-11ed-a5fd-47154cb8767e","owner":"cases","payload":{"assignees":[],"category":null,"connector":{"fields":null,"id":"none","name":"none","type":".none"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"My field value"},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","type":"toggle","value":null}],"description":"A case description.","owner":"cases","settings":{"syncAlerts":false},"severity":"low","status":"open","tags":["tag 1"],"title":"Case title 1"},"type":"create_case","version":"WzM1ODg4LDFd"},{"action":"create","comment_id":"578608d0-03b1-11ed-920c-974bfa104448","created_at":"2023-10-14T20:12:53.354Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"id":"57af14a0-03b1-11ed-920c-974bfa104448","owner":"cases","payload":{"comment":"A new comment","owner":"cases","type":"user"},"type":"comment","version":"WzM1ODg4LDFa"},{"action":"add","comment_id":null,"created_at":"2023-10-20T01:10:28.238Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"id":"573c6980-6123-11ed-aa41-81a0a61fe447","owner":"cases","payload":{"assignees":{"uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"}},"type":"assignees","version":"WzM1ODg4LDFb"}]}},"Cases_find_case_response":{"summary":"Retrieve the first five cases with the `tag-1` tag, in ascending order by last update time.","value":{"cases":[{"assignees":[],"category":null,"closed_at":null,"closed_by":null,"comments":[],"connector":{"fields":null,"id":"none","name":"none","type":".none"},"created_at":"2023-10-12T00:16:36.371Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"My field value"},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","type":"toggle","value":null}],"description":"Case description","duration":null,"external_service":null,"id":"abed3a70-71bd-11ea-a0b2-c51ea50a58e2","owner":"cases","settings":{"syncAlerts":true},"severity":"low","status":"open","tags":["tag-1"],"title":"Case title","totalAlerts":0,"totalComment":1,"updated_at":"2023-10-12T00:27:58.162Z","updated_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"version":"WzExMCwxXQ=="}],"count_closed_cases":0,"count_in_progress_cases":0,"count_open_cases":1,"page":1,"per_page":5,"total":1}},"Cases_find_connector_response":{"summary":"Retrieve information about the connectors and their settings.","value":[{"actionTypeId":".jira","config":{"apiUrl":"https://elastic.atlassian.net/","projectKey":"ES"},"id":"61787f53-4eee-4741-8df6-8fe84fa616f7","isDeprecated":false,"isMissingSecrets":false,"isPreconfigured":false,"name":"my-Jira","referencedByCount":0}]},"Cases_get_case_alerts_response":{"summary":"Retrieves all alerts attached to a case","value":[{"attached_at":"2022-07-25T20:09:40.963Z","id":"f6a7d0c3-d52d-432c-b2e6-447cd7fce04d","index":".alerts-observability.logs.alerts-default"}]},"Cases_get_case_configuration_response":{"summary":"Get the case configuration.","value":[{"closure_type":"close-by-user","connector":{"fields":null,"id":"none","name":"none","type":".none"},"created_at":"2024-07-01T17:07:17.767Z","created_by":{"email":null,"full_name":null,"username":"elastic"},"customFields":[{"defaultValue":"Custom text field value.","key":"d312efda-ec2b-42ec-9e2c-84981795c581","label":"my-text-field","type":"text","required":false}],"error":null,"id":"856ee650-6c82-11ee-a20a-6164169afa58","mappings":[],"owner":"cases","templates":[{"caseFields":{"assignees":[{"uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"}],"category":"Default-category","connector":{"fields":null,"id":"none","name":"none","type":".none"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"Default text field value."}],"description":"A default description for cases.","settings":{"syncAlerts":false},"tags":["Default case tag"],"title":"Default case title"},"description":"A description of the template.","key":"505932fe-ee3a-4960-a661-c781b5acdb05","name":"template-1","tags":["Template tag 1"]}],"updated_at":null,"updated_by":null,"version":"WzEyLDNd"}]},"Cases_get_case_observability_response":{"summary":"Retrieves information about an Observability case including its alerts and comments.","value":{"assignees":[{"uid":"u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"}],"category":null,"closed_at":null,"closed_by":null,"comments":[{"alertId":["a6e12ac4-7bce-457b-84f6-d7ce8deb8446"],"created_at":"2023-11-06T19:29:38.424Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"id":"59d438d0-79a9-4864-8d4b-e63adacebf6e","index":[".internal.alerts-observability.logs.alerts-default-000001"],"owner":"observability","pushed_at":null,"pushed_by":null,"rule":{"id":"03e4eb87-62ca-4e5d-9570-3d7625e9669d","name":"Observability rule"},"type":"alert","updated_at":null,"updated_by":null,"version":"WzY3LDJd"},{"comment":"The first comment.","created_at":"2023-11-06T19:29:57.812Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"id":"d99342d3-3aa3-4b80-90ec-a702607604f5","owner":"observability","pushed_at":null,"pushed_by":null,"type":"user","updated_at":null,"updated_by":null,"version":"WzcyLDJd"}],"connector":{"fields":null,"id":"none","name":"none","type":".none"},"created_at":"2023-11-06T19:29:04.086Z","created_by":{"email":null,"full_name":null,"username":"elastic"},"customFields":[],"description":"An Observability case description.","duration":null,"external_service":null,"id":"c3ff7550-def1-4e90-b6bc-c9969a4a09b1","owner":"observability","settings":{"syncAlerts":false},"severity":"low","status":"in-progress","tags":["observability","tag 1"],"title":"Observability case title 1","totalAlerts":1,"totalComment":1,"updated_at":"2023-11-06T19:47:55.662Z","updated_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"version":"WzI0NywyXQ=="}},"Cases_get_case_response":{"summary":"Retrieves information about a case including its comments.","value":{"assignees":[{"uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"}],"category":null,"closed_at":null,"closed_by":null,"comments":[{"comment":"A new comment","created_at":"2023-10-13T15:40:32.335Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"id":"2134c1d0-02c2-11ed-85f2-4f7c222ca2fa","owner":"cases","pushed_at":null,"pushed_by":null,"type":"user","updated_at":null,"updated_by":null,"version":"WzM3LDFd"}],"connector":{"fields":null,"id":"none","name":"none","type":".none"},"created_at":"2023-10-13T15:33:50.604Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"My field value"},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","type":"toggle","value":null}],"description":"A case description","duration":null,"external_service":null,"id":"31cdada0-02c1-11ed-85f2-4f7c222ca2fa","owner":"cases","settings":{"syncAlerts":true},"severity":"low","status":"open","tags":["tag 1"],"title":"Case title 1","totalAlerts":0,"totalComment":1,"updated_at":"2023-10-13T15:40:32.335Z","updated_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"version":"WzM2LDFd"}},"Cases_get_comment_response":{"summary":"A single user comment retrieved from a case","value":{"comment":"A new comment","created_at":"2023-10-07T19:32:13.104Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"id":"8048b460-fe2b-11ec-b15d-779a7c8bbcc3","owner":"cases","pushed_at":null,"pushed_by":null,"type":"user","updated_at":null,"updated_by":null,"version":"WzIzLDFd"}},"Cases_get_reporters_response":{"summary":"A list of two users that opened cases","value":[{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},{"email":"jdoe@example.com","full_name":"Jane Doe","profile_uid":"u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0","username":"jdoe"}]},"Cases_get_tags_response":{"summary":"A list of tags that are used in cases","value":["observability","security","tag 1","tag 2"]},"Cases_push_case_response":{"summary":"The push case API returns a JSON object with details about the case and the external service.","value":{"closed_at":null,"closed_by":null,"comments":[],"connector":{"fields":{"issueType":"10006","parent":null,"priority":"Low"},"id":"09f8c0b0-0eda-11ed-bd18-65557fe66949","name":"My connector","type":".jira"},"created_at":"2022-07-29T00:59:39.444Z","created_by":{"email":null,"full_name":null,"username":"elastic"},"description":"A case description.","duration":null,"external_service":{"connector_id":"09f8c0b0-0eda-11ed-bd18-65557fe66949","connector_name":"My connector","external_id":"71926","external_title":"ES-554","external_url":"https://cases.jira.com","pushed_at":"2022-07-29T01:20:58.436Z","pushed_by":{"email":null,"full_name":null,"username":"elastic"}},"id":"b917f300-0ed9-11ed-bd18-65557fe66949","owner":"cases","settings":{"syncAlerts":true},"severity":"low","status":"open","tags":["tag 1"],"title":"Case title 1","totalAlerts":0,"totalComment":0,"updated_at":"2022-07-29T01:20:58.436Z","updated_by":{"email":null,"full_name":null,"username":"elastic"},"version":"WzE3NjgsM10="}},"Cases_set_case_configuration_request":{"summary":"Set the closure type, custom fields, and default connector for Stack Management cases.","value":{"closure_type":"close-by-user","connector":{"fields":null,"id":"5e656730-e1ca-11ec-be9b-9b1838238ee6","name":"my-jira-connector","type":".jira"},"customFields":[{"defaultValue":"My custom field default value.","key":"d312efda-ec2b-42ec-9e2c-84981795c581","label":"my-text-field","type":"text","required":false}],"owner":"cases","templates":[{"caseFields":{"assignees":[{"uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"}],"category":"Default-category","customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"A text field value for the template."}],"description":"A default description for cases.","tags":["Default case tag"],"title":"Default case title"},"description":"A description of the template.","key":"505932fe-ee3a-4960-a661-c781b5acdb05","name":"template-1","tags":["Template tag 1"]}]}},"Cases_set_case_configuration_response":{"summary":"This is an example response for case settings.","value":{"closure_type":"close-by-user","connector":{"fields":null,"id":"5e656730-e1ca-11ec-be9b-9b1838238ee6","name":"my-jira-connector","type":".jira"},"created_at":"2024-07-01T17:07:17.767Z","created_by":{"email":"null,","full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"customFields":[{"defaultValue":"My custom field default value.","key":"d312efda-ec2b-42ec-9e2c-84981795c581","label":"my-text-field","type":"text","required":false}],"error":null,"id":"4a97a440-e1cd-11ec-be9b-9b1838238ee6","mappings":[{"action_type":"overwrite","source":"title","target":"summary"},{"action_type":"overwrite","source":"description","target":"description"},{"action_type":"append","source":"comments","target":"comments"},{"action_type":"overwrite","source":"tags","target":"labels"}],"owner":"cases","templates":[{"caseFields":{"assignees":[{"uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"}],"category":"Default-category","customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"A text field value for the template."}],"description":"A default description for cases.","tags":["Default case tag"],"title":"Default case title"},"description":"A description of the template.","key":"505932fe-ee3a-4960-a661-c781b5acdb05","name":"template-1","tags":["Template tag 1"]}],"updated_at":null,"updated_by":null,"version":"WzIwNzMsMV0="}},"Cases_update_case_configuration_request":{"summary":"Update the case settings.","value":{"closure_type":"close-by-user","connector":{"fields":null,"id":"5e656730-e1ca-11ec-be9b-9b1838238ee6","name":"my-jira-connector","type":".jira"},"customFields":[{"defaultValue":"A new default value.","key":"d312efda-ec2b-42ec-9e2c-84981795c581","label":"my-text-field","type":"text","required":true},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","label":"my-toggle","type":"toggle","required":false}],"version":"WzExOSw0XQ=="}},"Cases_update_case_configuration_response":{"summary":"This is an example response when the case configuration was updated.","value":{"closure_type":"close-by-user","connector":{"fields":null,"id":"5e656730-e1ca-11ec-be9b-9b1838238ee6","name":"my-jira-connector","type":".jira"},"created_at":"2024-07-01T17:07:17.767Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"customFields":[{"defaultValue":"A new default value.","key":"d312efda-ec2b-42ec-9e2c-84981795c581","label":"my-text-field","type":"text","required":true},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","label":"my-toggle","type":"toggle","required":false}],"error":null,"id":"4a97a440-e1cd-11ec-be9b-9b1838238ee6","mappings":[{"action_type":"overwrite","source":"title","target":"summary"},{"action_type":"overwrite","source":"description","target":"description"},{"action_type":"overwrite","source":"tags","target":"labels"},{"action_type":"append","source":"comments","target":"comments"}],"owner":"cases","templates":[],"updated_at":"2024-07-19T00:52:42.401Z","updated_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"version":"WzI2LDNd"}},"Cases_update_case_request":{"summary":"Update the case description, tags, and connector.","value":{"cases":[{"connector":{"fields":{"issueType":"10006","parent":null,"priority":null},"id":"131d4448-abe0-4789-939d-8ef60680b498","name":"My connector","type":".jira"},"customFields":[{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","type":"toggle","value":false},{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"My new field value"}],"description":"A case description.","id":"a18b38a0-71b0-11ea-a0b2-c51ea50a58e2","settings":{"syncAlerts":true},"tags":["tag-1"],"version":"WzIzLDFd"}]}},"Cases_update_case_response":{"summary":"This is an example response when the case description, tags, and connector were updated.","value":[{"assignees":[],"category":null,"closed_at":null,"closed_by":null,"comments":[],"connector":{"fields":{"issueType":"10006","parent":null,"priority":null},"id":"131d4448-abe0-4789-939d-8ef60680b498","name":"My connector","type":".jira"},"created_at":"2023-10-13T09:16:17.416Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"My new field value"},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","type":"toggle","value":false}],"description":"A case description.","duration":null,"external_service":{"connector_id":"05da469f-1fde-4058-99a3-91e4807e2de8","connector_name":"Jira","external_id":"10003","external_title":"IS-4","external_url":"https://hms.atlassian.net/browse/IS-4","pushed_at":"2023-10-13T09:20:40.672Z","pushed_by":{"email":null,"full_name":null,"username":"elastic"}},"id":"66b9aa00-94fa-11ea-9f74-e7e108796192","owner":"cases","settings":{"syncAlerts":true},"severity":"low","status":"open","tags":["tag-1"],"title":"Case title 1","totalAlerts":0,"totalComment":0,"updated_at":"2023-10-13T09:48:33.043Z","updated_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"version":"WzU0OCwxXQ=="}]},"Cases_update_comment_request":{"summary":"Updates a comment of a case.","value":{"comment":"An updated comment.","id":"8af6ac20-74f6-11ea-b83a-553aecdb28b6","owner":"cases","type":"user","version":"Wzk1LDFd"}},"Cases_update_comment_response":{"summary":"The add comment to case API returns a JSON object that contains details about the case and its comments.","value":{"assignees":[],"category":null,"closed_at":null,"closed_by":null,"comments":[{"comment":"An updated comment.","created_at":"2023-10-24T00:37:10.832Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"id":"8af6ac20-74f6-11ea-b83a-553aecdb28b6","owner":"cases","pushed_at":null,"pushed_by":null,"type":"user","updated_at":"2023-10-24T01:27:06.210Z","updated_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"version":"WzIwNjM3LDFd"}],"connector":{"fields":null,"id":"none","name":"none","type":".none"},"created_at":"2023-10-24T00:37:03.906Z","created_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"customFields":[{"key":"d312efda-ec2b-42ec-9e2c-84981795c581","type":"text","value":"My new field value"},{"key":"fcc6840d-eb14-42df-8aaf-232201a705ec","type":"toggle","value":false}],"description":"A case description.","duration":null,"external_service":null,"id":"293f1bc0-74f6-11ea-b83a-553aecdb28b6","owner":"cases","settings":{"syncAlerts":false},"severity":"low","status":"open","tags":["tag 1"],"title":"Case title 1","totalAlerts":0,"totalComment":1,"updated_at":"2023-10-24T01:27:06.210Z","updated_by":{"email":null,"full_name":null,"profile_uid":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","username":"elastic"},"version":"WzIwNjM2LDFd"}},"Data_views_create_data_view_request":{"summary":"Create a data view with runtime fields.","value":{"data_view":{"name":"My Logstash data view","runtimeFieldMap":{"runtime_shape_name":{"script":{"source":"emit(doc['shape_name'].value)"},"type":"keyword"}},"title":"logstash-*"}}},"Data_views_create_runtime_field_request":{"summary":"Create a runtime field.","value":{"name":"runtimeFoo","runtimeField":{"script":{"source":"emit(doc[\"foo\"].value)"},"type":"long"}}},"Data_views_get_data_view_response":{"summary":"The get data view API returns a JSON object that contains information about the data view.","value":{"data_view":{"allowNoIndex":false,"fieldAttrs":{"products.manufacturer":{"count":1},"products.price":{"count":1},"products.product_name":{"count":1},"total_quantity":{"count":1}},"fieldFormats":{"products.base_price":{"id":"number","params":{"pattern":"$0,0.00"}},"products.base_unit_price":{"id":"number","params":{"pattern":"$0,0.00"}},"products.min_price":{"id":"number","params":{"pattern":"$0,0.00"}},"products.price":{"id":"number","params":{"pattern":"$0,0.00"}},"products.taxful_price":{"id":"number","params":{"pattern":"$0,0.00"}},"products.taxless_price":{"id":"number","params":{"pattern":"$0,0.00"}},"taxful_total_price":{"id":"number","params":{"pattern":"$0,0.[00]"}},"taxless_total_price":{"id":"number","params":{"pattern":"$0,0.00"}}},"fields":{"_id":{"aggregatable":false,"count":0,"esTypes":["_id"],"format":{"id":"string"},"isMapped":true,"name":"_id","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"_index":{"aggregatable":true,"count":0,"esTypes":["_index"],"format":{"id":"string"},"isMapped":true,"name":"_index","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"_score":{"aggregatable":false,"count":0,"format":{"id":"number"},"isMapped":true,"name":"_score","readFromDocValues":false,"scripted":false,"searchable":false,"shortDotsEnable":false,"type":"number"},"_source":{"aggregatable":false,"count":0,"esTypes":["_source"],"format":{"id":"_source"},"isMapped":true,"name":"_source","readFromDocValues":false,"scripted":false,"searchable":false,"shortDotsEnable":false,"type":"_source"},"category":{"aggregatable":false,"count":0,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"category","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"category.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"category.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"category"}},"type":"string"},"currency":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"currency","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"customer_birth_date":{"aggregatable":true,"count":0,"esTypes":["date"],"format":{"id":"date"},"isMapped":true,"name":"customer_birth_date","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"date"},"customer_first_name":{"aggregatable":false,"count":0,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"customer_first_name","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"customer_first_name.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"customer_first_name.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"customer_first_name"}},"type":"string"},"customer_full_name":{"aggregatable":false,"count":0,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"customer_full_name","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"customer_full_name.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"customer_full_name.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"customer_full_name"}},"type":"string"},"customer_gender":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"customer_gender","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"customer_id":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"customer_id","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"customer_last_name":{"aggregatable":false,"count":0,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"customer_last_name","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"customer_last_name.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"customer_last_name.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"customer_last_name"}},"type":"string"},"customer_phone":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"customer_phone","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"day_of_week":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"day_of_week","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"day_of_week_i":{"aggregatable":true,"count":0,"esTypes":["integer"],"format":{"id":"number"},"isMapped":true,"name":"day_of_week_i","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"email":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"email","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"event.dataset":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"event.dataset","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"geoip.city_name":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"geoip.city_name","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"geoip.continent_name":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"geoip.continent_name","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"geoip.country_iso_code":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"geoip.country_iso_code","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"geoip.location":{"aggregatable":true,"count":0,"esTypes":["geo_point"],"format":{"id":"geo_point","params":{"transform":"wkt"}},"isMapped":true,"name":"geoip.location","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"geo_point"},"geoip.region_name":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"geoip.region_name","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"manufacturer":{"aggregatable":false,"count":0,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"manufacturer","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"manufacturer.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"manufacturer.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"manufacturer"}},"type":"string"},"order_date":{"aggregatable":true,"count":0,"esTypes":["date"],"format":{"id":"date"},"isMapped":true,"name":"order_date","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"date"},"order_id":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"order_id","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"products._id":{"aggregatable":false,"count":0,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"products._id","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"products._id.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"products._id.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"products._id"}},"type":"string"},"products.base_price":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number","params":{"pattern":"$0,0.00"}},"isMapped":true,"name":"products.base_price","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.base_unit_price":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number","params":{"pattern":"$0,0.00"}},"isMapped":true,"name":"products.base_unit_price","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.category":{"aggregatable":false,"count":0,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"products.category","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"products.category.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"products.category.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"products.category"}},"type":"string"},"products.created_on":{"aggregatable":true,"count":0,"esTypes":["date"],"format":{"id":"date"},"isMapped":true,"name":"products.created_on","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"date"},"products.discount_amount":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number"},"isMapped":true,"name":"products.discount_amount","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.discount_percentage":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number"},"isMapped":true,"name":"products.discount_percentage","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.manufacturer":{"aggregatable":false,"count":1,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"products.manufacturer","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"products.manufacturer.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"products.manufacturer.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"products.manufacturer"}},"type":"string"},"products.min_price":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number","params":{"pattern":"$0,0.00"}},"isMapped":true,"name":"products.min_price","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.price":{"aggregatable":true,"count":1,"esTypes":["half_float"],"format":{"id":"number","params":{"pattern":"$0,0.00"}},"isMapped":true,"name":"products.price","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.product_id":{"aggregatable":true,"count":0,"esTypes":["long"],"format":{"id":"number"},"isMapped":true,"name":"products.product_id","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.product_name":{"aggregatable":false,"count":1,"esTypes":["text"],"format":{"id":"string"},"isMapped":true,"name":"products.product_name","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"products.product_name.keyword":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"products.product_name.keyword","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"subType":{"multi":{"parent":"products.product_name"}},"type":"string"},"products.quantity":{"aggregatable":true,"count":0,"esTypes":["integer"],"format":{"id":"number"},"isMapped":true,"name":"products.quantity","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.sku":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"products.sku","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"products.tax_amount":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number"},"isMapped":true,"name":"products.tax_amount","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.taxful_price":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number","params":{"pattern":"$0,0.00"}},"isMapped":true,"name":"products.taxful_price","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.taxless_price":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number","params":{"pattern":"$0,0.00"}},"isMapped":true,"name":"products.taxless_price","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"products.unit_discount_amount":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number"},"isMapped":true,"name":"products.unit_discount_amount","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"sku":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"sku","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"taxful_total_price":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number","params":{"pattern":"$0,0.[00]"}},"isMapped":true,"name":"taxful_total_price","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"taxless_total_price":{"aggregatable":true,"count":0,"esTypes":["half_float"],"format":{"id":"number","params":{"pattern":"$0,0.00"}},"isMapped":true,"name":"taxless_total_price","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"total_quantity":{"aggregatable":true,"count":1,"esTypes":["integer"],"format":{"id":"number"},"isMapped":true,"name":"total_quantity","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"total_unique_products":{"aggregatable":true,"count":0,"esTypes":["integer"],"format":{"id":"number"},"isMapped":true,"name":"total_unique_products","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"type":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"type","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"user":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"user","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"}},"id":"ff959d40-b880-11e8-a6d9-e546fe2bba5f","name":"Kibana Sample Data eCommerce","namespaces":["default"],"runtimeFieldMap":{},"sourceFilters":[],"timeFieldName":"order_date","title":"kibana_sample_data_ecommerce","typeMeta":{},"version":"WzUsMV0="}}},"Data_views_get_data_views_response":{"summary":"The get all data views API returns a list of data views.","value":{"data_view":[{"id":"ff959d40-b880-11e8-a6d9-e546fe2bba5f","name":"Kibana Sample Data eCommerce","namespaces":["default"],"title":"kibana_sample_data_ecommerce","typeMeta":{}},{"id":"d3d7af60-4c81-11e8-b3d7-01146121b73d","name":"Kibana Sample Data Flights","namespaces":["default"],"title":"kibana_sample_data_flights"},{"id":"90943e30-9a47-11e8-b64d-95841ca0b247","name":"Kibana Sample Data Logs","namespaces":["default"],"title":"kibana_sample_data_logs"}]}},"Data_views_get_default_data_view_response":{"summary":"The get default data view API returns the default data view identifier.","value":{"data_view_id":"ff959d40-b880-11e8-a6d9-e546fe2bba5f"}},"Data_views_get_runtime_field_response":{"summary":"The get runtime field API returns a JSON object that contains information about the runtime field (`hour_of_day`) and the data view (`d3d7af60-4c81-11e8-b3d7-01146121b73d`).","value":{"data_view":{"allowNoIndex":false,"fieldAttrs":{},"fieldFormats":{"AvgTicketPrice":{"id":"number","params":{"pattern":"$0,0.[00]"}},"hour_of_day":{"id":"number","params":{"pattern":"00"}}},"fields":{"_id":{"aggregatable":false,"count":0,"esTypes":["_id"],"format":{"id":"string"},"isMapped":true,"name":"_id","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"_index":{"aggregatable":true,"count":0,"esTypes":["_index"],"format":{"id":"string"},"isMapped":true,"name":"_index","readFromDocValues":false,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"_score":{"aggregatable":false,"count":0,"format":{"id":"number"},"isMapped":true,"name":"_score","readFromDocValues":false,"scripted":false,"searchable":false,"shortDotsEnable":false,"type":"number"},"_source":{"aggregatable":false,"count":0,"esTypes":["_source"],"format":{"id":"_source"},"isMapped":true,"name":"_source","readFromDocValues":false,"scripted":false,"searchable":false,"shortDotsEnable":false,"type":"_source"},"AvgTicketPrice":{"aggregatable":true,"count":0,"esTypes":["float"],"format":{"id":"number","params":{"pattern":"$0,0.[00]"}},"isMapped":true,"name":"AvgTicketPrice","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"Cancelled":{"aggregatable":true,"count":0,"esTypes":["boolean"],"format":{"id":"boolean"},"isMapped":true,"name":"Cancelled","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"boolean"},"Carrier":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"Carrier","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"dayOfWeek":{"aggregatable":true,"count":0,"esTypes":["integer"],"format":{"id":"number"},"isMapped":true,"name":"dayOfWeek","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"Dest":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"Dest","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"DestAirportID":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"DestAirportID","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"DestCityName":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"DestCityName","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"DestCountry":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"DestCountry","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"DestLocation":{"aggregatable":true,"count":0,"esTypes":["geo_point"],"format":{"id":"geo_point","params":{"transform":"wkt"}},"isMapped":true,"name":"DestLocation","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"geo_point"},"DestRegion":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"DestRegion","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"DestWeather":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"DestWeather","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"DistanceKilometers":{"aggregatable":true,"count":0,"esTypes":["float"],"format":{"id":"number"},"isMapped":true,"name":"DistanceKilometers","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"DistanceMiles":{"aggregatable":true,"count":0,"esTypes":["float"],"format":{"id":"number"},"isMapped":true,"name":"DistanceMiles","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"FlightDelay":{"aggregatable":true,"count":0,"esTypes":["boolean"],"format":{"id":"boolean"},"isMapped":true,"name":"FlightDelay","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"boolean"},"FlightDelayMin":{"aggregatable":true,"count":0,"esTypes":["integer"],"format":{"id":"number"},"isMapped":true,"name":"FlightDelayMin","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"FlightDelayType":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"FlightDelayType","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"FlightNum":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"FlightNum","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"FlightTimeHour":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"FlightTimeHour","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"FlightTimeMin":{"aggregatable":true,"count":0,"esTypes":["float"],"format":{"id":"number"},"isMapped":true,"name":"FlightTimeMin","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"hour_of_day":{"aggregatable":true,"count":0,"esTypes":["long"],"format":{"id":"number","params":{"pattern":"00"}},"name":"hour_of_day","readFromDocValues":false,"runtimeField":{"script":{"source":"emit(doc['timestamp'].value.getHour());"},"type":"long"},"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"},"Origin":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"Origin","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"OriginAirportID":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"OriginAirportID","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"OriginCityName":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"OriginCityName","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"OriginCountry":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"OriginCountry","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"OriginLocation":{"aggregatable":true,"count":0,"esTypes":["geo_point"],"format":{"id":"geo_point","params":{"transform":"wkt"}},"isMapped":true,"name":"OriginLocation","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"geo_point"},"OriginRegion":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"OriginRegion","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"OriginWeather":{"aggregatable":true,"count":0,"esTypes":["keyword"],"format":{"id":"string"},"isMapped":true,"name":"OriginWeather","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"string"},"timestamp":{"aggregatable":true,"count":0,"esTypes":["date"],"format":{"id":"date"},"isMapped":true,"name":"timestamp","readFromDocValues":true,"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"date"}},"id":"d3d7af60-4c81-11e8-b3d7-01146121b73d","name":"Kibana Sample Data Flights","runtimeFieldMap":{"hour_of_day":{"script":{"source":"emit(doc['timestamp'].value.getHour());"},"type":"long"}},"sourceFilters":[],"timeFieldName":"timestamp","title":"kibana_sample_data_flights","version":"WzM2LDJd"},"fields":[{"aggregatable":true,"count":0,"esTypes":["long"],"name":"hour_of_day","readFromDocValues":false,"runtimeField":{"script":{"source":"emit(doc['timestamp'].value.getHour());"},"type":"long"},"scripted":false,"searchable":true,"shortDotsEnable":false,"type":"number"}]}},"Data_views_preview_swap_data_view_request":{"summary":"Preview swapping references from data view ID \"abcd-efg\" to \"xyz-123\".","value":{"fromId":"abcd-efg","toId":"xyz-123"}},"Data_views_set_default_data_view_request":{"summary":"Set the default data view identifier.","value":{"data_view_id":"ff959d40-b880-11e8-a6d9-e546fe2bba5f","force":true}},"Data_views_swap_data_view_request":{"summary":"Swap references from data view ID \"abcd-efg\" to \"xyz-123\" and remove the data view that is no longer referenced.","value":{"delete":true,"fromId":"abcd-efg","toId":"xyz-123"}},"Data_views_update_data_view_request":{"summary":"Update some properties for a data view.","value":{"data_view":{"allowNoIndex":false,"name":"Kibana Sample Data eCommerce","timeFieldName":"order_date","title":"kibana_sample_data_ecommerce"},"refresh_fields":true}},"Data_views_update_field_metadata_request":{"summary":"Update metadata for multiple fields.","value":{"fields":{"field1":{"count":123,"customLabel":"Field 1 label"},"field2":{"customDescription":"Field 2 description","customLabel":"Field 2 label"}}}},"Data_views_update_runtime_field_request":{"summary":"Update an existing runtime field on a data view.","value":{"runtimeField":{"script":{"source":"emit(doc[\"bar\"].value)"}}}},"Machine_learning_APIs_mlSyncExample":{"summary":"Two anomaly detection jobs required synchronization in this example.","value":{"datafeedsAdded":{},"datafeedsRemoved":{},"savedObjectsCreated":{"anomaly-detector":{"myjob1":{"success":true},"myjob2":{"success":true}}},"savedObjectsDeleted":{}}},"Saved_objects_key_rotation_response":{"summary":"Encryption key rotation using default parameters.","value":{"failed":0,"successful":300,"total":1000}},"Saved_objects_resolve_missing_reference_request":{"value":{"file":"file.ndjson","retries":[{"id":"my-pattern","overwrite":true,"type":"index-pattern"},{"destinationId":"another-vis","id":"my-vis","overwrite":true,"type":"visualization"},{"destinationId":"yet-another-canvas","id":"my-canvas","overwrite":true,"type":"canvas"},{"id":"my-dashboard","type":"dashboard"}]}},"Saved_objects_resolve_missing_reference_response":{"summary":"Resolve missing reference errors.","value":{"success":true,"successCount":3,"successResults":[{"id":"my-vis","meta":{"icon":"visualizeApp","title":"Look at my visualization"},"type":"visualization"},{"id":"my-search","meta":{"icon":"searchApp","title":"Look at my search"},"type":"search"},{"id":"my-dashboard","meta":{"icon":"dashboardApp","title":"Look at my dashboard"},"type":"dashboard"}]}},"Task_manager_health_APIs_health_200response":{"description":"A successful response from `GET api/task_manager/_health`.","value":"{\n \"id\": \"330bbc6a-56cd-44d5-88e3-e3229f14d619\",\n \"timestamp\": \"2025-03-21T21:30:04.780Z\",\n \"status\": \"OK\",\n \"last_update\": \"2025-03-21T21:30:04.455Z\",\n \"stats\": {\n \"configuration\": {\n \"timestamp\": \"2025-03-21T21:26:10.002Z\",\n \"value\": {\n \"request_capacity\": 1000,\n \"monitored_aggregated_stats_refresh_rate\": 60000,\n \"monitored_stats_running_average_window\": 50,\n \"monitored_task_execution_thresholds\": {\n \"custom\": {},\n \"default\": {\n \"error_threshold\": 90,\n \"warn_threshold\": 80\n }\n },\n \"claim_strategy\": \"mget\",\n \"poll_interval\": 500,\n \"capacity\": {\n \"config\": 10,\n \"as_workers\": 10,\n \"as_cost\": 20\n }\n },\n \"status\": \"OK\"\n },\n \"runtime\": {\n \"timestamp\": \"2025-03-21T21:30:04.455Z\",\n \"value\": {\n \"polling\": {\n \"last_successful_poll\": \"2025-03-21T21:30:04.455Z\",\n \"last_polling_delay\": \"2025-03-21T21:26:10.001Z\",\n \"claim_duration\": {\n \"p50\": 17,\n \"p90\": 22,\n \"p95\": 25,\n \"p99\": 27\n },\n \"duration\": {\n \"p50\": 19,\n \"p90\": 25.5,\n \"p95\": 28,\n \"p99\": 28\n },\n \"claim_conflicts\": {\n \"p50\": 0,\n \"p90\": 0,\n \"p95\": 0,\n \"p99\": 0\n },\n \"claim_mismatches\": {\n \"p50\": 0,\n \"p90\": 0,\n \"p95\": 0,\n \"p99\": 0\n },\n \"claim_stale_tasks\": {\n \"p50\": 0,\n \"p90\": 0,\n \"p95\": 0,\n \"p99\": 0\n },\n \"result_frequency_percent_as_number\": {\n \"Failed\": 0,\n \"NoAvailableWorkers\": 0,\n \"NoTasksClaimed\": 100,\n \"RanOutOfCapacity\": 0,\n \"RunningAtCapacity\": 0,\n \"PoolFilled\": 0\n },\n \"persistence\": {\n \"recurring\": 88,\n \"non_recurring\": 12\n }\n },\n \"drift\": {\n \"p50\": 2089,\n \"p90\": 3037,\n \"p95\": 3037,\n \"p99\": 3037\n },\n \"drift_by_type\": {\n \"SLO:ORPHAN_SUMMARIES-CLEANUP-TASK\": {\n \"p50\": 2082,\n \"p90\": 2082,\n \"p95\": 2082,\n \"p99\": 2082\n },\n \"fleet:check-deleted-files-task\": {\n \"p50\": 2080,\n \"p90\": 2080,\n \"p95\": 2080,\n \"p99\": 2080\n },\n \"osquery:telemetry-saved-queries\": {\n \"p50\": 2080,\n \"p90\": 2080,\n \"p95\": 2080,\n \"p99\": 2080\n },\n \"task_manager:mark_removed_tasks_as_unrecognized\": {\n \"p50\": 2089,\n \"p90\": 2089,\n \"p95\": 2089,\n \"p99\": 2089\n },\n \"task_manager:delete_inactive_background_task_nodes\": {\n \"p50\": 336.5,\n \"p90\": 2089,\n \"p95\": 2089,\n \"p99\": 2089\n },\n \"alerts_invalidate_api_keys\": {\n \"p50\": 2086,\n \"p90\": 2086,\n \"p95\": 2086,\n \"p99\": 2086\n },\n \"fleet:unenroll-inactive-agents-task\": {\n \"p50\": 2080,\n \"p90\": 2080,\n \"p95\": 2080,\n \"p99\": 2080\n },\n \"alerting_health_check\": {\n \"p50\": 2086,\n \"p90\": 2086,\n \"p95\": 2086,\n \"p99\": 2086\n },\n \"Fleet-Usage-Sender\": {\n \"p50\": 2079,\n \"p90\": 2079,\n \"p95\": 2079,\n \"p99\": 2079\n },\n \"security:endpoint-diagnostics\": {\n \"p50\": 2525,\n \"p90\": 2525,\n \"p95\": 2525,\n \"p99\": 2525\n },\n \"logs-data-telemetry\": {\n \"p50\": 2525,\n \"p90\": 2525,\n \"p95\": 2525,\n \"p99\": 2525\n },\n \"security:telemetry-lists\": {\n \"p50\": 2525,\n \"p90\": 2525,\n \"p95\": 2525,\n \"p99\": 2525\n },\n \"security:telemetry-timelines\": {\n \"p50\": 2526,\n \"p90\": 2526,\n \"p95\": 2526,\n \"p99\": 2526\n },\n \"cases-telemetry-task\": {\n \"p50\": 2083,\n \"p90\": 2083,\n \"p95\": 2083,\n \"p99\": 2083\n },\n \"osquery:telemetry-packs\": {\n \"p50\": 2530,\n \"p90\": 2530,\n \"p95\": 2530,\n \"p99\": 2530\n },\n \"Fleet-Metrics-Task\": {\n \"p50\": 133.5,\n \"p90\": 2530,\n \"p95\": 2530,\n \"p99\": 2530\n },\n \"fleet:delete-unenrolled-agents-task\": {\n \"p50\": 2530,\n \"p90\": 2530,\n \"p95\": 2530,\n \"p99\": 2530\n },\n \"osquery:telemetry-configs\": {\n \"p50\": 2529,\n \"p90\": 2529,\n \"p95\": 2529,\n \"p99\": 2529\n },\n \"endpoint:complete-external-response-actions\": {\n \"p50\": 519,\n \"p90\": 2526,\n \"p95\": 2526,\n \"p99\": 2526\n },\n \"security:telemetry-detection-rules\": {\n \"p50\": 3037,\n \"p90\": 3037,\n \"p95\": 3037,\n \"p99\": 3037\n },\n \"security:telemetry-prebuilt-rule-alerts\": {\n \"p50\": 3037,\n \"p90\": 3037,\n \"p95\": 3037,\n \"p99\": 3037\n },\n \"security:endpoint-meta-telemetry\": {\n \"p50\": 3037,\n \"p90\": 3037,\n \"p95\": 3037,\n \"p99\": 3037\n },\n \"security:telemetry-filterlist-artifact\": {\n \"p50\": 3037,\n \"p90\": 3037,\n \"p95\": 3037,\n \"p99\": 3037\n },\n \"security:telemetry-diagnostic-timelines\": {\n \"p50\": 3037,\n \"p90\": 3037,\n \"p95\": 3037,\n \"p99\": 3037\n },\n \"security:telemetry-configuration\": {\n \"p50\": 3037,\n \"p90\": 3037,\n \"p95\": 3037,\n \"p99\": 3037\n },\n \"security:indices-metadata-telemetry\": {\n \"p50\": 3037,\n \"p90\": 3037,\n \"p95\": 3037,\n \"p99\": 3037\n },\n \"Fleet-Usage-Logger\": {\n \"p50\": 2190,\n \"p90\": 2190,\n \"p95\": 2190,\n \"p99\": 2190\n },\n \"obs-ai-assistant:knowledge-base-migration\": {\n \"p50\": 2189,\n \"p90\": 2189,\n \"p95\": 2189,\n \"p99\": 2189\n },\n \"dashboard_telemetry\": {\n \"p50\": 2452,\n \"p90\": 2452,\n \"p95\": 2452,\n \"p99\": 2452\n },\n \"session_cleanup\": {\n \"p50\": 2569,\n \"p90\": 2569,\n \"p95\": 2569,\n \"p99\": 2569\n },\n \"ProductDocBase:EnsureUpToDate\": {\n \"p50\": 2452,\n \"p90\": 2452,\n \"p95\": 2452,\n \"p99\": 2452\n },\n \"apm-telemetry-task\": {\n \"p50\": 2591,\n \"p90\": 2591,\n \"p95\": 2591,\n \"p99\": 2591\n },\n \"ML:saved-objects-sync\": {\n \"p50\": 2475,\n \"p90\": 2475,\n \"p95\": 2475,\n \"p99\": 2475\n },\n \"apm-source-map-migration-task\": {\n \"p50\": 1603.5,\n \"p90\": 2987,\n \"p95\": 2987,\n \"p99\": 2987\n },\n \"actions_telemetry\": {\n \"p50\": 771,\n \"p90\": 771,\n \"p95\": 771,\n \"p99\": 771\n },\n \"alerting_telemetry\": {\n \"p50\": 768,\n \"p90\": 768,\n \"p95\": 768,\n \"p99\": 768\n },\n \"endpoint:metadata-check-transforms-task\": {\n \"p50\": 834,\n \"p90\": 834,\n \"p95\": 834,\n \"p99\": 834\n },\n \"endpoint:user-artifact-packager\": {\n \"p50\": 529.5,\n \"p90\": 835,\n \"p95\": 835,\n \"p99\": 835\n },\n \"fleet:bump_agent_policies\": {\n \"p50\": 361,\n \"p90\": 361,\n \"p95\": 361,\n \"p99\": 361\n }\n },\n \"load\": {\n \"p50\": 10,\n \"p90\": 100,\n \"p95\": 100,\n \"p99\": 100\n },\n \"execution\": {\n \"duration\": {\n \"SLO:ORPHAN_SUMMARIES-CLEANUP-TASK\": {\n \"p50\": 24,\n \"p90\": 24,\n \"p95\": 24,\n \"p99\": 24\n },\n \"fleet:check-deleted-files-task\": {\n \"p50\": 24,\n \"p90\": 24,\n \"p95\": 24,\n \"p99\": 24\n },\n \"osquery:telemetry-saved-queries\": {\n \"p50\": 25,\n \"p90\": 25,\n \"p95\": 25,\n \"p99\": 25\n },\n \"task_manager:mark_removed_tasks_as_unrecognized\": {\n \"p50\": 28,\n \"p90\": 28,\n \"p95\": 28,\n \"p99\": 28\n },\n \"task_manager:delete_inactive_background_task_nodes\": {\n \"p50\": 7.5,\n \"p90\": 29,\n \"p95\": 29,\n \"p99\": 29\n },\n \"alerts_invalidate_api_keys\": {\n \"p50\": 34,\n \"p90\": 34,\n \"p95\": 34,\n \"p99\": 34\n },\n \"fleet:unenroll-inactive-agents-task\": {\n \"p50\": 39,\n \"p90\": 39,\n \"p95\": 39,\n \"p99\": 39\n },\n \"alerting_health_check\": {\n \"p50\": 42,\n \"p90\": 42,\n \"p95\": 42,\n \"p99\": 42\n },\n \"Fleet-Usage-Sender\": {\n \"p50\": 78,\n \"p90\": 78,\n \"p95\": 78,\n \"p99\": 78\n },\n \"security:endpoint-diagnostics\": {\n \"p50\": 6,\n \"p90\": 6,\n \"p95\": 6,\n \"p99\": 6\n },\n \"logs-data-telemetry\": {\n \"p50\": 6,\n \"p90\": 6,\n \"p95\": 6,\n \"p99\": 6\n },\n \"security:telemetry-lists\": {\n \"p50\": 6,\n \"p90\": 6,\n \"p95\": 6,\n \"p99\": 6\n },\n \"security:telemetry-timelines\": {\n \"p50\": 6,\n \"p90\": 6,\n \"p95\": 6,\n \"p99\": 6\n },\n \"cases-telemetry-task\": {\n \"p50\": 458,\n \"p90\": 458,\n \"p95\": 458,\n \"p99\": 458\n },\n \"osquery:telemetry-packs\": {\n \"p50\": 10,\n \"p90\": 10,\n \"p95\": 10,\n \"p99\": 10\n },\n \"Fleet-Metrics-Task\": {\n \"p50\": 5,\n \"p90\": 10,\n \"p95\": 10,\n \"p99\": 10\n },\n \"fleet:delete-unenrolled-agents-task\": {\n \"p50\": 11,\n \"p90\": 11,\n \"p95\": 11,\n \"p99\": 11\n },\n \"osquery:telemetry-configs\": {\n \"p50\": 12,\n \"p90\": 12,\n \"p95\": 12,\n \"p99\": 12\n },\n \"endpoint:complete-external-response-actions\": {\n \"p50\": 7,\n \"p90\": 11,\n \"p95\": 11,\n \"p99\": 11\n },\n \"security:telemetry-detection-rules\": {\n \"p50\": 6,\n \"p90\": 6,\n \"p95\": 6,\n \"p99\": 6\n },\n \"security:telemetry-prebuilt-rule-alerts\": {\n \"p50\": 6,\n \"p90\": 6,\n \"p95\": 6,\n \"p99\": 6\n },\n \"security:endpoint-meta-telemetry\": {\n \"p50\": 6,\n \"p90\": 6,\n \"p95\": 6,\n \"p99\": 6\n },\n \"security:telemetry-filterlist-artifact\": {\n \"p50\": 5,\n \"p90\": 5,\n \"p95\": 5,\n \"p99\": 5\n },\n \"security:telemetry-diagnostic-timelines\": {\n \"p50\": 5,\n \"p90\": 5,\n \"p95\": 5,\n \"p99\": 5\n },\n \"security:telemetry-configuration\": {\n \"p50\": 5,\n \"p90\": 5,\n \"p95\": 5,\n \"p99\": 5\n },\n \"security:indices-metadata-telemetry\": {\n \"p50\": 5,\n \"p90\": 5,\n \"p95\": 5,\n \"p99\": 5\n },\n \"Fleet-Usage-Logger\": {\n \"p50\": 18,\n \"p90\": 18,\n \"p95\": 18,\n \"p99\": 18\n },\n \"obs-ai-assistant:knowledge-base-migration\": {\n \"p50\": 8,\n \"p90\": 8,\n \"p95\": 8,\n \"p99\": 8\n },\n \"dashboard_telemetry\": {\n \"p50\": 12,\n \"p90\": 12,\n \"p95\": 12,\n \"p99\": 12\n },\n \"session_cleanup\": {\n \"p50\": 58,\n \"p90\": 58,\n \"p95\": 58,\n \"p99\": 58\n },\n \"ProductDocBase:EnsureUpToDate\": {\n \"p50\": 147,\n \"p90\": 147,\n \"p95\": 147,\n \"p99\": 147\n },\n \"apm-telemetry-task\": {\n \"p50\": 543,\n \"p90\": 543,\n \"p95\": 543,\n \"p99\": 543\n },\n \"ML:saved-objects-sync\": {\n \"p50\": 544,\n \"p90\": 544,\n \"p95\": 544,\n \"p99\": 544\n },\n \"apm-source-map-migration-task\": {\n \"p50\": 1649,\n \"p90\": 3282,\n \"p95\": 3282,\n \"p99\": 3282\n },\n \"actions_telemetry\": {\n \"p50\": 19,\n \"p90\": 19,\n \"p95\": 19,\n \"p99\": 19\n },\n \"alerting_telemetry\": {\n \"p50\": 64,\n \"p90\": 64,\n \"p95\": 64,\n \"p99\": 64\n },\n \"endpoint:metadata-check-transforms-task\": {\n \"p50\": 6,\n \"p90\": 6,\n \"p95\": 6,\n \"p99\": 6\n },\n \"endpoint:user-artifact-packager\": {\n \"p50\": 10,\n \"p90\": 13,\n \"p95\": 13,\n \"p99\": 13\n },\n \"fleet:bump_agent_policies\": {\n \"p50\": 9,\n \"p90\": 9,\n \"p95\": 9,\n \"p99\": 9\n }\n },\n \"duration_by_persistence\": {\n \"recurring\": {\n \"p50\": 9,\n \"p90\": 63.39999999999999,\n \"p95\": 474.99999999999966,\n \"p99\": 544\n },\n \"non_recurring\": {\n \"p50\": 14,\n \"p90\": 2968.500000000001,\n \"p95\": 3282,\n \"p99\": 3282\n }\n },\n \"persistence\": {\n \"recurring\": 88,\n \"non_recurring\": 12\n },\n \"result_frequency_percent_as_number\": {\n \"SLO:ORPHAN_SUMMARIES-CLEANUP-TASK\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"fleet:check-deleted-files-task\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"osquery:telemetry-saved-queries\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"task_manager:mark_removed_tasks_as_unrecognized\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"task_manager:delete_inactive_background_task_nodes\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"alerts_invalidate_api_keys\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"fleet:unenroll-inactive-agents-task\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"alerting_health_check\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"Fleet-Usage-Sender\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:endpoint-diagnostics\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"logs-data-telemetry\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:telemetry-lists\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:telemetry-timelines\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"cases-telemetry-task\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"osquery:telemetry-packs\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"Fleet-Metrics-Task\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"fleet:delete-unenrolled-agents-task\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"osquery:telemetry-configs\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"endpoint:complete-external-response-actions\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:telemetry-detection-rules\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:telemetry-prebuilt-rule-alerts\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:endpoint-meta-telemetry\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:telemetry-filterlist-artifact\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:telemetry-diagnostic-timelines\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:telemetry-configuration\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"security:indices-metadata-telemetry\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"Fleet-Usage-Logger\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"obs-ai-assistant:knowledge-base-migration\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"dashboard_telemetry\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"session_cleanup\": {\n \"Success\": 0,\n \"RetryScheduled\": 100,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"ProductDocBase:EnsureUpToDate\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"apm-telemetry-task\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"ML:saved-objects-sync\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"apm-source-map-migration-task\": {\n \"Success\": 50,\n \"RetryScheduled\": 50,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"actions_telemetry\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"alerting_telemetry\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"endpoint:metadata-check-transforms-task\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"endpoint:user-artifact-packager\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n },\n \"fleet:bump_agent_policies\": {\n \"Success\": 100,\n \"RetryScheduled\": 0,\n \"Failed\": 0,\n \"status\": \"OK\"\n }\n }\n }\n },\n \"status\": \"OK\"\n },\n \"workload\": {\n \"timestamp\": \"2025-03-21T21:29:10.367Z\",\n \"value\": {\n \"count\": 35,\n \"cost\": 70,\n \"task_types\": {\n \"Fleet-Metrics-Task\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"Fleet-Usage-Logger\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"Fleet-Usage-Sender\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"ML:saved-objects-sync\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"SLO:ORPHAN_SUMMARIES-CLEANUP-TASK\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"actions_telemetry\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"alerting_health_check\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"alerting_telemetry\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"alerts_invalidate_api_keys\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"apm-telemetry-task\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"cases-telemetry-task\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"dashboard_telemetry\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"endpoint:complete-external-response-actions\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"endpoint:metadata-check-transforms-task\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"endpoint:user-artifact-packager\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"fleet:check-deleted-files-task\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"fleet:delete-unenrolled-agents-task\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"fleet:unenroll-inactive-agents-task\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"logs-data-telemetry\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"osquery:telemetry-configs\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"osquery:telemetry-packs\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"osquery:telemetry-saved-queries\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:endpoint-diagnostics\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:endpoint-meta-telemetry\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:indices-metadata-telemetry\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:telemetry-configuration\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:telemetry-detection-rules\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:telemetry-diagnostic-timelines\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:telemetry-filterlist-artifact\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:telemetry-lists\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:telemetry-prebuilt-rule-alerts\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"security:telemetry-timelines\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"session_cleanup\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"task_manager:delete_inactive_background_task_nodes\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n },\n \"task_manager:mark_removed_tasks_as_unrecognized\": {\n \"count\": 1,\n \"cost\": 2,\n \"status\": {\n \"idle\": 1\n }\n }\n },\n \"non_recurring\": 1,\n \"non_recurring_cost\": 2,\n \"schedule\": [\n [\n \"1m\",\n 2\n ],\n [\n \"60s\",\n 2\n ],\n [\n \"5m\",\n 2\n ],\n [\n \"10m\",\n 1\n ],\n [\n \"15m\",\n 1\n ],\n [\n \"45m\",\n 1\n ],\n [\n \"1h\",\n 9\n ],\n [\n \"3600s\",\n 1\n ],\n [\n \"60m\",\n 1\n ],\n [\n \"2h\",\n 1\n ],\n [\n \"720m\",\n 2\n ],\n [\n \"24h\",\n 7\n ],\n [\n \"1d\",\n 3\n ],\n [\n \"1440m\",\n 1\n ]\n ],\n \"overdue\": 0,\n \"overdue_cost\": 0,\n \"overdue_non_recurring\": 0,\n \"estimated_schedule_density\": [\n 0,\n 0,\n 0,\n 1,\n 1,\n 1,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 1,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0,\n 0\n ],\n \"capacity_requirements\": {\n \"per_minute\": 4,\n \"per_hour\": 46,\n \"per_day\": 27\n }\n },\n \"status\": \"OK\"\n },\n \"capacity_estimation\": {\n \"status\": \"OK\",\n \"reason\": \"Task Manager is healthy, the assumedRequiredThroughputPerMinutePerKibana (148.78541666666666) \u003c capacityPerMinutePerKibana (1200)\",\n \"timestamp\": \"2025-03-21T21:30:04.780Z\",\n \"value\": {\n \"observed\": {\n \"observed_kibana_instances\": 1,\n \"max_throughput_per_minute_per_kibana\": 1200,\n \"max_throughput_per_minute\": 1200,\n \"minutes_to_drain_overdue\": 0,\n \"avg_recurring_required_throughput_per_minute\": 5,\n \"avg_recurring_required_throughput_per_minute_per_kibana\": 5,\n \"avg_required_throughput_per_minute\": 149,\n \"avg_required_throughput_per_minute_per_kibana\": 149\n },\n \"proposed\": {\n \"provisioned_kibana\": 2,\n \"min_required_kibana\": 1,\n \"avg_recurring_required_throughput_per_minute_per_kibana\": 3,\n \"avg_required_throughput_per_minute_per_kibana\": 75\n }\n }\n }\n }\n}"},"get_connector_types_generativeai_response":{"summary":"A list of connector types for the `generativeAI` feature.","value":[{"id":".gen-ai","name":"OpenAI","enabled":true,"enabled_in_config":true,"enabled_in_license":true,"minimum_license_required":"enterprise","supported_feature_ids":["generativeAIForSecurity","generativeAIForObservability","generativeAIForSearchPlayground"],"is_system_action_type":false},{"id":".bedrock","name":"AWS Bedrock","enabled":true,"enabled_in_config":true,"enabled_in_license":true,"minimum_license_required":"enterprise","supported_feature_ids":["generativeAIForSecurity","generativeAIForObservability","generativeAIForSearchPlayground"],"is_system_action_type":false},{"id":".gemini","name":"Google Gemini","enabled":true,"enabled_in_config":true,"enabled_in_license":true,"minimum_license_required":"enterprise","supported_feature_ids":["generativeAIForSecurity"],"is_system_action_type":false}]},"get_connector_response":{"summary":"Get connector details.","value":{"id":"df770e30-8b8b-11ed-a780-3b746c987a81","name":"my_server_log_connector","config":{},"connector_type_id":".server-log","is_preconfigured":false,"is_deprecated":false,"is_missing_secrets":false,"is_system_action":false}},"update_index_connector_request":{"summary":"Update an index connector.","value":{"name":"updated-connector","config":{"index":"updated-index"}}},"create_email_connector_request":{"summary":"Create an email connector.","value":{"name":"email-connector-1","connector_type_id":".email","config":{"from":"tester@example.com","hasAuth":true,"host":"https://example.com","port":1025,"secure":false,"service":"other"},"secrets":{"user":"username","password":"password"}}},"create_index_connector_request":{"summary":"Create an index connector.","value":{"name":"my-connector","connector_type_id":".index","config":{"index":"test-index"}}},"create_webhook_connector_request":{"summary":"Create a webhook connector with SSL authentication.","value":{"name":"my-webhook-connector","connector_type_id":".webhook","config":{"method":"post","url":"https://example.com","authType":"webhook-authentication-ssl","certType":"ssl-crt-key"},"secrets":{"crt":"QmFnIEF0dH...","key":"LS0tLS1CRUdJ...","password":"my-passphrase"}}},"create_xmatters_connector_request":{"summary":"Create an xMatters connector with URL authentication.","value":{"name":"my-xmatters-connector","connector_type_id":".xmatters","config":{"usesBasic":false},"secrets":{"secretsUrl":"https://example.com?apiKey=xxxxx"}}},"create_email_connector_response":{"summary":"A new email connector.","value":{"id":"90a82c60-478f-11ee-a343-f98a117c727f","connector_type_id":".email","name":"email-connector-1","config":{"from":"tester@example.com","service":"other","host":"https://example.com","port":1025,"secure":false,"hasAuth":true,"tenantId":null,"clientId":null,"oauthTokenUrl":null},"is_preconfigured":false,"is_deprecated":false,"is_missing_secrets":false,"is_system_action":false}},"create_index_connector_response":{"summary":"A new index connector.","value":{"id":"c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad","connector_type_id":".index","name":"my-connector","config":{"index":"test-index","refresh":false,"executionTimeField":null},"is_preconfigured":false,"is_deprecated":false,"is_missing_secrets":false,"is_system_action":false}},"create_webhook_connector_response":{"summary":"A new webhook connector.","value":{"id":"900eb010-3b9d-11ee-a642-8ffbb94e38bd","name":"my-webhook-connector","config":{"method":"post","url":"https://example.com","authType":"webhook-authentication-ssl","certType":"ssl-crt-key","verificationMode":"full","headers":null,"hasAuth":true},"connector_type_id":".webhook","is_preconfigured":false,"is_deprecated":false,"is_missing_secrets":false,"is_system_action":false}},"run_index_connector_request":{"summary":"Run an index connector.","value":{"params":{"documents":[{"id":"my_doc_id","name":"my_doc_name","message":"hello, world"}]}}},"run_jira_connector_request":{"summary":"Run a Jira connector to retrieve the list of issue types.","value":{"params":{"subAction":"issueTypes"}}},"run_servicenow_itom_connector_request":{"summary":"Run a ServiceNow ITOM connector to retrieve the list of choices.","value":{"params":{"subAction":"getChoices","subActionParams":{"fields":["severity","urgency"]}}}},"run_slack_api_connector_request":{"summary":"Run a Slack connector that uses the web API method to post a message on a channel.","value":{"params":{"subAction":"postMessage","subActionParams":{"channelIds":["C123ABC456"],"text":"A test message."}}}},"run_swimlane_connector_request":{"summary":"Run a Swimlane connector to create an incident.","value":{"params":{"subAction":"pushToService","subActionParams":{"comments":[{"commentId":1,"comment":"A comment about the incident."}],"incident":{"caseId":"1000","caseName":"Case name","description":"Description of the incident."}}}}},"run_index_connector_response":{"summary":"Response from running an index connector.","value":{"connector_id":"fd38c600-96a5-11ed-bb79-353b74189cba","data":{"errors":false,"items":[{"create":{"_id":"4JtvwYUBrcyxt2NnfW3y","_index":"my-index","_primary_term":1,"_seq_no":0,"_shards":{"failed":0,"successful":1,"total":2},"_version":1,"result":"created","status":201}}],"took":135},"status":"ok"}},"run_jira_connector_response":{"summary":"Response from retrieving the list of issue types for a Jira connector.","value":{"connector_id":"b3aad810-edbe-11ec-82d1-11348ecbf4a6","data":[{"id":10024,"name":"Improvement"},{"id":10006,"name":"Task"},{"id":10007,"name":"Sub-task"},{"id":10025,"name":"New Feature"},{"id":10023,"name":"Bug"},{"id":10000,"name":"Epic"}],"status":"ok"}},"run_server_log_connector_response":{"summary":"Response from running a server log connector.","value":{"connector_id":"7fc7b9a0-ecc9-11ec-8736-e7d63118c907","status":"ok"}},"run_servicenow_itom_connector_response":{"summary":"Response from retrieving the list of choices for a ServiceNow ITOM connector.","value":{"connector_id":"9d9be270-2fd2-11ed-b0e0-87533c532698","data":[{"dependent_value":"","element":"severity","label":"Critical","value":1},{"dependent_value":"","element":"severity","label":"Major","value":2},{"dependent_value":"","element":"severity","label":"Minor","value":3},{"dependent_value":"","element":"severity","label":"Warning","value":4},{"dependent_value":"","element":"severity","label":"OK","value":5},{"dependent_value":"","element":"severity","label":"Clear","value":0},{"dependent_value":"","element":"urgency","label":"1 - High","value":1},{"dependent_value":"","element":"urgency","label":"2 - Medium","value":2},{"dependent_value":"","element":"urgency","label":"3 - Low","value":3}],"status":"ok"}},"run_slack_api_connector_response":{"summary":"Response from posting a message with a Slack connector.","value":{"status":"ok","data":{"ok":true,"channel":"C123ABC456","ts":"1234567890.123456","message":{"bot_id":"B12BCDEFGHI","type":"message","text":"A test message","user":"U12A345BC6D","ts":"1234567890.123456","app_id":"A01BC2D34EF","blocks":[{"type":"rich_text","block_id":"/NXe","elements":[{"type":"rich_text_section","elements":[{"type":"text","text":"A test message."}]}]}],"team":"T01ABCDE2F","bot_profile":{"id":"B12BCDEFGHI","app_id":"A01BC2D34EF","name":"test","icons":{"image_36":"https://a.slack-edge.com/80588/img/plugins/app/bot_36.png"},"deleted":false,"updated":1672169705,"team_id":"T01ABCDE2F"}}},"connector_id":".slack_api"}},"run_swimlane_connector_response":{"summary":"Response from creating a Swimlane incident.","value":{"connector_id":"a4746470-2f94-11ed-b0e0-87533c532698","data":{"id":"aKPmBHWzmdRQtx6Mx","title":"TEST-457","url":"https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx","pushedDate":"2022-09-08T16:52:27.866Z","comments":[{"commentId":1,"pushedDate":"2022-09-08T16:52:27.865Z"}]},"status":"ok"}},"get_connectors_response":{"summary":"A list of connectors","value":[{"id":"preconfigured-email-connector","name":"my-preconfigured-email-notification","connector_type_id":".email","is_preconfigured":true,"is_deprecated":false,"referenced_by_count":0,"is_system_action":false},{"id":"e07d0c80-8b8b-11ed-a780-3b746c987a81","name":"my-index-connector","config":{"index":"test-index","refresh":false,"executionTimeField":null},"connector_type_id":".index","is_preconfigured":false,"is_deprecated":false,"referenced_by_count":2,"is_missing_secrets":false,"is_system_action":false}]},"get_roles_response1":{"summary":"Get all role details","value":[{"name":"my_kibana_role","description":"My kibana role description","metadata":{"version":1},"transient_metadata":{"enabled":true},"elasticsearch":{"indices":[],"cluster":[],"run_as":[]},"kibana":[{"base":["all"],"feature":{},"spaces":["*"]}]},{"name":"my_admin_role","description":"My admin role description","metadata":{"version":1},"transient_metadata":{"enabled":true},"elasticsearch":{"cluster":["all"],"indices":[{"names":["index1","index2"],"privileges":["all"],"field_security":{"grant":["title","body"]},"query":"{\\\"match\\\": {\\\"title\\\": \\\"foo\\\"}}"}]},"kibana":[]}]},"get_role_response1":{"summary":"Get role details","value":{"name":"my_kibana_role","description":"Grants all cluster privileges and full access to index1 and index2. Grants full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space.","metadata":{"version":1},"transient_metadata":{"enabled":true},"elasticsearch":{"cluster":["all"],"remote_cluster":[{"privileges":["monitor_enrich"],"clusters":["remote_cluster1"]}],"indices":[{"names":["index1","index2"],"privileges":["all"],"allow_restricted_indices":false}],"remote_indices":[{"names":["remote_index1","remote_index2"],"privileges":["all"],"allow_restricted_indices":false,"clusters":["remote_cluster1"]}],"run_as":[]},"kibana":[{"base":["all"],"feature":{},"spaces":["default"]}],"_transform_error":[],"_unrecognized_applications":[]}},"create_role_request1":{"summary":"Feature privileges in multiple spaces","description":"Grant access to various features in some spaces.","value":{"description":"Grant full access to discover and dashboard features in the default space. Grant read access in the marketing, and sales spaces.","metadata":{"version":1},"elasticsearch":{"cluster":[],"indices":[]},"kibana":[{"base":[],"feature":{"discover":["all"],"dashboard":["all"]},"spaces":["default"]},{"base":["read"],"spaces":["marketing","sales"]}]}},"create_role_request2":{"summary":"Dashboard privileges in a space","description":"Grant access to dashboard features in a Marketing space.","value":{"description":"Grant dashboard access in the Marketing space.","metadata":{"version":1},"elasticsearch":{"cluster":[],"indices":[]},"kibana":[{"base":[],"feature":{"dashboard":["read"]},"spaces":["marketing"]}]}},"create_role_request3":{"summary":"Feature privileges in a space","description":"Grant full access to all features in the default space.","value":{"metadata":{"version":1},"elasticsearch":{"cluster":[],"indices":[]},"kibana":[{"base":["all"],"feature":{},"spaces":["default"]}]}},"create_role_request4":{"summary":"Elasticsearch and Kibana feature privileges","description":"Grant Elasticsearch and Kibana feature privileges.","value":{"description":"Grant all cluster privileges and full access to index1 and index2. Grant full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grant all Kibana privileges in the default space.","metadata":{"version":1},"elasticsearch":{"cluster":["all"],"indices":[{"names":["index1","index2"],"privileges":["all"]}],"remote_indices":[{"clusters":["remote_cluster1"],"names":["remote_index1","remote_index2"],"privileges":["all"]}],"remote_cluster":[{"clusters":["remote_cluster1"],"privileges":["monitor_enrich"]}]},"kibana":[{"base":["all"],"feature":{},"spaces":["default"]}]}},"copy_saved_objects_request1":{"summary":"Copy with createNewCopies","description":"Copy a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and that has a reference to a data view.\n","value":{"objects":[{"type":"dashboard","id":"my-dashboard"}],"spaces":["marketing"],"includeReferences":true}},"copy_saved_objects_request2":{"summary":"Copy without createNewCopies","description":"Copy a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and that has a reference to a data view.\n","value":{"objects":[{"type":"dashboard","id":"my-dashboard"}],"spaces":["marketing"],"includeReferences":true,"createNewCopies":false}},"copy_saved_objects_response1":{"summary":"Copy with createNewCopies","description":"The response for successfully copying a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. The result indicates a successful copy and all three objects are created. Since these objects were created as new copies, each entry in the successResults array includes a destinationId attribute.\n","value":{"marketing":{"success":true,"successCount":3,"successResults":[{"id":"my-dashboard","type":"dashboard","destinationId":"1e127098-5b80-417f-b0f1-c60c8395358f","meta":{"icon":"dashboardApp","title":"Look at my dashboard"}},{"id":"my-vis","type":"visualization","destinationId":"a610ed80-1c73-4507-9e13-d3af736c8e04","meta":{"icon":"visualizeApp","title":"Look at my visualization"}},{"id":"my-index-pattern","type":"index-pattern","destinationId":"bc3c9c70-bf6f-4bec-b4ce-f4189aa9e26b","meta":{"icon":"indexPatternApp","title":"my-pattern-*"}}]}}},"copy_saved_objects_response2":{"summary":"Copy without createNewCopies","description":"The response for successfully copying a dashboard with the my-dashboard ID with createNewCopies turned off. The result indicates a successful copy and all three objects are created.\n","value":{"marketing":{"success":true,"successCount":3,"successResults":[{"id":"my-dashboard","type":"dashboard","meta":{"icon":"dashboardApp","title":"Look at my dashboard"}},{"id":"my-vis","type":"visualization","meta":{"icon":"visualizeApp","title":"Look at my visualization"}},{"id":"my-index-pattern","type":"index-pattern","meta":{"icon":"indexPatternApp","title":"my-pattern-*"}}]}}},"copy_saved_objects_response3":{"summary":"Failed copy response with conflict errors","description":"A response for a failed copy of a dashboard with the my-dashboard ID including all references from the default space to the marketing and sales spaces. In this example, the dashboard has a reference to a visualization and a Canvas workpad and the visualization has a reference to an index pattern. The result indicates a successful copy for the marketing space and an unsuccessful copy for the sales space because the data view, visualization, and Canvas workpad each resulted in a conflict error. Objects are created when the error is resolved using the resolve copy conflicts API.\n","value":{"marketing":{"success":true,"successCount":4,"successResults":[{"id":"my-dashboard","type":"dashboard","meta":{"icon":"dashboardApp","title":"Look at my dashboard"}},{"id":"my-vis","type":"visualization","meta":{"icon":"visualizeApp","title":"Look at my visualization"}},{"id":"my-canvas","type":"canvas-workpad","meta":{"icon":"canvasApp","title":"Look at my canvas"}},{"id":"my-index-pattern","type":"index-pattern","meta":{"icon":"indexPatternApp","title":"my-pattern-*"}}]},"sales":{"success":false,"successCount":"1,","errors":[{"id":"my-pattern","type":"index-pattern","title":"my-pattern-*","error":{"type":"conflict"},"meta":{"icon":"indexPatternApp","title":"my-pattern-*"}},{"id":"my-visualization","type":"my-vis","title":"Look at my visualization","error":{"type":"conflict","destinationId":"another-vis"},"meta":{"icon":"visualizeApp","title":"Look at my visualization"}},{"id":"my-canvas","type":"canvas-workpad","title":"Look at my canvas","error":{"type":"ambiguous_conflict","destinations":[{"id":"another-canvas","title":"Look at another canvas","updatedAt":"2020-07-08T16:36:32.377Z"},{"id":"yet-another-canvas","title":"Look at yet another canvas","updatedAt":"2020-07-05T12:29:54.849Z"}]},"meta":{"icon":"canvasApp","title":"Look at my canvas"}}],"successResults\"":[{"id":"my-dashboard","type":"dashboard","meta":{"icon":"dashboardApp","title":"Look at my dashboard"}}]}}},"copy_saved_objects_response4":{"summary":"Failed copy with missing reference errors","description":"The response for successfully copying a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and a Canvas workpad and the visualization has a reference to a data view. The result indicates an unsuccessful copy because the visualization resulted in a missing references error. Objects are created when the errors are resolved using the resolve copy conflicts API.\n","value":{"marketing":{"success":false,"successCount":2,"errors":[{"id":"my-vis","type":"visualization","title":"Look at my visualization","error":{"type":"missing_references","references":[{"type":"index-pattern","id":"my-pattern-*"}]},"meta":{"icon":"visualizeApp","title":"Look at my visualization"}}],"successResults":[{"id":"my-dashboard","type":"dashboard","meta":{"icon":"dashboardApp","title":"Look at my dashboard"}},{"id":"my-canvas","type":"canvas-workpad","meta":{"icon":"canvasApp","title":"Look at my canvas"}}]}}},"disable_legacy_url_request1":{"summary":"Disable legacy URL aliases","description":"This request leaves the alias intact but the legacy URL for this alias (http://localhost:5601/s/bills-space/app/dashboards#/view/123) will no longer function. The dashboard still exists and you can access it with the new URL.\n","value":{"aliases":[{"targetSpace":"bills-space","targetType":"dashboard","sourceId":123}]}},"resolve_copy_saved_objects_request1":{"summary":"Resolve conflict errors","description":"Resolve conflict errors for a data view, visualization, and Canvas workpad by overwriting the existing saved objects. NOTE: If a prior copy attempt resulted in resolvable errors, you must include a retry for each object you want to copy, including any that were returned in the successResults array. In this example, we retried copying the dashboard accordingly.\n","value":{"objects":[{"type":"dashboard","id":"my-dashboard"}],"includeReferences":true,"createNewCopies":false,"retries":{"sales":[{"type":"index-pattern","id":"my-pattern","overwrite":true},{"type":"visualization","id":"my-vis","overwrite":"true,","destinationId":"another-vis"},{"type":"canvas","id":"my-canvas","overwrite":true,"destinationId":"yet-another-canvas"},{"type":"dashboard","id":"my-dashboard"}]}}},"resolve_copy_saved_objects_request2":{"summary":"Resolve missing reference errors","description":"Resolve missing reference errors for a visualization by ignoring the error. NOTE: If a prior copy attempt resulted in resolvable errors, you must include a retry for each object you want to copy, including any that were returned in the successResults array. In this example, we retried copying the dashboard and canvas accordingly.\n","value":{"objects":[{"type":"dashboard","id":"my-dashboard"}],"includeReferences":true,"createNewCopies":false,"retries":{"marketing":[{"type":"visualization","id":"my-vis","ignoreMissingReferences":true},{"type":"canvas","id":"my-canvas"},{"type":"dashboard","id":"my-dashboard"}]}}},"update_saved_objects_spaces_request1":{"summary":"Update saved object spaces","description":"Update the spaces of each saved object and all its references.","value":{"objects":[{"type":"index-pattern","id":"90943e30-9a47-11e8-b64d-95841ca0b247"}],"spacesToAdd":["test"],"spacesToRemove":[]}},"update_saved_objects_spaces_response1":{"summary":"Update saved object spaces","description":"The response from updating the spaces of saved objects.\n","value":{"objects":[{"type":"index-pattern","id":"90943e30-9a47-11e8-b64d-95841ca0b247","spaces":["default","test"]}]}},"get_spaces_response1":{"summary":"Get all spaces","description":"Get all spaces without specifying any options.","value":[{"id":"default","name":"Default","description":"This is the Default Space","disabledFeatures":[],"imageUrl":"","_reserved":true},{"id":"marketing","name":"Marketing","description":"This is the Marketing Space","color":null,"disabledFeatures":["apm"],"initials":"MK","imageUrl":"data:image/png;base64,iVBORw0KGgoAAAANSU"},{"id":"sales","name":"Sales","initials":"MK","disabledFeatures":["discover"],"imageUr\"":"","solution":"oblt"}]},"get_spaces_response2":{"summary":"Get all spaces with custom options","description":"The user has read-only access to the Sales space. Get all spaces with the following query parameters: \"purpose=shareSavedObjectsIntoSpace\u0026include_authorized_purposes=true\"\n","value":[{"id":"default","name":"Default","description":"This is the Default Space","disabledFeatures":[],"imageUrl":"","_reserved":true,"authorizedPurposes":{"any":true,"copySavedObjectsIntoSpace":true,"findSavedObjects":true,"shareSavedObjectsIntoSpace":true}},{"id":"marketing","name":"Marketing","description":"This is the Marketing Space","color":null,"disabledFeatures":["apm"],"initials":"MK","imageUrl":"data:image/png;base64,iVBORw0KGgoAAAANSU","authorizedPurposes":{"any":true,"copySavedObjectsIntoSpace":true,"findSavedObjects":true,"shareSavedObjectsIntoSpace":true}},{"id":"sales","name":"Sales","initials":"MK","disabledFeatures":["discover"],"imageUrl":"","authorizedPurposes":{"any":true,"copySavedObjectsIntoSpace":false,"findSavedObjects":true,"shareSavedObjectsIntoSpace":false}}]},"create_space_request":{"summary":"Create a marketing space","value":{"id":"marketing","name":"Marketing","description":"This is the Marketing Space","color":null,"initials":"MK","disabledFeatures":[],"imageUrl":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAD4AAABACAYAAABC6cT1AAAGf0lEQVRoQ+3abYydRRUH8N882xYo0IqagEVjokQJKAiKBjXExC9G/aCkGowCIghCkRcrVSSKIu/FEiqgGL6gBIlAYrAqUTH6hZgQFVEMKlQFfItWoQWhZe8z5uzMLdvbfbkLxb13d+fbvfe588x/zpn/+Z9zJpmnI81T3BaAzzfLL1h8weLzZAcWXH2eGHo7zAWLL1h8nuzAjFw9G1N6Kzq8HnuM36MR8iibF3Fv4q+7cv8yDV6K13bYq2furSP8Ag8ncr/vnSnwRViJT2GfCV7yL1yHGxLb+l3EdM9lluNEnIC9xz+f2ZL4Er6Z2DrdXN3fZwp8CU7OfDHxggle8lTLbQ1nJ/7Z7yKmey5zYGZt4h2IzR8/trRc2PDlxJPTzfVcgJ+CC0wMPOa9F6cm7up3EVM9V9386MxliVdM8GwAv6hh/awCz/w7lY25OtF5ruBz4ZLP42NYNrDAFbC3YPWuILnMAfgq3oaRQQYea/stViV+sgssvjKzLvGySeaaNVfP4d7Btokgvxj/bblgpueuF1hmWcyTCmfE3J3M1lTcv0vMswM88zR+jpw4osu6me8kzkpsfLZWzxyRuabO22buxxOJ12FxnXfWgEe83pB5sOE47BsLymzscOoi7nw2JJfZreUjiUsTyzKPZm5NvBDvSuw268AzNzV8H5/Am+qCnsAXgpgSW2Zq9cyKlksbPlTd+te4quWNieMHBfiNDdciYnwsdI/MaOaWhnMTf54J8CqNj8x8JXFIZltYu+HqlmNT8YSBsHgAPw/vxvlVV4du/s0oaxbxg0TbL/jMni0nNcVjQq7+HZfgtpbzBg342TgQ63AkmsymxBW4IjE6A+D7Vzd/fyWxIM/VuCe+HzTgZ2Jpy/kNJ2FJLmLm24mPJ/42A+Bvrxt4SISwlhsaPodH26LZB8rVA3inwwebsrixJCZzX+KMxI/7AV61eVh3DV6Mx3EOvh4kN6jAg8nfUCXm4d1wE66OyxNPTQc+s3/o/MoXizL3JE5O3F3P/uBZPPF4Zr+Wi5uSO48ZPRdyCwn7YB/A35m5KhWNHox4fcNnIs0ddOCRSBxf8+cQG+Huf0l8NJVYP+nI7NXy2ar4QqIGm69JfKPOE2w/mBavCzwM11R2D+ChsUO7hyUfmwx55qDM1xJvqZ7y08TpifuGBfjeURVJnNIVGpkNiXNS0ds7jcySDitDCCWW56LJ10fRo8sNA+3qXUSZD2CtQlZh9T+1rB7h9oliembflnMbzqgSNZKbKGHdPm7OwXb1CvQ1metSETMpszmzvikCJNh/h5E5PHNl4qga/+/cxqrdeWDYgIe7X5L4cGJPJX2940lOX8pD41FnFnc4riluvQKbK0dcHJFi2IBHNTQSlguru4d2/wPOTNzRA3x5y+U1E1uqWDkETOT026XuUJzx6u7ReLhSYenQ7uHua0fKZmwfmcPqsQjxE5WVONcRxn7X89zgn/EKPMRMxOVQXmP18Mx3q3b/Y/0cQE/IhFtHESMsHFlZ1Ml3CH3DZPHImY+pxcKumNmYirtvqMBfhMuU6s3iqOQkTsMPe1tCQwO8Ajs0lxr7W+vnp1MJc9EgCNd/cy6x+9D4veXmprj5wxMw/3C4egW6zzgZOlYZzfwo3F2J7ael0pJamvlPKgWNKFft1AAcKotXoFEbD7kaoSoQPVKB35+5KHF0lai/rJo+up87jWEE/qqqwY+qrL21LWLm95lPJ16ppKw31XC3PXYPJauPEx7B6BHCgrSizRs18qiaRp8tlN3ueCTYPHH9RNaunjI8Z7wLYpT3jZSCYXQ8e9vTsRE/q+no3XMKeObgGtaintbb/AvXj4JDkNw/5hrwYPfIvlZFUbLn7G5q+eQIN09Vnho6cqvnM/Lt99RixH49wO8K0ZL41WTWHoQzvsNVkOheZqKhEGpsp3SzB+BBtZAYve7uOR9tuTaaB6l0XScdYfEQPpkTUyHEGP+XqyDBzu+NBCITUjNWHynkrbWKOuWFn1xKzqsyx0bdvS78odp0+N503Zao0uCsWuSIDku8/7EO60b41vN5+Ses9BKlTdvd8bhp9EBvJjWJAIn/vxwHe6b3tSk6JFPV4nq85oAOrx555v/x/rh3E6Lo+bnuNS4uB4Cuq0ZfvO8X1rM6q/+vnjLVqZq7v83onttc2oYF4HPJmv1gWbB4P7s0l55ZsPhcsmY/WBYs3s8uzaVn5q3F/wf70mRuBCtbjQAAAABJRU5ErkJggg=="}},"get_space_response":{"summary":"Get details about a marketing space","value":{"id":"marketing","name":"Marketing","description":"This is the Marketing Space","color":null,"initials":"MK","disabledFeatures":[],"imageUrl":"","solution":"es"}},"update_space_request":{"summary":"Update a marketing space","description":"Update the marketing space to remove the imageUrl.","value":{"id":"marketing","name":"Marketing","description":"This is the Marketing Space","color":null,"initials":"MK","disabledFeatures":[],"imageUrl":""}}},"parameters":{"APM_UI_elastic_api_version":{"description":"The version of the API to use","in":"header","name":"elastic-api-version","required":true,"schema":{"default":"2023-10-31","enum":["2023-10-31"],"type":"string"}},"APM_UI_kbn_xsrf":{"description":"A required header to protect against CSRF attacks","in":"header","name":"kbn-xsrf","required":true,"schema":{"example":"true","type":"string"}},"Cases_alert_id":{"description":"An identifier for the alert.","in":"path","name":"alertId","required":true,"schema":{"example":"09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540","type":"string"}},"Cases_assignees_filter":{"description":"Filters the returned cases by assignees. Valid values are `none` or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API.\n","in":"query","name":"assignees","schema":{"oneOf":[{"$ref":"#/components/schemas/Cases_string"},{"$ref":"#/components/schemas/Cases_string_array"}]}},"Cases_case_id":{"description":"The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.","in":"path","name":"caseId","required":true,"schema":{"example":"9c235210-6834-11ea-a78c-6ffb38a34414","type":"string"}},"Cases_category":{"description":"Filters the returned cases by category.","in":"query","name":"category","schema":{"oneOf":[{"$ref":"#/components/schemas/Cases_case_category"},{"$ref":"#/components/schemas/Cases_case_categories"}]}},"Cases_comment_id":{"description":"The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.\n","in":"path","name":"commentId","required":true,"schema":{"example":"71ec1870-725b-11ea-a0b2-c51ea50a58e2","type":"string"}},"Cases_configuration_id":{"description":"An identifier for the configuration.","in":"path","name":"configurationId","required":true,"schema":{"example":"3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9","type":"string"}},"Cases_connector_id":{"description":"An identifier for the connector. To retrieve connector IDs, use the find connectors API.","in":"path","name":"connectorId","required":true,"schema":{"example":"abed3a70-71bd-11ea-a0b2-c51ea50a58e2","type":"string"}},"Cases_defaultSearchOperator":{"description":"he default operator to use for the simple_query_string.","example":"OR","in":"query","name":"defaultSearchOperator","schema":{"default":"OR","type":"string"}},"Cases_from":{"description":"Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression.\n","in":"query","name":"from","schema":{"example":"now-1d","type":"string"}},"Cases_ids":{"description":"The cases that you want to removed. All non-ASCII characters must be URL encoded.\n","example":"d4e7abb0-b462-11ec-9a8d-698504725a43","in":"query","name":"ids","required":true,"schema":{"items":{"maxItems":100,"minItems":1,"type":"string"},"type":"array"}},"Cases_kbn_xsrf":{"description":"Cross-site request forgery protection","in":"header","name":"kbn-xsrf","required":true,"schema":{"type":"string"}},"Cases_owner_filter":{"description":"A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.\n","example":"cases","in":"query","name":"owner","schema":{"oneOf":[{"$ref":"#/components/schemas/Cases_owner"},{"$ref":"#/components/schemas/Cases_owners"}]}},"Cases_page_index":{"description":"The page number to return.","in":"query","name":"page","required":false,"schema":{"default":1,"type":"integer"}},"Cases_page_size":{"description":"The number of items to return. Limited to 100 items.","in":"query","name":"perPage","required":false,"schema":{"default":20,"maximum":100,"type":"integer"}},"Cases_reporters":{"description":"Filters the returned cases by the user name of the reporter.","example":"elastic","in":"query","name":"reporters","schema":{"oneOf":[{"$ref":"#/components/schemas/Cases_string"},{"$ref":"#/components/schemas/Cases_string_array"}]}},"Cases_search":{"description":"An Elasticsearch simple_query_string query that filters the objects in the response.","in":"query","name":"search","schema":{"type":"string"}},"Cases_searchFields":{"description":"The fields to perform the simple_query_string parsed query against.","in":"query","name":"searchFields","schema":{"oneOf":[{"$ref":"#/components/schemas/Cases_searchFieldsType"},{"$ref":"#/components/schemas/Cases_searchFieldsTypeArray"}]}},"Cases_severity":{"description":"The severity of the case.","in":"query","name":"severity","schema":{"enum":["critical","high","low","medium"],"type":"string"}},"Cases_sort_order":{"description":"Determines the sort order.","in":"query","name":"sortOrder","required":false,"schema":{"default":"desc","enum":["asc","desc"],"type":"string"}},"Cases_sortField":{"description":"Determines which field is used to sort the results.","example":"updatedAt","in":"query","name":"sortField","schema":{"default":"createdAt","enum":["createdAt","updatedAt","closedAt","title","category","status","severity"],"type":"string"}},"Cases_status":{"description":"Filters the returned cases by state.","example":"open","in":"query","name":"status","schema":{"enum":["closed","in-progress","open"],"type":"string"}},"Cases_tags":{"description":"Filters the returned cases by tags.","example":"tag-1","in":"query","name":"tags","schema":{"oneOf":[{"$ref":"#/components/schemas/Cases_string"},{"$ref":"#/components/schemas/Cases_string_array"}]}},"Cases_to":{"description":"Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.\n","example":"now+1d","in":"query","name":"to","schema":{"type":"string"}},"Cases_user_action_types":{"description":"Determines the types of user actions to return.","example":"create_case","in":"query","name":"types","schema":{"items":{"enum":["action","alert","assignees","attachment","comment","connector","create_case","description","pushed","settings","severity","status","tags","title","user"],"type":"string"},"type":"array"}},"Data_views_field_name":{"description":"The name of the runtime field.","in":"path","name":"fieldName","required":true,"schema":{"example":"hour_of_day","type":"string"}},"Data_views_kbn_xsrf":{"description":"Cross-site request forgery protection","in":"header","name":"kbn-xsrf","required":true,"schema":{"type":"string"}},"Data_views_view_id":{"description":"An identifier for the data view.","in":"path","name":"viewId","required":true,"schema":{"example":"ff959d40-b880-11e8-a6d9-e546fe2bba5f","type":"string"}},"Machine_learning_APIs_simulateParam":{"description":"When true, simulates the synchronization by returning only the list of actions that would be performed.","example":"true","in":"query","name":"simulate","required":false,"schema":{"type":"boolean"}},"Saved_objects_kbn_xsrf":{"description":"Cross-site request forgery protection","in":"header","name":"kbn-xsrf","required":true,"schema":{"type":"string"}},"Saved_objects_saved_object_id":{"description":"An identifier for the saved object.","in":"path","name":"id","required":true,"schema":{"type":"string"}},"Saved_objects_saved_object_type":{"description":"Valid options include `visualization`, `dashboard`, `search`, `index-pattern`, `config`.","in":"path","name":"type","required":true,"schema":{"type":"string"}},"Short_URL_APIs_idParam":{"description":"The identifier for the short URL.","in":"path","name":"id","required":true,"schema":{"type":"string"}},"SLOs_kbn_xsrf":{"description":"Cross-site request forgery protection","in":"header","name":"kbn-xsrf","required":true,"schema":{"type":"string"}},"SLOs_slo_id":{"description":"An identifier for the slo.","in":"path","name":"sloId","required":true,"schema":{"example":"9c235211-6834-11ea-a78c-6feb38a34414","type":"string"}},"SLOs_space_id":{"description":"An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used.","in":"path","name":"spaceId","required":true,"schema":{"example":"default","type":"string"}}},"schemas":{"Alerting_401_response":{"properties":{"error":{"enum":["Unauthorized"],"example":"Unauthorized","type":"string"},"message":{"type":"string"},"statusCode":{"enum":[401],"example":401,"type":"integer"}},"title":"Unsuccessful rule API response","type":"object"},"Alerting_fieldmap_properties":{"title":"Field map objects in the get rule types response","type":"object","properties":{"array":{"description":"Indicates whether the field is an array.","type":"boolean"},"dynamic":{"description":"Indicates whether it is a dynamic field mapping.","type":"boolean"},"format":{"description":"Indicates the format of the field. For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`.\n","type":"string"},"ignore_above":{"description":"Specifies the maximum length of a string field. Longer strings are not indexed or stored.","type":"integer"},"index":{"description":"Indicates whether field values are indexed.","type":"boolean"},"path":{"description":"TBD","type":"string"},"properties":{"additionalProperties":{"type":"object","properties":{"type":{"description":"The data type for each object property.","type":"string"}}},"description":"Details about the object properties. This property is applicable when `type` is `object`.\n","type":"object"},"required":{"description":"Indicates whether the field is required.","type":"boolean"},"scaling_factor":{"description":"The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. \n","type":"integer"},"type":{"description":"Specifies the data type for the field.","example":"scaled_float","type":"string"}}},"APM_UI_400_response":{"type":"object","properties":{"error":{"description":"Error type","example":"Not Found","type":"string"},"message":{"description":"Error message","example":"Not Found","type":"string"},"statusCode":{"description":"Error status code","example":400,"type":"number"}}},"APM_UI_401_response":{"type":"object","properties":{"error":{"description":"Error type","example":"Unauthorized","type":"string"},"message":{"description":"Error message","type":"string"},"statusCode":{"description":"Error status code","example":401,"type":"number"}}},"APM_UI_403_response":{"type":"object","properties":{"error":{"description":"Error type","example":"Forbidden","type":"string"},"message":{"description":"Error message","type":"string"},"statusCode":{"description":"Error status code","example":403,"type":"number"}}},"APM_UI_404_response":{"type":"object","properties":{"error":{"description":"Error type","example":"Not Found","type":"string"},"message":{"description":"Error message","example":"Not Found","type":"string"},"statusCode":{"description":"Error status code","example":404,"type":"number"}}},"APM_UI_500_response":{"type":"object","properties":{"error":{"description":"Error type","example":"Internal Server Error","type":"string"},"message":{"description":"Error message","type":"string"},"statusCode":{"description":"Error status code","example":500,"type":"number"}}},"APM_UI_501_response":{"type":"object","properties":{"error":{"description":"Error type","example":"Not Implemented","type":"string"},"message":{"description":"Error message","example":"Not Implemented","type":"string"},"statusCode":{"description":"Error status code","example":501,"type":"number"}}},"APM_UI_agent_configuration_intake_object":{"type":"object","properties":{"agent_name":{"description":"The agent name is used by the UI to determine which settings to display.","type":"string"},"service":{"$ref":"#/components/schemas/APM_UI_service_object"},"settings":{"$ref":"#/components/schemas/APM_UI_settings_object"}},"required":["service","settings"]},"APM_UI_agent_configuration_object":{"description":"Agent configuration","type":"object","properties":{"@timestamp":{"description":"Timestamp","example":1730194190636,"type":"number"},"agent_name":{"description":"Agent name","type":"string"},"applied_by_agent":{"description":"Applied by agent","example":true,"type":"boolean"},"etag":{"description":"`etag` is sent by the APM agent to indicate the `etag` of the last successfully applied configuration. If the `etag` matches an existing configuration its `applied_by_agent` property will be set to `true`. Every time a configuration is edited `applied_by_agent` is reset to `false`.\n","example":"0bc3b5ebf18fba8163fe4c96f491e3767a358f85","type":"string"},"service":{"$ref":"#/components/schemas/APM_UI_service_object"},"settings":{"$ref":"#/components/schemas/APM_UI_settings_object"}},"required":["service","settings","@timestamp","etag"]},"APM_UI_agent_configurations_response":{"type":"object","properties":{"configurations":{"description":"Agent configuration","items":{"$ref":"#/components/schemas/APM_UI_agent_configuration_object"},"type":"array"}}},"APM_UI_agent_keys_object":{"type":"object","properties":{"name":{"description":"The name of the APM agent key.","type":"string"},"privileges":{"description":"The APM agent key privileges. It can take one or more of the following values:\n* `event:write`, which is required for ingesting APM agent events. * `config_agent:read`, which is required for APM agents to read agent configuration remotely.\n","items":{"enum":["event:write","config_agent:read"],"type":"string"},"type":"array"}},"required":["name","privileges"]},"APM_UI_agent_keys_response":{"type":"object","properties":{"agentKey":{"description":"Agent key","type":"object","properties":{"api_key":{"type":"string"},"encoded":{"type":"string"},"expiration":{"format":"int64","type":"integer"},"id":{"type":"string"},"name":{"type":"string"}},"required":["id","name","api_key","encoded"]}}},"APM_UI_annotation_search_response":{"type":"object","properties":{"annotations":{"description":"Annotations","items":{"type":"object","properties":{"@timestamp":{"type":"number"},"id":{"type":"string"},"text":{"type":"string"},"type":{"enum":["version"],"type":"string"}}},"type":"array"}}},"APM_UI_base_source_map_object":{"type":"object","properties":{"compressionAlgorithm":{"description":"Compression Algorithm","type":"string"},"created":{"description":"Created date","type":"string"},"decodedSha256":{"description":"Decoded SHA-256","type":"string"},"decodedSize":{"description":"Decoded size","type":"number"},"encodedSha256":{"description":"Encoded SHA-256","type":"string"},"encodedSize":{"description":"Encoded size","type":"number"},"encryptionAlgorithm":{"description":"Encryption Algorithm","type":"string"},"id":{"description":"Identifier","type":"string"},"identifier":{"description":"Identifier","type":"string"},"packageName":{"description":"Package name","type":"string"},"relative_url":{"description":"Relative URL","type":"string"},"type":{"description":"Type","type":"string"}}},"APM_UI_create_annotation_object":{"type":"object","properties":{"@timestamp":{"description":"The date and time of the annotation. It must be in ISO 8601 format.","type":"string"},"message":{"description":"The message displayed in the annotation. It defaults to `service.version`.","type":"string"},"service":{"description":"The service that identifies the configuration to create or update.","type":"object","properties":{"environment":{"description":"The environment of the service.","type":"string"},"version":{"description":"The version of the service.","type":"string"}},"required":["version"]},"tags":{"description":"Tags are used by the Applications UI to distinguish APM annotations from other annotations. Tags may have additional functionality in future releases. It defaults to `[apm]`. While you can add additional tags, you cannot remove the `apm` tag.\n","items":{"type":"string"},"type":"array"}},"required":["@timestamp","service"]},"APM_UI_create_annotation_response":{"type":"object","properties":{"_id":{"description":"Identifier","type":"string"},"_index":{"description":"Index","type":"string"},"_source":{"description":"Response","type":"object","properties":{"@timestamp":{"type":"string"},"annotation":{"type":"object","properties":{"title":{"type":"string"},"type":{"type":"string"}}},"event":{"type":"object","properties":{"created":{"type":"string"}}},"message":{"type":"string"},"service":{"type":"object","properties":{"environment":{"type":"string"},"name":{"type":"string"},"version":{"type":"string"}}},"tags":{"items":{"type":"string"},"type":"array"}}}}},"APM_UI_delete_agent_configurations_response":{"type":"object","properties":{"result":{"description":"Result","type":"string"}}},"APM_UI_search_agent_configuration_object":{"type":"object","properties":{"etag":{"description":"If etags match then `applied_by_agent` field will be set to `true`","example":"0bc3b5ebf18fba8163fe4c96f491e3767a358f85","type":"string"},"mark_as_applied_by_agent":{"description":"`markAsAppliedByAgent=true` means \"force setting it to true regardless of etag\".\nThis is needed for Jaeger agent that doesn't have etags\n","type":"boolean"},"service":{"$ref":"#/components/schemas/APM_UI_service_object"}},"required":["service"]},"APM_UI_search_agent_configuration_response":{"type":"object","properties":{"_id":{"description":"Identifier","type":"string"},"_index":{"description":"Index","type":"string"},"_score":{"description":"Score","type":"number"},"_source":{"$ref":"#/components/schemas/APM_UI_agent_configuration_object"}}},"APM_UI_service_agent_name_response":{"type":"object","properties":{"agentName":{"description":"Agent name","example":"nodejs","type":"string"}}},"APM_UI_service_environment_object":{"type":"object","properties":{"alreadyConfigured":{"description":"Already configured","type":"boolean"},"name":{"description":"Service environment name","example":"ALL_OPTION_VALUE","type":"string"}}},"APM_UI_service_environments_response":{"type":"object","properties":{"environments":{"description":"Service environment list","items":{"$ref":"#/components/schemas/APM_UI_service_environment_object"},"type":"array"}}},"APM_UI_service_object":{"description":"Service","type":"object","properties":{"environment":{"description":"The environment of the service.","example":"prod","type":"string"},"name":{"description":"The name of the service.","example":"node","type":"string"}}},"APM_UI_settings_object":{"additionalProperties":{"type":"string"},"description":"Agent configuration settings","type":"object"},"APM_UI_single_agent_configuration_response":{"allOf":[{"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},{"$ref":"#/components/schemas/APM_UI_agent_configuration_object"}]},"APM_UI_source_maps_response":{"type":"object","properties":{"artifacts":{"description":"Artifacts","items":{"allOf":[{"type":"object","properties":{"body":{"type":"object","properties":{"bundleFilepath":{"type":"string"},"serviceName":{"type":"string"},"serviceVersion":{"type":"string"},"sourceMap":{"type":"object","properties":{"file":{"type":"string"},"mappings":{"type":"string"},"sourceRoot":{"type":"string"},"sources":{"items":{"type":"string"},"type":"array"},"sourcesContent":{"items":{"type":"string"},"type":"array"},"version":{"type":"number"}}}}}}},{"$ref":"#/components/schemas/APM_UI_base_source_map_object"}]},"type":"array"}}},"APM_UI_upload_source_map_object":{"type":"object","properties":{"bundle_filepath":{"description":"The absolute path of the final bundle as used in the web application.","type":"string"},"service_name":{"description":"The name of the service that the service map should apply to.","type":"string"},"service_version":{"description":"The version of the service that the service map should apply to.","type":"string"},"sourcemap":{"description":"The source map. It can be a string or file upload. It must follow the\n[source map format specification](https://tc39.es/ecma426/).\n","format":"binary","type":"string"}},"required":["service_name","service_version","bundle_filepath","sourcemap"]},"APM_UI_upload_source_maps_response":{"allOf":[{"type":"object","properties":{"body":{"type":"string"}}},{"$ref":"#/components/schemas/APM_UI_base_source_map_object"}]},"Cases_4xx_response":{"properties":{"error":{"example":"Unauthorized","type":"string"},"message":{"type":"string"},"statusCode":{"example":401,"type":"integer"}},"title":"Unsuccessful cases API response","type":"object"},"Cases_actions":{"enum":["add","create","delete","push_to_service","update"],"example":"create","type":"string"},"Cases_add_alert_comment_request_properties":{"description":"Defines properties for case comment requests when type is alert.","type":"object","properties":{"alertId":{"$ref":"#/components/schemas/Cases_alert_identifiers"},"index":{"$ref":"#/components/schemas/Cases_alert_indices"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"rule":{"$ref":"#/components/schemas/Cases_rule"},"type":{"description":"The type of comment.","enum":["alert"],"example":"alert","type":"string"}},"required":["alertId","index","owner","rule","type"],"title":"Add case comment request properties for alerts"},"Cases_add_case_comment_request":{"description":"The add comment to case API request body varies depending on whether you are adding an alert or a comment.","discriminator":{"mapping":{"alert":"#/components/schemas/Cases_add_alert_comment_request_properties","user":"#/components/schemas/Cases_add_user_comment_request_properties"},"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/Cases_add_alert_comment_request_properties"},{"$ref":"#/components/schemas/Cases_add_user_comment_request_properties"}],"title":"Add case comment request"},"Cases_add_case_file_request":{"description":"Defines the file that will be attached to the case. Optional parameters will be generated automatically from the file metadata if not defined.","type":"object","properties":{"file":{"description":"The file being attached to the case.","format":"binary","type":"string"},"filename":{"description":"The desired name of the file being attached to the case, it can be different than the name of the file in the filesystem. **This should not include the file extension.**","type":"string"}},"required":["file"],"title":"Add case file request properties"},"Cases_add_user_comment_request_properties":{"description":"Defines properties for case comment requests when type is user.","properties":{"comment":{"description":"The new comment. It is required only when `type` is `user`.","example":"A new comment.","maxLength":30000,"type":"string"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"type":{"description":"The type of comment.","enum":["user"],"example":"user","type":"string"}},"required":["comment","owner","type"],"title":"Add case comment request properties for user comments","type":"object"},"Cases_alert_comment_response_properties":{"title":"Add case comment response properties for alerts","type":"object","properties":{"alertId":{"items":{"example":"a6e12ac4-7bce-457b-84f6-d7ce8deb8446","type":"string"},"type":"array"},"created_at":{"example":"2023-11-06T19:29:38.424Z","format":"date-time","type":"string"},"created_by":{"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"id":{"example":"73362370-ab1a-11ec-985f-97e55adae8b9","type":"string"},"index":{"items":{"example":".internal.alerts-security.alerts-default-000001","type":"string"},"type":"array"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"pushed_at":{"example":null,"format":"date-time","nullable":true,"type":"string"},"pushed_by":{"nullable":true,"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"rule":{"type":"object","properties":{"id":{"description":"The rule identifier.","example":"94d80550-aaf4-11ec-985f-97e55adae8b9","type":"string"},"name":{"description":"The rule name.","example":"security_rule","type":"string"}}},"type":{"enum":["alert"],"example":"alert","type":"string"},"updated_at":{"format":"date-time","nullable":true,"type":"string"},"updated_by":{"nullable":true,"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"version":{"example":"WzMwNDgsMV0=","type":"string"}},"required":["type"]},"Cases_alert_identifiers":{"description":"The alert identifiers. It is required only when `type` is `alert`. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; `index` must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n","example":"6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42","oneOf":[{"type":"string"},{"items":{"type":"string"},"maxItems":1000,"type":"array"}],"title":"Alert identifiers","x-state":"Technical preview"},"Cases_alert_indices":{"description":"The alert indices. It is required only when `type` is `alert`. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the `alertId` array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n","oneOf":[{"type":"string"},{"items":{"type":"string"},"maxItems":1000,"type":"array"}],"title":"Alert indices","x-state":"Technical preview"},"Cases_alert_response_properties":{"type":"object","properties":{"attached_at":{"format":"date-time","type":"string"},"id":{"description":"The alert identifier.","type":"string"},"index":{"description":"The alert index.","type":"string"}}},"Cases_assignees":{"description":"An array containing users that are assigned to the case.","items":{"type":"object","properties":{"uid":{"description":"A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.","example":"u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0","type":"string"}},"required":["uid"]},"maxItems":10,"nullable":true,"type":"array"},"Cases_case_categories":{"items":{"$ref":"#/components/schemas/Cases_case_category"},"maxItems":100,"type":"array"},"Cases_case_category":{"description":"A word or phrase that categorizes the case.","maxLength":50,"type":"string"},"Cases_case_description":{"description":"The description for the case.","maxLength":30000,"type":"string"},"Cases_case_response_closed_by_properties":{"nullable":true,"properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"],"title":"Case response properties for closed_by","type":"object"},"Cases_case_response_created_by_properties":{"title":"Case response properties for created_by","type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"Cases_case_response_properties":{"title":"Case response properties","type":"object","properties":{"assignees":{"$ref":"#/components/schemas/Cases_assignees"},"category":{"description":"The case category.","nullable":true,"type":"string"},"closed_at":{"format":"date-time","nullable":true,"type":"string"},"closed_by":{"$ref":"#/components/schemas/Cases_case_response_closed_by_properties"},"comments":{"description":"An array of comment objects for the case.","items":{"discriminator":{"mapping":{"alert":"#/components/schemas/Cases_alert_comment_response_properties","user":"#/components/schemas/Cases_user_comment_response_properties"},"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/Cases_alert_comment_response_properties"},{"$ref":"#/components/schemas/Cases_user_comment_response_properties"}]},"maxItems":10000,"title":"Case response properties for comments","type":"array"},"connector":{"discriminator":{"mapping":{".cases-webhook":"#/components/schemas/Cases_connector_properties_cases_webhook",".jira":"#/components/schemas/Cases_connector_properties_jira",".none":"#/components/schemas/Cases_connector_properties_none",".resilient":"#/components/schemas/Cases_connector_properties_resilient",".servicenow":"#/components/schemas/Cases_connector_properties_servicenow",".servicenow-sir":"#/components/schemas/Cases_connector_properties_servicenow_sir",".swimlane":"#/components/schemas/Cases_connector_properties_swimlane"},"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/Cases_connector_properties_none"},{"$ref":"#/components/schemas/Cases_connector_properties_cases_webhook"},{"$ref":"#/components/schemas/Cases_connector_properties_jira"},{"$ref":"#/components/schemas/Cases_connector_properties_resilient"},{"$ref":"#/components/schemas/Cases_connector_properties_servicenow"},{"$ref":"#/components/schemas/Cases_connector_properties_servicenow_sir"},{"$ref":"#/components/schemas/Cases_connector_properties_swimlane"}],"title":"Case response properties for connectors"},"created_at":{"example":"2022-05-13T09:16:17.416Z","format":"date-time","type":"string"},"created_by":{"$ref":"#/components/schemas/Cases_case_response_created_by_properties"},"customFields":{"description":"Custom field values for the case.","items":{"type":"object","properties":{"key":{"description":"The unique identifier for the custom field. The key value must exist in the case configuration settings.\n","type":"string"},"type":{"description":"The custom field type. It must match the type specified in the case configuration settings.\n","enum":["text","toggle"],"type":"string"},"value":{"description":"The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.\n","oneOf":[{"maxLength":160,"minLength":1,"nullable":true,"type":"string"},{"type":"boolean"}]}}},"type":"array"},"description":{"example":"A case description.","type":"string"},"duration":{"description":"The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.\n","example":120,"nullable":true,"type":"integer"},"external_service":{"$ref":"#/components/schemas/Cases_external_service"},"id":{"example":"66b9aa00-94fa-11ea-9f74-e7e108796192","type":"string"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"settings":{"$ref":"#/components/schemas/Cases_settings"},"severity":{"$ref":"#/components/schemas/Cases_case_severity"},"status":{"$ref":"#/components/schemas/Cases_case_status"},"tags":{"example":["tag-1"],"items":{"type":"string"},"type":"array"},"title":{"example":"Case title 1","type":"string"},"totalAlerts":{"example":0,"type":"integer"},"totalComment":{"example":0,"type":"integer"},"updated_at":{"format":"date-time","nullable":true,"type":"string"},"updated_by":{"$ref":"#/components/schemas/Cases_case_response_updated_by_properties"},"version":{"example":"WzUzMiwxXQ==","type":"string"}},"required":["closed_at","closed_by","comments","connector","created_at","created_by","description","duration","external_service","id","owner","settings","severity","status","tags","title","totalAlerts","totalComment","updated_at","updated_by","version"]},"Cases_case_response_pushed_by_properties":{"nullable":true,"properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"],"title":"Case response properties for pushed_by","type":"object"},"Cases_case_response_updated_by_properties":{"nullable":true,"properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"],"title":"Case response properties for updated_by","type":"object"},"Cases_case_severity":{"default":"low","description":"The severity of the case.","enum":["critical","high","low","medium"],"type":"string"},"Cases_case_status":{"description":"The status of the case.","enum":["closed","in-progress","open"],"type":"string"},"Cases_case_tags":{"description":"The words and phrases that help categorize cases. It can be an empty array.\n","items":{"maxLength":256,"type":"string"},"maxItems":200,"type":"array"},"Cases_case_title":{"description":"A title for the case.","maxLength":160,"type":"string"},"Cases_closure_types":{"description":"Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).","enum":["close-by-pushing","close-by-user"],"example":"close-by-user","type":"string"},"Cases_connector_properties_cases_webhook":{"description":"Defines properties for connectors when type is `.cases-webhook`.","type":"object","properties":{"fields":{"example":null,"nullable":true,"type":"string"},"id":{"description":"The identifier for the connector. To retrieve connector IDs, use the find connectors API.","type":"string"},"name":{"description":"The name of the connector.","type":"string"},"type":{"description":"The type of connector.","enum":[".cases-webhook"],"example":".cases-webhook","type":"string"}},"required":["fields","id","name","type"],"title":"Create or upate case request properties for Cases Webhook connector"},"Cases_connector_properties_jira":{"description":"Defines properties for connectors when type is `.jira`.","type":"object","properties":{"fields":{"description":"An object containing the connector fields. If you want to omit any individual field, specify null as its value.","type":"object","properties":{"issueType":{"description":"The type of issue.","nullable":true,"type":"string"},"parent":{"description":"The key of the parent issue, when the issue type is sub-task.","nullable":true,"type":"string"},"priority":{"description":"The priority of the issue.","nullable":true,"type":"string"}},"required":["issueType","parent","priority"]},"id":{"description":"The identifier for the connector. To retrieve connector IDs, use the find connectors API.","type":"string"},"name":{"description":"The name of the connector.","type":"string"},"type":{"description":"The type of connector.","enum":[".jira"],"example":".jira","type":"string"}},"required":["fields","id","name","type"],"title":"Create or update case request properties for a Jira connector"},"Cases_connector_properties_none":{"description":"Defines properties for connectors when type is `.none`.","type":"object","properties":{"fields":{"description":"An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.","example":null,"nullable":true,"type":"string"},"id":{"description":"The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.","example":"none","type":"string"},"name":{"description":"The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.","example":"none","type":"string"},"type":{"description":"The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`.","enum":[".none"],"example":".none","type":"string"}},"required":["fields","id","name","type"],"title":"Create or update case request properties for no connector"},"Cases_connector_properties_resilient":{"description":"Defines properties for connectors when type is `.resilient`.","type":"object","properties":{"fields":{"description":"An object containing the connector fields. If you want to omit any individual field, specify null as its value.","nullable":true,"type":"object","properties":{"issueTypes":{"description":"The type of incident.","items":{"type":"string"},"type":"array"},"severityCode":{"description":"The severity code of the incident.","type":"string"}},"required":["issueTypes","severityCode"]},"id":{"description":"The identifier for the connector.","type":"string"},"name":{"description":"The name of the connector.","type":"string"},"type":{"description":"The type of connector.","enum":[".resilient"],"example":".resilient","type":"string"}},"required":["fields","id","name","type"],"title":"Create case request properties for a IBM Resilient connector"},"Cases_connector_properties_servicenow":{"description":"Defines properties for connectors when type is `.servicenow`.","type":"object","properties":{"fields":{"description":"An object containing the connector fields. If you want to omit any individual field, specify null as its value.","type":"object","properties":{"category":{"description":"The category of the incident.","nullable":true,"type":"string"},"impact":{"description":"The effect an incident had on business.","nullable":true,"type":"string"},"severity":{"description":"The severity of the incident.","nullable":true,"type":"string"},"subcategory":{"description":"The subcategory of the incident.","nullable":true,"type":"string"},"urgency":{"description":"The extent to which the incident resolution can be delayed.","nullable":true,"type":"string"}},"required":["category","impact","severity","subcategory","urgency"]},"id":{"description":"The identifier for the connector. To retrieve connector IDs, use the find connectors API.","type":"string"},"name":{"description":"The name of the connector.","type":"string"},"type":{"description":"The type of connector.","enum":[".servicenow"],"example":".servicenow","type":"string"}},"required":["fields","id","name","type"],"title":"Create case request properties for a ServiceNow ITSM connector"},"Cases_connector_properties_servicenow_sir":{"description":"Defines properties for connectors when type is `.servicenow-sir`.","type":"object","properties":{"fields":{"description":"An object containing the connector fields. If you want to omit any individual field, specify null as its value.","type":"object","properties":{"category":{"description":"The category of the incident.","nullable":true,"type":"string"},"destIp":{"description":"Indicates whether cases will send a comma-separated list of destination IPs.","nullable":true,"type":"boolean"},"malwareHash":{"description":"Indicates whether cases will send a comma-separated list of malware hashes.","nullable":true,"type":"boolean"},"malwareUrl":{"description":"Indicates whether cases will send a comma-separated list of malware URLs.","nullable":true,"type":"boolean"},"priority":{"description":"The priority of the issue.","nullable":true,"type":"string"},"sourceIp":{"description":"Indicates whether cases will send a comma-separated list of source IPs.","nullable":true,"type":"boolean"},"subcategory":{"description":"The subcategory of the incident.","nullable":true,"type":"string"}},"required":["category","destIp","malwareHash","malwareUrl","priority","sourceIp","subcategory"]},"id":{"description":"The identifier for the connector. To retrieve connector IDs, use the find connectors API.","type":"string"},"name":{"description":"The name of the connector.","type":"string"},"type":{"description":"The type of connector.","enum":[".servicenow-sir"],"example":".servicenow-sir","type":"string"}},"required":["fields","id","name","type"],"title":"Create case request properties for a ServiceNow SecOps connector"},"Cases_connector_properties_swimlane":{"description":"Defines properties for connectors when type is `.swimlane`.","type":"object","properties":{"fields":{"description":"An object containing the connector fields. If you want to omit any individual field, specify null as its value.","type":"object","properties":{"caseId":{"description":"The case identifier for Swimlane connectors.","nullable":true,"type":"string"}},"required":["caseId"]},"id":{"description":"The identifier for the connector. To retrieve connector IDs, use the find connectors API.","type":"string"},"name":{"description":"The name of the connector.","type":"string"},"type":{"description":"The type of connector.","enum":[".swimlane"],"example":".swimlane","type":"string"}},"required":["fields","id","name","type"],"title":"Create case request properties for a Swimlane connector"},"Cases_connector_types":{"description":"The type of connector.","enum":[".cases-webhook",".jira",".none",".resilient",".servicenow",".servicenow-sir",".swimlane"],"example":".none","type":"string"},"Cases_create_case_request":{"description":"The create case API request body varies depending on the type of connector.","properties":{"assignees":{"$ref":"#/components/schemas/Cases_assignees"},"category":{"$ref":"#/components/schemas/Cases_case_category"},"connector":{"oneOf":[{"$ref":"#/components/schemas/Cases_connector_properties_none"},{"$ref":"#/components/schemas/Cases_connector_properties_cases_webhook"},{"$ref":"#/components/schemas/Cases_connector_properties_jira"},{"$ref":"#/components/schemas/Cases_connector_properties_resilient"},{"$ref":"#/components/schemas/Cases_connector_properties_servicenow"},{"$ref":"#/components/schemas/Cases_connector_properties_servicenow_sir"},{"$ref":"#/components/schemas/Cases_connector_properties_swimlane"}]},"customFields":{"description":"Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.\n","items":{"type":"object","properties":{"key":{"description":"The unique identifier for the custom field. The key value must exist in the case configuration settings.\n","type":"string"},"type":{"description":"The custom field type. It must match the type specified in the case configuration settings.\n","enum":["text","toggle"],"type":"string"},"value":{"description":"The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.\n","oneOf":[{"maxLength":160,"minLength":1,"nullable":true,"type":"string"},{"type":"boolean"}]}},"required":["key","type","value"]},"maxItems":10,"minItems":0,"type":"array"},"description":{"$ref":"#/components/schemas/Cases_case_description"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"settings":{"$ref":"#/components/schemas/Cases_settings"},"severity":{"$ref":"#/components/schemas/Cases_case_severity"},"tags":{"$ref":"#/components/schemas/Cases_case_tags"},"title":{"$ref":"#/components/schemas/Cases_case_title"}},"required":["connector","description","owner","settings","tags","title"],"title":"Create case request","type":"object"},"Cases_external_service":{"nullable":true,"type":"object","properties":{"connector_id":{"type":"string"},"connector_name":{"type":"string"},"external_id":{"type":"string"},"external_title":{"type":"string"},"external_url":{"type":"string"},"pushed_at":{"format":"date-time","type":"string"},"pushed_by":{"nullable":true,"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}}}}},"Cases_owner":{"description":"The application that owns the cases: Stack Management, Observability, or Elastic Security.\n","enum":["cases","observability","securitySolution"],"example":"cases","type":"string"},"Cases_owners":{"items":{"$ref":"#/components/schemas/Cases_owner"},"type":"array"},"Cases_payload_alert_comment":{"type":"object","properties":{"comment":{"type":"object","properties":{"alertId":{"oneOf":[{"example":"1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d","type":"string"},{"items":{"type":"string"},"type":"array"}]},"index":{"oneOf":[{"example":".alerts-observability.logs.alerts-default","type":"string"},{"items":{"type":"string"},"type":"array"}]},"owner":{"$ref":"#/components/schemas/Cases_owner"},"rule":{"type":"object","properties":{"id":{"description":"The rule identifier.","example":"94d80550-aaf4-11ec-985f-97e55adae8b9","type":"string"},"name":{"description":"The rule name.","example":"security_rule","type":"string"}}},"type":{"enum":["alert"],"type":"string"}}}}},"Cases_payload_assignees":{"type":"object","properties":{"assignees":{"$ref":"#/components/schemas/Cases_assignees"}}},"Cases_payload_connector":{"type":"object","properties":{"connector":{"type":"object","properties":{"fields":{"description":"An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.","example":null,"nullable":true,"type":"object","properties":{"caseId":{"description":"The case identifier for Swimlane connectors.","type":"string"},"category":{"description":"The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.","type":"string"},"destIp":{"description":"Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.","nullable":true,"type":"boolean"},"impact":{"description":"The effect an incident had on business for ServiceNow ITSM connectors.","type":"string"},"issueType":{"description":"The type of issue for Jira connectors.","type":"string"},"issueTypes":{"description":"The type of incident for IBM Resilient connectors.","items":{"type":"string"},"type":"array"},"malwareHash":{"description":"Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.","nullable":true,"type":"boolean"},"malwareUrl":{"description":"Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.","nullable":true,"type":"boolean"},"parent":{"description":"The key of the parent issue, when the issue type is sub-task for Jira connectors.","type":"string"},"priority":{"description":"The priority of the issue for Jira and ServiceNow SecOps connectors.","type":"string"},"severity":{"description":"The severity of the incident for ServiceNow ITSM connectors.","type":"string"},"severityCode":{"description":"The severity code of the incident for IBM Resilient connectors.","type":"string"},"sourceIp":{"description":"Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.","nullable":true,"type":"boolean"},"subcategory":{"description":"The subcategory of the incident for ServiceNow ITSM connectors.","type":"string"},"urgency":{"description":"The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.","type":"string"}}},"id":{"description":"The identifier for the connector. To create a case without a connector, use `none`.","example":"none","type":"string"},"name":{"description":"The name of the connector. To create a case without a connector, use `none`.","example":"none","type":"string"},"type":{"$ref":"#/components/schemas/Cases_connector_types"}}}}},"Cases_payload_create_case":{"type":"object","properties":{"assignees":{"$ref":"#/components/schemas/Cases_assignees"},"connector":{"type":"object","properties":{"fields":{"description":"An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.","example":null,"nullable":true,"type":"object","properties":{"caseId":{"description":"The case identifier for Swimlane connectors.","type":"string"},"category":{"description":"The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.","type":"string"},"destIp":{"description":"Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.","nullable":true,"type":"boolean"},"impact":{"description":"The effect an incident had on business for ServiceNow ITSM connectors.","type":"string"},"issueType":{"description":"The type of issue for Jira connectors.","type":"string"},"issueTypes":{"description":"The type of incident for IBM Resilient connectors.","items":{"type":"string"},"type":"array"},"malwareHash":{"description":"Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.","nullable":true,"type":"boolean"},"malwareUrl":{"description":"Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.","nullable":true,"type":"boolean"},"parent":{"description":"The key of the parent issue, when the issue type is sub-task for Jira connectors.","type":"string"},"priority":{"description":"The priority of the issue for Jira and ServiceNow SecOps connectors.","type":"string"},"severity":{"description":"The severity of the incident for ServiceNow ITSM connectors.","type":"string"},"severityCode":{"description":"The severity code of the incident for IBM Resilient connectors.","type":"string"},"sourceIp":{"description":"Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.","nullable":true,"type":"boolean"},"subcategory":{"description":"The subcategory of the incident for ServiceNow ITSM connectors.","type":"string"},"urgency":{"description":"The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.","type":"string"}}},"id":{"description":"The identifier for the connector. To create a case without a connector, use `none`.","example":"none","type":"string"},"name":{"description":"The name of the connector. To create a case without a connector, use `none`.","example":"none","type":"string"},"type":{"$ref":"#/components/schemas/Cases_connector_types"}}},"description":{"type":"string"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"settings":{"$ref":"#/components/schemas/Cases_settings"},"severity":{"$ref":"#/components/schemas/Cases_case_severity"},"status":{"$ref":"#/components/schemas/Cases_case_status"},"tags":{"items":{"example":["tag-1"],"type":"string"},"type":"array"},"title":{"type":"string"}}},"Cases_payload_delete":{"description":"If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable.","nullable":true,"type":"object"},"Cases_payload_description":{"type":"object","properties":{"description":{"type":"string"}}},"Cases_payload_pushed":{"type":"object","properties":{"externalService":{"$ref":"#/components/schemas/Cases_external_service"}}},"Cases_payload_settings":{"type":"object","properties":{"settings":{"$ref":"#/components/schemas/Cases_settings"}}},"Cases_payload_severity":{"type":"object","properties":{"severity":{"$ref":"#/components/schemas/Cases_case_severity"}}},"Cases_payload_status":{"type":"object","properties":{"status":{"$ref":"#/components/schemas/Cases_case_status"}}},"Cases_payload_tags":{"type":"object","properties":{"tags":{"example":["tag-1"],"items":{"type":"string"},"type":"array"}}},"Cases_payload_title":{"type":"object","properties":{"title":{"type":"string"}}},"Cases_payload_user_comment":{"type":"object","properties":{"comment":{"type":"object","properties":{"comment":{"type":"string"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"type":{"enum":["user"],"type":"string"}}}}},"Cases_rule":{"description":"The rule that is associated with the alerts. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.\n","title":"Alerting rule","type":"object","properties":{"id":{"description":"The rule identifier.","example":"94d80550-aaf4-11ec-985f-97e55adae8b9","type":"string"},"name":{"description":"The rule name.","example":"security_rule","type":"string"}},"x-state":"Technical preview"},"Cases_searchFieldsType":{"description":"The fields to perform the `simple_query_string` parsed query against.","enum":["description","title"],"type":"string"},"Cases_searchFieldsTypeArray":{"items":{"$ref":"#/components/schemas/Cases_searchFieldsType"},"type":"array"},"Cases_set_case_configuration_request":{"description":"External connection details, such as the closure type and default connector for cases.","properties":{"closure_type":{"$ref":"#/components/schemas/Cases_closure_types"},"connector":{"description":"An object that contains the connector configuration.","type":"object","properties":{"fields":{"description":"The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.","nullable":true,"type":"object"},"id":{"description":"The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.","example":"none","type":"string"},"name":{"description":"The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.","example":"none","type":"string"},"type":{"$ref":"#/components/schemas/Cases_connector_types"}},"required":["fields","id","name","type"]},"customFields":{"description":"Custom fields case configuration.","items":{"type":"object","properties":{"defaultValue":{"description":"A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n","oneOf":[{"type":"string"},{"type":"boolean"}]},"key":{"description":"A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.\n","maxLength":36,"minLength":1,"type":"string"},"label":{"description":"The custom field label that is displayed in the case.","maxLength":50,"minLength":1,"type":"string"},"type":{"description":"The type of the custom field.","enum":["text","toggle"],"type":"string"},"required":{"description":"Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.\n","type":"boolean"}},"required":["key","label","required","type"]},"maxItems":10,"minItems":0,"type":"array"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"templates":{"$ref":"#/components/schemas/Cases_templates"}},"required":["closure_type","connector","owner"],"title":"Set case configuration request","type":"object"},"Cases_settings":{"description":"An object that contains the case settings.","type":"object","properties":{"syncAlerts":{"description":"Turns alert syncing on or off.","example":true,"type":"boolean"}},"required":["syncAlerts"]},"Cases_string":{"type":"string"},"Cases_string_array":{"items":{"$ref":"#/components/schemas/Cases_string"},"maxItems":100,"type":"array"},"Cases_template_tags":{"description":"The words and phrases that help categorize templates. It can be an empty array.\n","items":{"maxLength":256,"type":"string"},"maxItems":200,"type":"array"},"Cases_templates":{"items":{"type":"object","properties":{"caseFields":{"type":"object","properties":{"assignees":{"$ref":"#/components/schemas/Cases_assignees"},"category":{"$ref":"#/components/schemas/Cases_case_category"},"connector":{"type":"object","properties":{"fields":{"description":"The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.","nullable":true,"type":"object"},"id":{"description":"The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.","example":"none","type":"string"},"name":{"description":"The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.","example":"none","type":"string"},"type":{"$ref":"#/components/schemas/Cases_connector_types"}}},"customFields":{"description":"Custom field values in the template.","items":{"type":"object","properties":{"key":{"description":"The unique key for the custom field.","type":"string"},"type":{"description":"The type of the custom field.","enum":["text","toggle"],"type":"string"},"value":{"description":"The default value for the custom field when a case uses the template. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n","oneOf":[{"type":"string"},{"type":"boolean"}]}}},"type":"array","x-state":"Technical preview"},"description":{"$ref":"#/components/schemas/Cases_case_description"},"settings":{"$ref":"#/components/schemas/Cases_settings"},"severity":{"$ref":"#/components/schemas/Cases_case_severity"},"tags":{"$ref":"#/components/schemas/Cases_case_tags"},"title":{"$ref":"#/components/schemas/Cases_case_title"}}},"description":{"description":"A description for the template.","type":"string"},"key":{"description":"A unique key for the template. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific template.\n","type":"string"},"name":{"description":"The name of the template.","type":"string"},"tags":{"$ref":"#/components/schemas/Cases_template_tags"}}},"type":"array","x-state":"Technical preview"},"Cases_update_alert_comment_request_properties":{"description":"Defines properties for case comment requests when type is alert.","type":"object","properties":{"alertId":{"$ref":"#/components/schemas/Cases_alert_identifiers"},"id":{"description":"The identifier for the comment. To retrieve comment IDs, use the get comments API.\n","example":"8af6ac20-74f6-11ea-b83a-553aecdb28b6","type":"string"},"index":{"$ref":"#/components/schemas/Cases_alert_indices"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"rule":{"$ref":"#/components/schemas/Cases_rule"},"type":{"description":"The type of comment.","enum":["alert"],"example":"alert","type":"string"},"version":{"description":"The current comment version. To retrieve version values, use the get comments API.\n","example":"Wzk1LDFd","type":"string"}},"required":["alertId","id","index","owner","rule","type","version"],"title":"Update case comment request properties for alerts"},"Cases_update_case_comment_request":{"description":"The update case comment API request body varies depending on whether you are updating an alert or a comment.","discriminator":{"mapping":{"alert":"#/components/schemas/Cases_update_alert_comment_request_properties","user":"#/components/schemas/Cases_update_user_comment_request_properties"},"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/Cases_update_alert_comment_request_properties"},{"$ref":"#/components/schemas/Cases_update_user_comment_request_properties"}],"title":"Update case comment request"},"Cases_update_case_configuration_request":{"description":"You can update settings such as the closure type, custom fields, templates, and the default connector for cases.\n","properties":{"closure_type":{"$ref":"#/components/schemas/Cases_closure_types"},"connector":{"description":"An object that contains the connector configuration.","type":"object","properties":{"fields":{"description":"The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.","nullable":true,"type":"object"},"id":{"description":"The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.","example":"none","type":"string"},"name":{"description":"The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.","example":"none","type":"string"},"type":{"$ref":"#/components/schemas/Cases_connector_types"}},"required":["fields","id","name","type"]},"customFields":{"description":"Custom fields case configuration.","items":{"type":"object","properties":{"defaultValue":{"description":"A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.\n","oneOf":[{"type":"string"},{"type":"boolean"}]},"key":{"description":"A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.\n","maxLength":36,"minLength":1,"type":"string"},"label":{"description":"The custom field label that is displayed in the case.","maxLength":50,"minLength":1,"type":"string"},"type":{"description":"The type of the custom field.","enum":["text","toggle"],"type":"string"},"required":{"description":"Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.\n","type":"boolean"}},"required":["key","label","required","type"]},"type":"array"},"templates":{"$ref":"#/components/schemas/Cases_templates"},"version":{"description":"The version of the connector. To retrieve the version value, use the get configuration API.\n","example":"WzIwMiwxXQ==","type":"string"}},"required":["version"],"title":"Update case configuration request","type":"object"},"Cases_update_case_request":{"description":"The update case API request body varies depending on the type of connector.","properties":{"cases":{"description":"An array containing one or more case objects.","items":{"type":"object","properties":{"assignees":{"$ref":"#/components/schemas/Cases_assignees"},"category":{"$ref":"#/components/schemas/Cases_case_category"},"connector":{"oneOf":[{"$ref":"#/components/schemas/Cases_connector_properties_none"},{"$ref":"#/components/schemas/Cases_connector_properties_cases_webhook"},{"$ref":"#/components/schemas/Cases_connector_properties_jira"},{"$ref":"#/components/schemas/Cases_connector_properties_resilient"},{"$ref":"#/components/schemas/Cases_connector_properties_servicenow"},{"$ref":"#/components/schemas/Cases_connector_properties_servicenow_sir"},{"$ref":"#/components/schemas/Cases_connector_properties_swimlane"}]},"customFields":{"description":"Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.\n","items":{"type":"object","properties":{"key":{"description":"The unique identifier for the custom field. The key value must exist in the case configuration settings.\n","type":"string"},"type":{"description":"The custom field type. It must match the type specified in the case configuration settings.\n","enum":["text","toggle"],"type":"string"},"value":{"description":"The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.\n","oneOf":[{"maxLength":160,"minLength":1,"nullable":true,"type":"string"},{"type":"boolean"}]}},"required":["key","type","value"]},"maxItems":10,"minItems":0,"type":"array"},"description":{"$ref":"#/components/schemas/Cases_case_description"},"id":{"description":"The identifier for the case.","maxLength":30000,"type":"string"},"settings":{"$ref":"#/components/schemas/Cases_settings"},"severity":{"$ref":"#/components/schemas/Cases_case_severity"},"status":{"$ref":"#/components/schemas/Cases_case_status"},"tags":{"$ref":"#/components/schemas/Cases_case_tags"},"title":{"$ref":"#/components/schemas/Cases_case_title"},"version":{"description":"The current version of the case. To determine this value, use the get case or find cases APIs.","type":"string"}},"required":["id","version"]},"maxItems":100,"minItems":1,"type":"array"}},"required":["cases"],"title":"Update case request","type":"object"},"Cases_update_user_comment_request_properties":{"description":"Defines properties for case comment requests when type is user.","properties":{"comment":{"description":"The new comment. It is required only when `type` is `user`.","example":"A new comment.","maxLength":30000,"type":"string"},"id":{"description":"The identifier for the comment. To retrieve comment IDs, use the get comments API.\n","example":"8af6ac20-74f6-11ea-b83a-553aecdb28b6","type":"string"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"type":{"description":"The type of comment.","enum":["user"],"example":"user","type":"string"},"version":{"description":"The current comment version. To retrieve version values, use the get comments API.\n","example":"Wzk1LDFd","type":"string"}},"required":["comment","id","owner","type","version"],"title":"Update case comment request properties for user comments","type":"object"},"Cases_user_actions_find_response_properties":{"type":"object","properties":{"action":{"$ref":"#/components/schemas/Cases_actions"},"comment_id":{"example":"578608d0-03b1-11ed-920c-974bfa104448","nullable":true,"type":"string"},"created_at":{"example":"2022-05-13T09:16:17.416Z","format":"date-time","type":"string"},"created_by":{"type":"object","properties":{"email":{"example":null,"nullable":true,"type":"string"},"full_name":{"example":null,"nullable":true,"type":"string"},"profile_uid":{"example":"u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0","type":"string"},"username":{"example":"elastic","nullable":true,"type":"string"}},"required":["email","full_name","username"]},"id":{"example":"22fd3e30-03b1-11ed-920c-974bfa104448","type":"string"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"payload":{"oneOf":[{"$ref":"#/components/schemas/Cases_payload_alert_comment"},{"$ref":"#/components/schemas/Cases_payload_assignees"},{"$ref":"#/components/schemas/Cases_payload_connector"},{"$ref":"#/components/schemas/Cases_payload_create_case"},{"$ref":"#/components/schemas/Cases_payload_delete"},{"$ref":"#/components/schemas/Cases_payload_description"},{"$ref":"#/components/schemas/Cases_payload_pushed"},{"$ref":"#/components/schemas/Cases_payload_settings"},{"$ref":"#/components/schemas/Cases_payload_severity"},{"$ref":"#/components/schemas/Cases_payload_status"},{"$ref":"#/components/schemas/Cases_payload_tags"},{"$ref":"#/components/schemas/Cases_payload_title"},{"$ref":"#/components/schemas/Cases_payload_user_comment"}]},"type":{"description":"The type of action.","enum":["assignees","create_case","comment","connector","description","pushed","tags","title","status","settings","severity"],"example":"create_case","type":"string"},"version":{"example":"WzM1ODg4LDFd","type":"string"}},"required":["action","comment_id","created_at","created_by","id","owner","payload","type","version"]},"Cases_user_comment_response_properties":{"title":"Case response properties for user comments","type":"object","properties":{"comment":{"example":"A new comment.","type":"string"},"created_at":{"example":"2022-05-13T09:16:17.416Z","format":"date-time","type":"string"},"created_by":{"$ref":"#/components/schemas/Cases_case_response_created_by_properties"},"id":{"example":"8af6ac20-74f6-11ea-b83a-553aecdb28b6","type":"string"},"owner":{"$ref":"#/components/schemas/Cases_owner"},"pushed_at":{"example":null,"format":"date-time","nullable":true,"type":"string"},"pushed_by":{"$ref":"#/components/schemas/Cases_case_response_pushed_by_properties"},"type":{"enum":["user"],"example":"user","type":"string"},"updated_at":{"example":null,"format":"date-time","nullable":true,"type":"string"},"updated_by":{"$ref":"#/components/schemas/Cases_case_response_updated_by_properties"},"version":{"example":"WzIwNDMxLDFd","type":"string"}},"required":["type"]},"Data_views_400_response":{"title":"Bad request","type":"object","properties":{"error":{"example":"Bad Request","type":"string"},"message":{"type":"string"},"statusCode":{"example":400,"type":"number"}},"required":["statusCode","error","message"]},"Data_views_404_response":{"type":"object","properties":{"error":{"enum":["Not Found"],"example":"Not Found","type":"string"},"message":{"example":"Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found","type":"string"},"statusCode":{"enum":[404],"example":404,"type":"integer"}}},"Data_views_allownoindex":{"description":"Allows the data view saved object to exist before the data is available.","type":"boolean"},"Data_views_create_data_view_request_object":{"title":"Create data view request","type":"object","properties":{"data_view":{"description":"The data view object.","type":"object","properties":{"allowNoIndex":{"$ref":"#/components/schemas/Data_views_allownoindex"},"fieldAttrs":{"additionalProperties":{"$ref":"#/components/schemas/Data_views_fieldattrs"},"type":"object"},"fieldFormats":{"$ref":"#/components/schemas/Data_views_fieldformats"},"fields":{"type":"object"},"id":{"type":"string"},"name":{"description":"The data view name.","type":"string"},"namespaces":{"$ref":"#/components/schemas/Data_views_namespaces"},"runtimeFieldMap":{"additionalProperties":{"$ref":"#/components/schemas/Data_views_runtimefieldmap"},"type":"object"},"sourceFilters":{"$ref":"#/components/schemas/Data_views_sourcefilters"},"timeFieldName":{"$ref":"#/components/schemas/Data_views_timefieldname"},"title":{"$ref":"#/components/schemas/Data_views_title"},"type":{"$ref":"#/components/schemas/Data_views_type"},"typeMeta":{"$ref":"#/components/schemas/Data_views_typemeta"},"version":{"type":"string"}},"required":["title"]},"override":{"default":false,"description":"Override an existing data view if a data view with the provided title already exists.","type":"boolean"}},"required":["data_view"]},"Data_views_data_view_response_object":{"title":"Data view response properties","type":"object","properties":{"data_view":{"type":"object","properties":{"allowNoIndex":{"$ref":"#/components/schemas/Data_views_allownoindex"},"fieldAttrs":{"additionalProperties":{"$ref":"#/components/schemas/Data_views_fieldattrs"},"type":"object"},"fieldFormats":{"$ref":"#/components/schemas/Data_views_fieldformats"},"fields":{"type":"object"},"id":{"example":"ff959d40-b880-11e8-a6d9-e546fe2bba5f","type":"string"},"name":{"description":"The data view name.","type":"string"},"namespaces":{"$ref":"#/components/schemas/Data_views_namespaces"},"runtimeFieldMap":{"additionalProperties":{"$ref":"#/components/schemas/Data_views_runtimefieldmap"},"type":"object"},"sourceFilters":{"$ref":"#/components/schemas/Data_views_sourcefilters"},"timeFieldName":{"$ref":"#/components/schemas/Data_views_timefieldname"},"title":{"$ref":"#/components/schemas/Data_views_title"},"typeMeta":{"$ref":"#/components/schemas/Data_views_typemeta_response"},"version":{"example":"WzQ2LDJd","type":"string"}}}}},"Data_views_fieldattrs":{"description":"A map of field attributes by field name.","type":"object","properties":{"count":{"description":"Popularity count for the field.","type":"integer"},"customDescription":{"description":"Custom description for the field.","maxLength":300,"type":"string"},"customLabel":{"description":"Custom label for the field.","type":"string"}}},"Data_views_fieldformats":{"description":"A map of field formats by field name.","type":"object"},"Data_views_namespaces":{"description":"An array of space identifiers for sharing the data view between multiple spaces.","items":{"default":"default","type":"string"},"type":"array"},"Data_views_runtimefieldmap":{"description":"A map of runtime field definitions by field name.","type":"object","properties":{"script":{"type":"object","properties":{"source":{"description":"Script for the runtime field.","type":"string"}}},"type":{"description":"Mapping type of the runtime field.","type":"string"}},"required":["script","type"]},"Data_views_sourcefilters":{"description":"The array of field names you want to filter out in Discover.","items":{"type":"object","properties":{"value":{"type":"string"}},"required":["value"]},"type":"array"},"Data_views_swap_data_view_request_object":{"title":"Data view reference swap request","type":"object","properties":{"delete":{"description":"Deletes referenced saved object if all references are removed.","type":"boolean"},"forId":{"description":"Limit the affected saved objects to one or more by identifier.","oneOf":[{"type":"string"},{"items":{"type":"string"},"type":"array"}]},"forType":{"description":"Limit the affected saved objects by type.","type":"string"},"fromId":{"description":"The saved object reference to change.","type":"string"},"fromType":{"description":"Specify the type of the saved object reference to alter. The default value is `index-pattern` for data views.\n","type":"string"},"toId":{"description":"New saved object reference value to replace the old value.","type":"string"}},"required":["fromId","toId"]},"Data_views_timefieldname":{"description":"The timestamp field name, which you use for time-based data views.","type":"string"},"Data_views_title":{"description":"Comma-separated list of data streams, indices, and aliases that you want to search. Supports wildcards (`*`).","type":"string"},"Data_views_type":{"description":"When set to `rollup`, identifies the rollup data views.","type":"string"},"Data_views_typemeta":{"description":"When you use rollup indices, contains the field list for the rollup data view API endpoints.","type":"object","properties":{"aggs":{"description":"A map of rollup restrictions by aggregation type and field name.","type":"object"},"params":{"description":"Properties for retrieving rollup fields.","type":"object"}},"required":["aggs","params"]},"Data_views_typemeta_response":{"description":"When you use rollup indices, contains the field list for the rollup data view API endpoints.","nullable":true,"type":"object","properties":{"aggs":{"description":"A map of rollup restrictions by aggregation type and field name.","type":"object"},"params":{"description":"Properties for retrieving rollup fields.","type":"object"}}},"Data_views_update_data_view_request_object":{"title":"Update data view request","type":"object","properties":{"data_view":{"description":"The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted.\n","type":"object","properties":{"allowNoIndex":{"$ref":"#/components/schemas/Data_views_allownoindex"},"fieldFormats":{"$ref":"#/components/schemas/Data_views_fieldformats"},"fields":{"type":"object"},"name":{"type":"string"},"runtimeFieldMap":{"additionalProperties":{"$ref":"#/components/schemas/Data_views_runtimefieldmap"},"type":"object"},"sourceFilters":{"$ref":"#/components/schemas/Data_views_sourcefilters"},"timeFieldName":{"$ref":"#/components/schemas/Data_views_timefieldname"},"title":{"$ref":"#/components/schemas/Data_views_title"},"type":{"$ref":"#/components/schemas/Data_views_type"},"typeMeta":{"$ref":"#/components/schemas/Data_views_typemeta"}}},"refresh_fields":{"default":false,"description":"Reloads the data view fields after the data view is updated.","type":"boolean"}},"required":["data_view"]},"Kibana_HTTP_APIs_core_status_redactedResponse":{"additionalProperties":false,"description":"A minimal representation of Kibana's operational status.","type":"object","properties":{"status":{"additionalProperties":false,"type":"object","properties":{"overall":{"additionalProperties":false,"type":"object","properties":{"level":{"description":"Service status levels as human and machine readable values.","enum":["available","degraded","unavailable","critical"],"type":"string"}},"required":["level"]}},"required":["overall"]}},"required":["status"]},"Kibana_HTTP_APIs_core_status_response":{"additionalProperties":false,"description":"Kibana's operational status as well as a detailed breakdown of plugin statuses indication of various loads (like event loop utilization and network traffic) at time of request.","type":"object","properties":{"metrics":{"additionalProperties":false,"description":"Metric groups collected by Kibana.","type":"object","properties":{"collection_interval_in_millis":{"description":"The interval at which metrics should be collected.","type":"number"},"elasticsearch_client":{"additionalProperties":false,"description":"Current network metrics of Kibana's Elasticsearch client.","type":"object","properties":{"totalActiveSockets":{"description":"Count of network sockets currently in use.","type":"number"},"totalIdleSockets":{"description":"Count of network sockets currently idle.","type":"number"},"totalQueuedRequests":{"description":"Count of requests not yet assigned to sockets.","type":"number"}},"required":["totalActiveSockets","totalIdleSockets","totalQueuedRequests"]},"last_updated":{"description":"The time metrics were collected.","type":"string"}},"required":["elasticsearch_client","last_updated","collection_interval_in_millis"]},"name":{"description":"Kibana instance name.","type":"string"},"status":{"additionalProperties":false,"type":"object","properties":{"core":{"additionalProperties":false,"description":"Statuses of core Kibana services.","type":"object","properties":{"elasticsearch":{"additionalProperties":false,"type":"object","properties":{"detail":{"description":"Human readable detail of the service status.","type":"string"},"documentationUrl":{"description":"A URL to further documentation regarding this service.","type":"string"},"level":{"description":"Service status levels as human and machine readable values.","enum":["available","degraded","unavailable","critical"],"type":"string"},"meta":{"additionalProperties":{},"description":"An unstructured set of extra metadata about this service.","type":"object"},"summary":{"description":"A human readable summary of the service status.","type":"string"}},"required":["level","summary","meta"]},"savedObjects":{"additionalProperties":false,"type":"object","properties":{"detail":{"description":"Human readable detail of the service status.","type":"string"},"documentationUrl":{"description":"A URL to further documentation regarding this service.","type":"string"},"level":{"description":"Service status levels as human and machine readable values.","enum":["available","degraded","unavailable","critical"],"type":"string"},"meta":{"additionalProperties":{},"description":"An unstructured set of extra metadata about this service.","type":"object"},"summary":{"description":"A human readable summary of the service status.","type":"string"}},"required":["level","summary","meta"]}},"required":["elasticsearch","savedObjects"]},"overall":{"additionalProperties":false,"type":"object","properties":{"detail":{"description":"Human readable detail of the service status.","type":"string"},"documentationUrl":{"description":"A URL to further documentation regarding this service.","type":"string"},"level":{"description":"Service status levels as human and machine readable values.","enum":["available","degraded","unavailable","critical"],"type":"string"},"meta":{"additionalProperties":{},"description":"An unstructured set of extra metadata about this service.","type":"object"},"summary":{"description":"A human readable summary of the service status.","type":"string"}},"required":["level","summary","meta"]},"plugins":{"additionalProperties":{"additionalProperties":false,"type":"object","properties":{"detail":{"description":"Human readable detail of the service status.","type":"string"},"documentationUrl":{"description":"A URL to further documentation regarding this service.","type":"string"},"level":{"description":"Service status levels as human and machine readable values.","enum":["available","degraded","unavailable","critical"],"type":"string"},"meta":{"additionalProperties":{},"description":"An unstructured set of extra metadata about this service.","type":"object"},"summary":{"description":"A human readable summary of the service status.","type":"string"}},"required":["level","summary","meta"]},"description":"A dynamic mapping of plugin ID to plugin status.","type":"object"}},"required":["overall","core","plugins"]},"uuid":{"description":"Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts.","type":"string"},"version":{"additionalProperties":false,"type":"object","properties":{"build_date":{"description":"The date and time of this build.","type":"string"},"build_flavor":{"description":"The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the \"traditional\" flavour, while other flavours are reserved for Elastic-specific use cases.","enum":["serverless","traditional"],"type":"string"},"build_hash":{"description":"A unique hash value representing the git commit of this Kibana build.","type":"string"},"build_number":{"description":"A monotonically increasing number, each subsequent build will have a higher number.","type":"number"},"build_snapshot":{"description":"Whether this build is a snapshot build.","type":"boolean"},"number":{"description":"A semantic version number.","type":"string"}},"required":["number","build_hash","build_number","build_snapshot","build_flavor","build_date"]}},"required":["name","uuid","version","status","metrics"]},"Machine_learning_APIs_mlSync200Response":{"properties":{"datafeedsAdded":{"additionalProperties":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds"},"description":"If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API.","type":"object"},"datafeedsRemoved":{"additionalProperties":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds"},"description":"If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API.","type":"object"},"savedObjectsCreated":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated"},"savedObjectsDeleted":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted"}},"title":"Successful sync API response","type":"object"},"Machine_learning_APIs_mlSync4xxResponse":{"properties":{"error":{"example":"Unauthorized","type":"string"},"message":{"type":"string"},"statusCode":{"example":401,"type":"integer"}},"title":"Unsuccessful sync API response","type":"object"},"Machine_learning_APIs_mlSyncResponseAnomalyDetectors":{"description":"The sync machine learning saved objects API response contains this object when there are anomaly detection jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.","properties":{"success":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess"}},"title":"Sync API response for anomaly detection jobs","type":"object"},"Machine_learning_APIs_mlSyncResponseDatafeeds":{"description":"The sync machine learning saved objects API response contains this object when there are datafeeds affected by the synchronization. There is an object for each relevant datafeed, which contains the synchronization status.","properties":{"success":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess"}},"title":"Sync API response for datafeeds","type":"object"},"Machine_learning_APIs_mlSyncResponseDataFrameAnalytics":{"description":"The sync machine learning saved objects API response contains this object when there are data frame analytics jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.","properties":{"success":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess"}},"title":"Sync API response for data frame analytics jobs","type":"object"},"Machine_learning_APIs_mlSyncResponseSavedObjectsCreated":{"description":"If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API.","properties":{"anomaly-detector":{"additionalProperties":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors"},"description":"If saved objects are missing for anomaly detection jobs, they are created.","type":"object"},"data-frame-analytics":{"additionalProperties":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics"},"description":"If saved objects are missing for data frame analytics jobs, they are created.","type":"object"},"trained-model":{"additionalProperties":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels"},"description":"If saved objects are missing for trained models, they are created.","type":"object"}},"title":"Sync API response for created saved objects","type":"object"},"Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted":{"description":"If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API.","properties":{"anomaly-detector":{"additionalProperties":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors"},"description":"If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted.","type":"object"},"data-frame-analytics":{"additionalProperties":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics"},"description":"If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted.","type":"object"},"trained-model":{"additionalProperties":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels"},"description":"If there are saved objects exist for nonexistent trained models, they are deleted.","type":"object"}},"title":"Sync API response for deleted saved objects","type":"object"},"Machine_learning_APIs_mlSyncResponseSuccess":{"description":"The success or failure of the synchronization.","type":"boolean"},"Machine_learning_APIs_mlSyncResponseTrainedModels":{"description":"The sync machine learning saved objects API response contains this object when there are trained models affected by the synchronization. There is an object for each relevant trained model, which contains the synchronization status.","properties":{"success":{"$ref":"#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess"}},"title":"Sync API response for trained models","type":"object"},"Saved_objects_400_response":{"title":"Bad request","type":"object","properties":{"error":{"enum":["Bad Request"],"type":"string"},"message":{"type":"string"},"statusCode":{"enum":[400],"type":"integer"}},"required":["error","message","statusCode"]},"Saved_objects_attributes":{"description":"The data that you want to create. WARNING: When you create saved objects, attributes are not validated, which allows you to pass arbitrary and ill-formed data into the API that can break Kibana. Make sure any data that you send to the API is properly formed.\n","type":"object"},"Saved_objects_initial_namespaces":{"description":"Identifiers for the spaces in which this object is created. If this is provided, the object is created only in the explicitly defined spaces. If this is not provided, the object is created in the current space (default behavior). For shareable object types (registered with `namespaceType: 'multiple'`), this option can be used to specify one or more spaces, including the \"All spaces\" identifier ('*'). For isolated object types (registered with `namespaceType: 'single'` or `namespaceType: 'multiple-isolated'`), this option can only be used to specify a single space, and the \"All spaces\" identifier ('*') is not allowed. For global object types (`registered with `namespaceType: agnostic`), this option cannot be used.\n","type":"array"},"Saved_objects_references":{"description":"Objects with `name`, `id`, and `type` properties that describe the other saved objects that this object references. Use `name` in attributes to refer to the other saved object, but never the `id`, which can update automatically during migrations or import and export.\n","type":"array"},"Security_AI_Assistant_API_AnonymizationFieldCreateProps":{"type":"object","properties":{"allowed":{"description":"Whether this field is allowed to be sent to the model.","example":true,"type":"boolean"},"anonymized":{"description":"Whether this field should be anonymized.","example":false,"type":"boolean"},"field":{"description":"Name of the anonymization field to create.","example":"host.name","type":"string"}},"required":["field"]},"Security_AI_Assistant_API_AnonymizationFieldDetailsInError":{"type":"object","properties":{"id":{"description":"The ID of the anonymization field.","example":"field12","type":"string"},"name":{"description":"Name of the anonymization field.","example":"host.name","type":"string"}},"required":["id"]},"Security_AI_Assistant_API_AnonymizationFieldResponse":{"type":"object","properties":{"allowed":{"description":"Whether this field is allowed to be sent to the model.","example":true,"type":"boolean"},"anonymized":{"description":"Whether this field should be anonymized.","example":false,"type":"boolean"},"createdAt":{"description":"Timestamp of when the anonymization field was created.","example":"2023-10-31T12:00:00Z","type":"string"},"createdBy":{"description":"Username of the person who created the anonymization field.","example":"user1","type":"string"},"field":{"description":"Name of the anonymization field.","example":"url.domain","type":"string"},"id":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString","description":"The ID of the anonymization field."},"namespace":{"description":"Kibana space in which this anonymization field exists.","example":"default","type":"string"},"timestamp":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyTimestamp","description":"Timestamp when the anonymization field was initially created."},"updatedAt":{"description":"Timestamp of the last update.","example":"2023-10-31T12:00:00Z","type":"string"},"updatedBy":{"description":"Username of the person who last updated the field.","example":"user1","type":"string"}},"required":["id","field"]},"Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason":{"description":"Reason why the anonymization field was not modified.","enum":["ANONYMIZATION_FIELD_NOT_MODIFIED"],"type":"string"},"Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult":{"type":"object","properties":{"id":{"description":"The ID of the anonymization field that was not modified.","example":"field4","type":"string"},"name":{"description":"Name of the anonymization field that was not modified.","example":"user.name","type":"string"},"skip_reason":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason","description":"Reason why the anonymization field was not modified."}},"required":["id","skip_reason"]},"Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse":{"type":"object","properties":{"anonymization_fields_count":{"description":"Total number of anonymization fields processed.","example":5,"type":"integer"},"attributes":{"type":"object","properties":{"errors":{"description":"List of errors that occurred during the bulk operation.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError"},"type":"array"},"results":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults"},"summary":{"$ref":"#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary"}},"required":["results","summary"]},"message":{"description":"Message providing information about the bulk action result.","example":"Bulk action completed successfully","type":"string"},"status_code":{"description":"HTTP status code returned.","example":200,"type":"integer"},"success":{"description":"Indicates if the bulk action was successful.","example":true,"type":"boolean"}},"required":["attributes"]},"Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults":{"type":"object","properties":{"created":{"description":"List of anonymization fields successfully created.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse"},"type":"array"},"deleted":{"items":{"description":"Array of IDs of anonymization fields that were deleted.","example":"field3","type":"string"},"type":"array"},"skipped":{"description":"List of anonymization fields that were skipped during the operation.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult"},"type":"array"},"updated":{"description":"List of anonymization fields successfully updated.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse"},"type":"array"}},"required":["updated","created","deleted","skipped"]},"Security_AI_Assistant_API_AnonymizationFieldUpdateProps":{"type":"object","properties":{"allowed":{"description":"Whether this field is allowed to be sent to the model.","example":true,"type":"boolean"},"anonymized":{"description":"Whether this field should be anonymized.","example":false,"type":"boolean"},"id":{"description":"The ID of the anonymization field to update.","example":"field8","type":"string"}},"required":["id"]},"Security_AI_Assistant_API_ApiConfig":{"type":"object","properties":{"actionTypeId":{"description":"Action type ID","example":"actionType456","type":"string"},"connectorId":{"description":"Connector ID","example":"connector123","type":"string"},"defaultSystemPromptId":{"description":"Default system prompt ID","example":"systemPrompt001","type":"string"},"model":{"description":"Model","example":"gpt-4","type":"string"},"provider":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Provider","description":"Provider","example":"OpenAI"}},"required":["connectorId","actionTypeId"]},"Security_AI_Assistant_API_BaseContentReference":{"description":"The basis of a content reference","type":"object","properties":{"id":{"description":"Id of the content reference","example":"content123","type":"string"},"type":{"description":"Type of the content reference","example":"SecurityAlert","type":"string"}},"required":["id","type"]},"Security_AI_Assistant_API_BulkCrudActionSummary":{"type":"object","properties":{"failed":{"description":"The number of failed actions.","example":0,"type":"integer"},"skipped":{"description":"The number of skipped actions.","example":1,"type":"integer"},"succeeded":{"description":"The number of successfully performed actions.","example":10,"type":"integer"},"total":{"description":"The total number of actions attempted.","example":12,"type":"integer"}},"required":["failed","skipped","succeeded","total"]},"Security_AI_Assistant_API_ChatCompleteProps":{"description":"The request payload for creating a chat completion.","example":{"connectorId":"conn-001","conversationId":"abc123","isStream":true,"langSmithApiKey":"sk-abc123","langSmithProject":"security_ai_project","messages":[{"content":"How do I detect ransomware on my endpoints?","data":{"device_id":"device-567"},"fields_to_anonymize":["device.name","file.path"],"role":"user"}],"model":"gpt-4","persist":true,"promptId":"prompt_456","responseLanguage":"en"},"type":"object","properties":{"connectorId":{"description":"Required connector identifier to route the request.","example":"conn-001","type":"string"},"conversationId":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString","description":"Existing conversation ID to continue."},"isStream":{"description":"If true, the response will be streamed in chunks.","example":true,"type":"boolean"},"langSmithApiKey":{"description":"API key for LangSmith integration.","example":"sk-abc123","type":"string"},"langSmithProject":{"description":"LangSmith project name for tracing.","example":"security_ai_project","type":"string"},"messages":{"description":"List of chat messages exchanged so far.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ChatMessage"},"type":"array"},"model":{"description":"Model ID or name to use for the response.","example":"gpt-4","type":"string"},"persist":{"description":"Whether to persist the chat and response to storage.","example":true,"type":"boolean"},"promptId":{"description":"Prompt template identifier.","example":"prompt_001","type":"string"},"responseLanguage":{"description":"ISO language code for the assistant's response.","example":"en","type":"string"}},"required":["messages","persist","connectorId"]},"Security_AI_Assistant_API_ChatMessage":{"description":"A message exchanged within the AI chat conversation.","type":"object","properties":{"content":{"description":"The textual content of the message.","example":"What security incidents have been reported today?","type":"string"},"data":{"$ref":"#/components/schemas/Security_AI_Assistant_API_MessageData","description":"Metadata to attach to the context of the message."},"fields_to_anonymize":{"description":"List of field names within the data object that should be anonymized.","example":["user.name","source.ip"],"items":{"type":"string"},"type":"array"},"role":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ChatMessageRole","description":"The sender role of the message."}},"required":["role"]},"Security_AI_Assistant_API_ChatMessageRole":{"description":"The role associated with the message in the chat.","enum":["system","user","assistant"],"example":"user","type":"string"},"Security_AI_Assistant_API_ContentReferences":{"additionalProperties":{"oneOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryContentReference"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_SecurityAlertContentReference"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_SecurityAlertsPageContentReference"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_ProductDocumentationContentReference"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_EsqlContentReference"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_HrefContentReference","additionalProperties":false}]},"description":"A union of all content reference types","type":"object"},"Security_AI_Assistant_API_ConversationCategory":{"description":"The conversation category.","enum":["assistant","insights"],"example":"assistant","type":"string"},"Security_AI_Assistant_API_ConversationConfidence":{"description":"The conversation confidence.","enum":["low","medium","high"],"example":"high","type":"string"},"Security_AI_Assistant_API_ConversationCreateProps":{"type":"object","properties":{"apiConfig":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ApiConfig","description":"LLM API configuration."},"category":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationCategory","description":"The conversation category.","example":"assistant"},"excludeFromLastConversationStorage":{"description":"Exclude from last conversation storage.","type":"boolean"},"id":{"description":"The conversation id.","example":"conversation123","type":"string"},"messages":{"description":"The conversation messages.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Message"},"type":"array"},"replacements":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Replacements"},"title":{"description":"The conversation title.","example":"Security AI Assistant Setup","type":"string"}},"required":["title"]},"Security_AI_Assistant_API_ConversationResponse":{"type":"object","properties":{"apiConfig":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ApiConfig","description":"LLM API configuration."},"category":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationCategory","description":"The conversation category.","example":"assistant"},"createdAt":{"description":"The time conversation was created.","example":"2025-04-30T14:00:00Z","type":"string"},"excludeFromLastConversationStorage":{"description":"Exclude from last conversation storage.","type":"boolean"},"id":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"},"messages":{"description":"The conversation messages.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Message"},"type":"array"},"namespace":{"description":"Kibana space","example":"default","type":"string"},"replacements":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Replacements"},"summary":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationSummary"},"timestamp":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyTimestamp"},"title":{"description":"The conversation title.","example":"Security AI Assistant Setup","type":"string"},"updatedAt":{"description":"The last time conversation was updated.","example":"2025-04-30T16:30:00Z","type":"string"},"users":{"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_User"},"type":"array"}},"required":["id","title","createdAt","users","namespace","category"]},"Security_AI_Assistant_API_ConversationSummary":{"type":"object","properties":{"confidence":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationConfidence","description":"How confident you are about this being a correct and useful learning.","example":"high"},"content":{"description":"Summary text of the conversation over time.","example":"This conversation covered how to configure the Security AI Assistant.","type":"string"},"public":{"description":"Define if summary is marked as publicly available.","example":true,"type":"boolean"},"timestamp":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyTimestamp","description":"The timestamp summary was updated.","example":"2025-04-30T16:00:00Z"}}},"Security_AI_Assistant_API_ConversationUpdateProps":{"type":"object","properties":{"apiConfig":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ApiConfig","description":"LLM API configuration."},"category":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationCategory","description":"The conversation category.","example":"assistant"},"excludeFromLastConversationStorage":{"description":"Exclude from last conversation storage.","type":"boolean"},"id":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"},"messages":{"description":"The conversation messages.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Message"},"type":"array"},"replacements":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Replacements"},"summary":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ConversationSummary"},"title":{"description":"The conversation title.","example":"Updated Security AI Assistant Setup","type":"string"}},"required":["id"]},"Security_AI_Assistant_API_DeleteResponseFields":{"type":"object","properties":{"id":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"}},"required":["id"]},"Security_AI_Assistant_API_DocumentEntry":{"allOf":[{"type":"object","properties":{"global":{"description":"Whether this Knowledge Base Entry is global, defaults to false.","example":false,"type":"boolean"},"name":{"description":"Name of the Knowledge Base Entry.","example":"Example Entry","type":"string"},"namespace":{"description":"Kibana Space, defaults to 'default' space.","example":"default","type":"string"},"users":{"description":"Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_User"},"type":"array"}},"required":["name","namespace","global","users"]},{"$ref":"#/components/schemas/Security_AI_Assistant_API_ResponseFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryResponseFields"}]},"Security_AI_Assistant_API_DocumentEntryCreateFields":{"allOf":[{"type":"object","properties":{"global":{"description":"Whether this Knowledge Base Entry is global, defaults to false.","example":false,"type":"boolean"},"name":{"description":"Name of the Knowledge Base Entry.","example":"Example Entry","type":"string"},"namespace":{"description":"Kibana Space, defaults to 'default' space.","example":"default","type":"string"},"users":{"description":"Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_User"},"type":"array"}},"required":["name"]},{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryRequiredFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryOptionalFields"}]},"Security_AI_Assistant_API_DocumentEntryOptionalFields":{"type":"object","properties":{"required":{"description":"Whether this resource should always be included, defaults to false.","example":false,"type":"boolean"},"vector":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Vector"}}},"Security_AI_Assistant_API_DocumentEntryRequiredFields":{"type":"object","properties":{"kbResource":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseResource"},"source":{"description":"Source document name or filepath.","example":"/documents/example.txt","type":"string"},"text":{"description":"Knowledge Base Entry content.","example":"This is the content of the document.","type":"string"},"type":{"description":"Entry type.","enum":["document"],"example":"document","type":"string"}},"required":["type","kbResource","source","text"]},"Security_AI_Assistant_API_DocumentEntryResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryRequiredFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryOptionalFields"}]},"Security_AI_Assistant_API_DocumentEntryUpdateFields":{"allOf":[{"type":"object","properties":{"global":{"description":"Whether this Knowledge Base Entry is global, defaults to false.","example":false,"type":"boolean"},"id":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"},"name":{"description":"Name of the Knowledge Base Entry.","example":"Example Entry","type":"string"},"namespace":{"description":"Kibana Space, defaults to 'default' space.","example":"default","type":"string"},"users":{"description":"Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_User"},"type":"array"}},"required":["id"]},{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryCreateFields"}]},"Security_AI_Assistant_API_EsqlContentReference":{"allOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_BaseContentReference"},{"type":"object","properties":{"label":{"description":"Label of the query","example":"High Severity Alerts","type":"string"},"query":{"description":"An ESQL query","example":"SELECT * FROM alerts WHERE severity = \"high\"","type":"string"},"timerange":{"description":"Time range to select in the time picker.","type":"object","properties":{"from":{"example":"2025-04-01T00:00:00Z","type":"string"},"to":{"example":"2025-04-30T23:59:59Z","type":"string"}},"required":["from","to"]},"type":{"enum":["EsqlQuery"],"example":"EsqlQuery","type":"string"}},"required":["type","query","label"]}],"description":"References an ESQL query"},"Security_AI_Assistant_API_FindAnonymizationFieldsSortField":{"enum":["created_at","anonymized","allowed","field","updated_at"],"type":"string"},"Security_AI_Assistant_API_FindConversationsSortField":{"description":"The field by which to sort the conversations. Possible values are `created_at`, `title`, and `updated_at`.","enum":["created_at","title","updated_at"],"example":"created_at","type":"string"},"Security_AI_Assistant_API_FindKnowledgeBaseEntriesSortField":{"description":"Fields available for sorting Knowledge Base Entries.","enum":["created_at","is_default","title","updated_at"],"example":"title","type":"string"},"Security_AI_Assistant_API_FindPromptsSortField":{"description":"Field by which to sort the prompts.","enum":["created_at","is_default","name","updated_at"],"example":"created_at","type":"string"},"Security_AI_Assistant_API_HrefContentReference":{"allOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_BaseContentReference"},{"type":"object","properties":{"href":{"description":"URL to the external resource","type":"string"},"label":{"description":"Label of the query","type":"string"},"type":{"enum":["Href"],"type":"string"}},"required":["type","href"]}],"description":"References an external URL"},"Security_AI_Assistant_API_IndexEntry":{"allOf":[{"type":"object","properties":{"global":{"description":"Whether this Knowledge Base Entry is global, defaults to false.","example":false,"type":"boolean"},"name":{"description":"Name of the Knowledge Base Entry.","example":"Example Entry","type":"string"},"namespace":{"description":"Kibana Space, defaults to 'default' space.","example":"default","type":"string"},"users":{"description":"Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_User"},"type":"array"}},"required":["name","namespace","global","users"]},{"$ref":"#/components/schemas/Security_AI_Assistant_API_ResponseFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryResponseFields"}]},"Security_AI_Assistant_API_IndexEntryCreateFields":{"allOf":[{"type":"object","properties":{"global":{"description":"Whether this Knowledge Base Entry is global, defaults to false.","example":false,"type":"boolean"},"name":{"description":"Name of the Knowledge Base Entry.","example":"Example Entry","type":"string"},"namespace":{"description":"Kibana Space, defaults to 'default' space.","example":"default","type":"string"},"users":{"description":"Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_User"},"type":"array"}},"required":["name"]},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryRequiredFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryOptionalFields"}]},"Security_AI_Assistant_API_IndexEntryOptionalFields":{"type":"object","properties":{"inputSchema":{"$ref":"#/components/schemas/Security_AI_Assistant_API_InputSchema"},"outputFields":{"description":"Fields to extract from the query result, defaults to all fields if not provided or empty.","example":["title","author"],"items":{"type":"string"},"type":"array"}}},"Security_AI_Assistant_API_IndexEntryRequiredFields":{"type":"object","properties":{"description":{"description":"Description for when this index or data stream should be queried for Knowledge Base content. Passed to the LLM as a tool description.","example":"Query this index for general knowledge base content.","type":"string"},"field":{"description":"Field to query for Knowledge Base content.","example":"content","type":"string"},"index":{"description":"Index or Data Stream to query for Knowledge Base content.","example":"knowledge_base_index","type":"string"},"queryDescription":{"description":"Description of query field used to fetch Knowledge Base content. Passed to the LLM as part of the tool input schema.","example":"Search for documents containing the specified keywords.","type":"string"},"type":{"description":"Entry type.","enum":["index"],"example":"index","type":"string"}},"required":["type","index","field","description","queryDescription"]},"Security_AI_Assistant_API_IndexEntryResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryRequiredFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryOptionalFields"}]},"Security_AI_Assistant_API_IndexEntryUpdateFields":{"allOf":[{"type":"object","properties":{"global":{"description":"Whether this Knowledge Base Entry is global, defaults to false.","example":false,"type":"boolean"},"id":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"},"name":{"description":"Name of the Knowledge Base Entry.","example":"Example Entry","type":"string"},"namespace":{"description":"Kibana Space, defaults to 'default' space.","example":"default","type":"string"},"users":{"description":"Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_User"},"type":"array"}},"required":["id"]},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryCreateFields"}]},"Security_AI_Assistant_API_InputSchema":{"description":"Array of objects defining the input schema, allowing the LLM to extract structured data to be used in retrieval.","items":{"type":"object","properties":{"description":{"description":"Description of the field.","example":"The title of the document.","type":"string"},"fieldName":{"description":"Name of the field.","example":"title","type":"string"},"fieldType":{"description":"Type of the field.","example":"string","type":"string"}},"required":["fieldName","fieldType","description"]},"type":"array"},"Security_AI_Assistant_API_KnowledgeBaseEntryBulkActionSkipReason":{"description":"Reason why a Knowledge Base Entry was skipped during the bulk action.","enum":["KNOWLEDGE_BASE_ENTRY_NOT_MODIFIED"],"type":"string"},"Security_AI_Assistant_API_KnowledgeBaseEntryBulkActionSkipResult":{"type":"object","properties":{"id":{"description":"ID of the skipped Knowledge Base Entry.","example":"123","type":"string"},"name":{"description":"Name of the skipped Knowledge Base Entry.","example":"Skipped Entry","type":"string"},"skip_reason":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkActionSkipReason"}},"required":["id","skip_reason"]},"Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResponse":{"type":"object","properties":{"attributes":{"type":"object","properties":{"errors":{"description":"List of errors encountered during the bulk action.","example":[{"err_code":"UPDATE_FAILED","knowledgeBaseEntries":[{"id":"456","name":"Error Entry"}],"message":"Failed to update entry.","statusCode":400}],"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NormalizedKnowledgeBaseEntryError"},"type":"array"},"results":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResults"},"summary":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionSummary"}},"required":["results","summary"]},"knowledgeBaseEntriesCount":{"description":"Total number of Knowledge Base Entries processed.","example":8,"type":"integer"},"message":{"description":"Message describing the result of the bulk action.","example":"Bulk action completed successfully.","type":"string"},"statusCode":{"description":"HTTP status code of the response.","example":200,"type":"integer"},"success":{"description":"Indicates whether the bulk action was successful.","example":true,"type":"boolean"}},"required":["attributes"]},"Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResults":{"type":"object","properties":{"created":{"description":"List of Knowledge Base Entries that were successfully created.","example":[{"content":"This is the content of the new entry.","id":"456","title":"New Entry"}],"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse"},"type":"array"},"deleted":{"description":"List of IDs of Knowledge Base Entries that were successfully deleted.","example":["789"],"items":{"type":"string"},"type":"array"},"skipped":{"description":"List of Knowledge Base Entries that were skipped during the bulk action.","example":[{"id":"123","name":"Skipped Entry","skip_reason":"KNOWLEDGE_BASE_ENTRY_NOT_MODIFIED"}],"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkActionSkipResult"},"type":"array"},"updated":{"description":"List of Knowledge Base Entries that were successfully updated.","example":[{"content":"Updated content.","id":"123","title":"Updated Entry"}],"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse"},"type":"array"}},"required":["updated","created","deleted","skipped"]},"Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionSummary":{"type":"object","properties":{"failed":{"description":"Number of Knowledge Base Entries that failed during the bulk action.","example":2,"type":"integer"},"skipped":{"description":"Number of Knowledge Base Entries that were skipped during the bulk action.","example":1,"type":"integer"},"succeeded":{"description":"Number of Knowledge Base Entries that were successfully processed during the bulk action.","example":5,"type":"integer"},"total":{"description":"Total number of Knowledge Base Entries involved in the bulk action.","example":8,"type":"integer"}},"required":["failed","skipped","succeeded","total"]},"Security_AI_Assistant_API_KnowledgeBaseEntryContentReference":{"allOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_BaseContentReference"},{"type":"object","properties":{"knowledgeBaseEntryId":{"description":"Id of the Knowledge Base Entry","example":"kbentry456","type":"string"},"knowledgeBaseEntryName":{"description":"Name of the knowledge base entry","example":"Network Security Best Practices","type":"string"},"type":{"enum":["KnowledgeBaseEntry"],"example":"KnowledgeBaseEntry","type":"string"}},"required":["type","knowledgeBaseEntryId","knowledgeBaseEntryName"]}],"description":"References a knowledge base entry"},"Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps":{"anyOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryCreateFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryCreateFields"}],"discriminator":{"propertyName":"type"}},"Security_AI_Assistant_API_KnowledgeBaseEntryDetailsInError":{"type":"object","properties":{"id":{"description":"ID of the Knowledge Base Entry that encountered an error.","example":"456","type":"string"},"name":{"description":"Name of the Knowledge Base Entry that encountered an error.","example":"Error Entry","type":"string"}},"required":["id"]},"Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema":{"additionalProperties":false,"type":"object","properties":{"error":{"description":"Error type or category.","example":"Not Found","type":"string"},"message":{"description":"Detailed error message.","example":"The requested Knowledge Base Entry was not found.","type":"string"},"statusCode":{"description":"HTTP status code of the error.","example":404,"type":"number"}},"required":["statusCode","error","message"]},"Security_AI_Assistant_API_KnowledgeBaseEntryResponse":{"anyOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntry"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntry"}],"discriminator":{"propertyName":"type"}},"Security_AI_Assistant_API_KnowledgeBaseEntryUpdateProps":{"anyOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryUpdateFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryUpdateFields"}],"discriminator":{"propertyName":"type"}},"Security_AI_Assistant_API_KnowledgeBaseEntryUpdateRouteProps":{"anyOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_DocumentEntryCreateFields"},{"$ref":"#/components/schemas/Security_AI_Assistant_API_IndexEntryCreateFields"}],"discriminator":{"propertyName":"type"}},"Security_AI_Assistant_API_KnowledgeBaseResource":{"description":"Knowledge Base resource name for grouping entries, e.g. 'security_labs', 'user', etc.","enum":["security_labs","user"],"example":"security_labs","type":"string"},"Security_AI_Assistant_API_KnowledgeBaseResponse":{"description":"AI assistant KnowledgeBase.","type":"object","properties":{"success":{"description":"Identify the success of the method execution.","example":true,"type":"boolean"}}},"Security_AI_Assistant_API_Message":{"description":"AI assistant conversation message.","type":"object","properties":{"content":{"description":"Message content.","example":"Hello, how can I assist you today?","type":"string"},"isError":{"description":"Is error message.","example":false,"type":"boolean"},"metadata":{"$ref":"#/components/schemas/Security_AI_Assistant_API_MessageMetadata","description":"Metadata"},"reader":{"$ref":"#/components/schemas/Security_AI_Assistant_API_Reader","description":"Message content."},"role":{"$ref":"#/components/schemas/Security_AI_Assistant_API_MessageRole","description":"Message role.","example":"assistant"},"timestamp":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyTimestamp","description":"The timestamp message was sent or received.","example":"2025-04-30T15:30:00Z"},"traceData":{"$ref":"#/components/schemas/Security_AI_Assistant_API_TraceData","description":"Trace data"}},"required":["timestamp","content","role"]},"Security_AI_Assistant_API_MessageData":{"additionalProperties":true,"description":"ECS-style metadata attached to the message.","example":{"alert_id":"alert-456","user_id":"abc123"},"type":"object"},"Security_AI_Assistant_API_MessageMetadata":{"description":"Message metadata","type":"object","properties":{"contentReferences":{"$ref":"#/components/schemas/Security_AI_Assistant_API_ContentReferences","description":"Data referred to by the message content."}}},"Security_AI_Assistant_API_MessageRole":{"description":"Message role.","enum":["system","user","assistant"],"example":"assistant","type":"string"},"Security_AI_Assistant_API_NonEmptyString":{"description":"A string that does not contain only whitespace characters.","example":"I am a string","format":"nonempty","minLength":1,"type":"string"},"Security_AI_Assistant_API_NonEmptyTimestamp":{"description":"A string that represents a timestamp in ISO 8601 format and does not contain only whitespace characters.","example":"2023-10-31T12:00:00Z","format":"nonempty","minLength":1,"type":"string"},"Security_AI_Assistant_API_NormalizedAnonymizationFieldError":{"type":"object","properties":{"anonymization_fields":{"description":"Array of anonymization fields that caused the error.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError"},"type":"array"},"err_code":{"description":"Error code indicating the type of failure.","example":"UPDATE_FAILED","type":"string"},"message":{"description":"Error message.","example":"Failed to update anonymization field.","type":"string"},"status_code":{"description":"Status code of the response.","example":400,"type":"integer"}},"required":["message","status_code","anonymization_fields"]},"Security_AI_Assistant_API_NormalizedKnowledgeBaseEntryError":{"type":"object","properties":{"err_code":{"description":"Specific error code for the issue.","example":"UPDATE_FAILED","type":"string"},"knowledgeBaseEntries":{"description":"List of Knowledge Base Entries that encountered the error.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryDetailsInError"},"type":"array"},"message":{"description":"Error message describing the issue.","example":"Failed to update entry.","type":"string"},"statusCode":{"description":"HTTP status code associated with the error.","example":400,"type":"integer"}},"required":["message","statusCode","knowledgeBaseEntries"]},"Security_AI_Assistant_API_NormalizedPromptError":{"type":"object","properties":{"err_code":{"description":"A code representing the error type.","type":"string"},"message":{"description":"A message describing the error encountered.","type":"string"},"prompts":{"description":"List of prompts that encountered errors.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptDetailsInError"},"type":"array"},"status_code":{"description":"The HTTP status code associated with the error.","type":"integer"}},"required":["message","status_code","prompts"]},"Security_AI_Assistant_API_ProductDocumentationContentReference":{"allOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_BaseContentReference"},{"type":"object","properties":{"title":{"description":"Title of the documentation","example":"Getting Started with Security AI Assistant","type":"string"},"type":{"enum":["ProductDocumentation"],"example":"ProductDocumentation","type":"string"},"url":{"description":"URL to the documentation","example":"https://docs.example.com/security-ai-assistant","type":"string"}},"required":["type","title","url"]}],"description":"References the product documentation"},"Security_AI_Assistant_API_PromptCreateProps":{"type":"object","properties":{"categories":{"description":"List of categories for the prompt.","example":["security","verification"],"items":{"type":"string"},"type":"array"},"color":{"description":"The color associated with the prompt.","example":"blue","type":"string"},"consumer":{"description":"The consumer associated with the prompt.","example":"admin","type":"string"},"content":{"description":"The content of the prompt.","example":"Please verify the security settings.","type":"string"},"isDefault":{"description":"Whether this prompt should be the default.","example":false,"type":"boolean"},"isNewConversationDefault":{"description":"Whether this prompt should be the default for new conversations.","example":true,"type":"boolean"},"name":{"description":"The name of the prompt.","example":"New Security Prompt","type":"string"},"promptType":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptType","description":"The type of the prompt.","example":"system"}},"required":["name","content","promptType"]},"Security_AI_Assistant_API_PromptDetailsInError":{"type":"object","properties":{"id":{"description":"The ID of the prompt that encountered an error.","type":"string"},"name":{"description":"The name of the prompt that encountered an error.","type":"string"}},"required":["id"]},"Security_AI_Assistant_API_PromptResponse":{"type":"object","properties":{"categories":{"description":"Categories associated with the prompt.","items":{"type":"string"},"type":"array"},"color":{"description":"The color associated with the prompt.","type":"string"},"consumer":{"description":"The consumer that the prompt is associated with.","type":"string"},"content":{"description":"The content of the prompt.","type":"string"},"createdAt":{"description":"The timestamp of when the prompt was created.","type":"string"},"createdBy":{"description":"The user who created the prompt.","type":"string"},"id":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"},"isDefault":{"description":"Whether this prompt is the default.","type":"boolean"},"isNewConversationDefault":{"description":"Whether this prompt is the default for new conversations.","type":"boolean"},"name":{"description":"The name of the prompt.","type":"string"},"namespace":{"description":"Kibana space where the prompt is located.","type":"string"},"promptType":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptType","description":"The type of the prompt."},"timestamp":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyTimestamp"},"updatedAt":{"description":"The timestamp of when the prompt was last updated.","type":"string"},"updatedBy":{"description":"The user who last updated the prompt.","type":"string"},"users":{"description":"List of users associated with the prompt.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_User"},"type":"array"}},"required":["id","name","promptType","content"]},"Security_AI_Assistant_API_PromptsBulkActionSkipReason":{"description":"Reason why a prompt was skipped during the bulk action.","enum":["PROMPT_FIELD_NOT_MODIFIED"],"type":"string"},"Security_AI_Assistant_API_PromptsBulkActionSkipResult":{"type":"object","properties":{"id":{"description":"The ID of the prompt that was skipped.","type":"string"},"name":{"description":"The name of the prompt that was skipped.","type":"string"},"skip_reason":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason","description":"The reason for skipping the prompt."}},"required":["id","skip_reason"]},"Security_AI_Assistant_API_PromptsBulkCrudActionResponse":{"type":"object","properties":{"attributes":{"type":"object","properties":{"errors":{"items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError"},"type":"array"},"results":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults"},"summary":{"$ref":"#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary"}},"required":["results","summary"]},"message":{"description":"A message describing the result of the bulk action.","example":"Bulk action completed successfully.","type":"string"},"prompts_count":{"description":"The number of prompts processed in the bulk action.","example":6,"type":"integer"},"status_code":{"description":"The HTTP status code of the response.","example":200,"type":"integer"},"success":{"description":"Indicates if the bulk action was successful.","example":true,"type":"boolean"}},"required":["attributes"]},"Security_AI_Assistant_API_PromptsBulkCrudActionResults":{"type":"object","properties":{"created":{"description":"List of prompts that were created.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptResponse"},"type":"array"},"deleted":{"description":"List of IDs of prompts that were deleted.","items":{"type":"string"},"type":"array"},"skipped":{"description":"List of prompts that were skipped.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult"},"type":"array"},"updated":{"description":"List of prompts that were updated.","items":{"$ref":"#/components/schemas/Security_AI_Assistant_API_PromptResponse"},"type":"array"}},"required":["updated","created","deleted","skipped"]},"Security_AI_Assistant_API_PromptType":{"description":"Type of the prompt (either system or quick).","enum":["system","quick"],"type":"string"},"Security_AI_Assistant_API_PromptUpdateProps":{"type":"object","properties":{"categories":{"description":"The updated categories for the prompt.","example":["security","alert"],"items":{"type":"string"},"type":"array"},"color":{"description":"The updated color associated with the prompt.","example":"green","type":"string"},"consumer":{"description":"The updated consumer for the prompt.","example":"user123","type":"string"},"content":{"description":"The updated content for the prompt.","example":"Updated content for security prompt.","type":"string"},"id":{"description":"The ID of the prompt to update.","example":"prompt123","type":"string"},"isDefault":{"description":"Whether this prompt should be the default.","example":true,"type":"boolean"},"isNewConversationDefault":{"description":"Whether the prompt should be the default for new conversations.","example":false,"type":"boolean"}},"required":["id"]},"Security_AI_Assistant_API_Provider":{"description":"Provider","enum":["OpenAI","Azure OpenAI","Other"],"example":"OpenAI","type":"string"},"Security_AI_Assistant_API_Reader":{"additionalProperties":true,"type":"object"},"Security_AI_Assistant_API_Replacements":{"additionalProperties":{"type":"string"},"description":"Replacements object used to anonymize/deanonymize messages","type":"object"},"Security_AI_Assistant_API_ResponseFields":{"type":"object","properties":{"createdAt":{"description":"Time the Knowledge Base Entry was created.","example":"2023-01-01T12:00:00Z","type":"string"},"createdBy":{"description":"User who created the Knowledge Base Entry.","example":"admin","type":"string"},"id":{"$ref":"#/components/schemas/Security_AI_Assistant_API_NonEmptyString"},"updatedAt":{"description":"Time the Knowledge Base Entry was last updated.","example":"2023-01-02T12:00:00Z","type":"string"},"updatedBy":{"description":"User who last updated the Knowledge Base Entry.","example":"editor","type":"string"}},"required":["id","createdAt","createdBy","updatedAt","updatedBy"]},"Security_AI_Assistant_API_SecurityAlertContentReference":{"allOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_BaseContentReference"},{"type":"object","properties":{"alertId":{"description":"ID of the Alert","example":"alert789","type":"string"},"type":{"enum":["SecurityAlert"],"example":"SecurityAlert","type":"string"}},"required":["type","alertId"]}],"description":"References a security alert"},"Security_AI_Assistant_API_SecurityAlertsPageContentReference":{"allOf":[{"$ref":"#/components/schemas/Security_AI_Assistant_API_BaseContentReference"},{"type":"object","properties":{"type":{"enum":["SecurityAlertsPage"],"example":"SecurityAlertsPage","type":"string"}},"required":["type"]}],"description":"References the security alerts page"},"Security_AI_Assistant_API_SortOrder":{"description":"The order in which results are sorted.","enum":["asc","desc"],"example":"asc","type":"string"},"Security_AI_Assistant_API_TraceData":{"description":"Trace Data","type":"object","properties":{"traceId":{"description":"Could be any string, not necessarily a UUID","example":"d9876543-f0a1-2345-6789-abcdef123456","type":"string"},"transactionId":{"description":"Could be any string, not necessarily a UUID","example":"a1234567-bc89-0def-1234-56789abcdef0","type":"string"}}},"Security_AI_Assistant_API_User":{"description":"Could be any string, not necessarily a UUID.","type":"object","properties":{"id":{"description":"User id.","example":"user123","type":"string"},"name":{"description":"User name.","example":"John Doe","type":"string"}}},"Security_AI_Assistant_API_Vector":{"description":"Object containing Knowledge Base Entry text embeddings and modelId used to create the embeddings.","type":"object","properties":{"modelId":{"description":"ID of the model used to create the embeddings.","example":"bert-base-uncased","type":"string"},"tokens":{"additionalProperties":{"type":"number"},"description":"Tokens with their corresponding values.","example":{"token1":0.123,"token2":0.456},"type":"object"}},"required":["modelId","tokens"]},"Security_Detections_API_AlertAssignees":{"type":"object","properties":{"add":{"items":{"description":"A list of users ids to assign.","format":"nonempty","minLength":1,"type":"string"},"type":"array"},"remove":{"items":{"description":"A list of users ids to unassign.","format":"nonempty","minLength":1,"type":"string"},"type":"array"}},"required":["add","remove"]},"Security_Detections_API_AlertIds":{"description":"A list of alerts `id`s.","items":{"format":"nonempty","minLength":1,"type":"string"},"minItems":1,"type":"array"},"Security_Detections_API_AlertsIndex":{"deprecated":true,"description":"(deprecated) Has no effect.","type":"string"},"Security_Detections_API_AlertsIndexMigrationError":{"type":"object","properties":{"error":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"string"}},"required":["message","status_code"]},"index":{"type":"string"}},"required":["index","error"]},"Security_Detections_API_AlertsIndexMigrationSuccess":{"type":"object","properties":{"index":{"type":"string"},"migration_id":{"type":"string"},"migration_index":{"type":"string"}},"required":["index","migration_id","migration_index"]},"Security_Detections_API_AlertsIndexNamespace":{"description":"Has no effect.","type":"string"},"Security_Detections_API_AlertsReindexOptions":{"type":"object","properties":{"requests_per_second":{"description":"The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API.","minimum":1,"type":"integer"},"size":{"description":"Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API.","minimum":1,"type":"integer"},"slices":{"description":"The number of subtasks for the migration task. Corresponds to slices on the Reindex API.","minimum":1,"type":"integer"}}},"Security_Detections_API_AlertsSort":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_AlertsSortCombinations"},{"items":{"$ref":"#/components/schemas/Security_Detections_API_AlertsSortCombinations"},"type":"array"}]},"Security_Detections_API_AlertsSortCombinations":{"anyOf":[{"type":"string"},{"additionalProperties":true,"type":"object"}]},"Security_Detections_API_AlertStatus":{"description":"The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`.","enum":["open","closed","acknowledged","in-progress"],"type":"string"},"Security_Detections_API_AlertSuppression":{"description":"Defines alert suppression configuration.","type":"object","properties":{"duration":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppressionDuration"},"group_by":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy"},"missing_fields_strategy":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy"}},"required":["group_by"]},"Security_Detections_API_AlertSuppressionDuration":{"type":"object","properties":{"unit":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppressionDurationUnit"},"value":{"minimum":1,"type":"integer"}},"required":["value","unit"]},"Security_Detections_API_AlertSuppressionDurationUnit":{"description":"Time unit","enum":["s","m","h"],"type":"string"},"Security_Detections_API_AlertSuppressionGroupBy":{"items":{"type":"string"},"maxItems":3,"minItems":1,"type":"array"},"Security_Detections_API_AlertSuppressionMissingFieldsStrategy":{"description":"Describes how alerts will be generated for documents with missing suppress by fields:\ndoNotSuppress - per each document a separate alert will be created\nsuppress - only alert will be created per suppress by bucket","enum":["doNotSuppress","suppress"],"type":"string"},"Security_Detections_API_AlertTag":{"description":"Use alert tags to organize related alerts into categories that you can filter and group.","format":"nonempty","minLength":1,"type":"string"},"Security_Detections_API_AlertTags":{"description":"List of keywords to organize related alerts into categories that you can filter and group.","items":{"$ref":"#/components/schemas/Security_Detections_API_AlertTag"},"type":"array"},"Security_Detections_API_AlertVersion":{"type":"object","properties":{"count":{"type":"integer"},"version":{"type":"integer"}},"required":["version","count"]},"Security_Detections_API_AnomalyThreshold":{"description":"Anomaly score threshold above which the rule creates an alert. Valid values are from 0 to 100.","minimum":0,"type":"integer"},"Security_Detections_API_BuildingBlockType":{"description":"Determines if the rule acts as a building block. If yes, the value must be `default`.\nBy default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.\nFor more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).\n","type":"string"},"Security_Detections_API_BulkActionEditPayload":{"anyOf":[{"$ref":"#/components/schemas/Security_Detections_API_BulkActionEditPayloadTags"},{"$ref":"#/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns"},{"$ref":"#/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields"},{"$ref":"#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline"},{"$ref":"#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions"},{"$ref":"#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule"}]},"Security_Detections_API_BulkActionEditPayloadIndexPatterns":{"description":"Edits index patterns of rulesClient.\n\n- `add_index_patterns` adds index patterns to rules. If an index pattern already exists for a rule, no changes are made.\n- `delete_index_patterns` removes index patterns from rules. If an index pattern does not exist for a rule, no changes are made.\n- `set_index_patterns` sets index patterns for rules, overwriting any existing index patterns. If the set of index patterns is the same as the existing index patterns, no changes are made.\n","type":"object","properties":{"overwrite_data_views":{"description":"Resets the data view for the rule.","type":"boolean"},"type":{"enum":["add_index_patterns","delete_index_patterns","set_index_patterns"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Detections_API_IndexPatternArray"}},"required":["type","value"]},"Security_Detections_API_BulkActionEditPayloadInvestigationFields":{"description":"Edits investigation fields of rules.\n\n- `add_investigation_fields` adds investigation fields to rules. If an investigation field already exists for a rule, no changes are made.\n- `delete_investigation_fields` removes investigation fields from rules. If an investigation field does not exist for a rule, no changes are made.\n- `set_investigation_fields` sets investigation fields for rules. If the set of investigation fields is the same as the existing investigation fields, no changes are made.\n","type":"object","properties":{"type":{"enum":["add_investigation_fields","delete_investigation_fields","set_investigation_fields"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"}},"required":["type","value"]},"Security_Detections_API_BulkActionEditPayloadRuleActions":{"description":"Edits rule actions of rules.\n\n- `add_rule_actions` adds rule actions to rules. This action is non-idempotent, meaning that even if the same rule action already exists for a rule, it will be added again with a new unique ID.\n- `set_rule_actions` sets rule actions for rules. This action is non-idempotent, meaning that even if the same set of rule actions already exists for a rule, it will be set again and the actions will receive new unique IDs.\n","type":"object","properties":{"type":{"enum":["add_rule_actions","set_rule_actions"],"type":"string"},"value":{"type":"object","properties":{"actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_NormalizedRuleAction"},"type":"array"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_ThrottleForBulkActions"}},"required":["actions"]}},"required":["type","value"]},"Security_Detections_API_BulkActionEditPayloadSchedule":{"description":"Overwrites schedule of rules. \n\n- `set_schedule` sets a schedule for rules. If the same schedule already exists for a rule, no changes are made.\n\nBoth `interval` and `lookback` have a format of \"{integer}{time_unit}\", where accepted time units are `s` for seconds, `m` for minutes, and `h` for hours. The integer must be positive and larger than 0. Examples: \"45s\", \"30m\", \"6h\"\n","type":"object","properties":{"type":{"enum":["set_schedule"],"type":"string"},"value":{"type":"object","properties":{"interval":{"description":"Interval in which the rule runs. For example, `\"1h\"` means the rule runs every hour.","example":"1h","pattern":"^[1-9]\\d*[smh]$","type":"string"},"lookback":{"description":"Lookback time for the rules.\n\nAdditional look-back time that the rule analyzes. For example, \"10m\" means the rule analyzes the last 10 minutes of data in addition to the frequency interval.\n","example":"1h","pattern":"^[1-9]\\d*[smh]$","type":"string"}},"required":["interval","lookback"]}},"required":["type","value"]},"Security_Detections_API_BulkActionEditPayloadTags":{"description":"Edits tags of rules.\n\n- `add_tags` adds tags to rules. If a tag already exists for a rule, no changes are made.\n- `delete_tags` removes tags from rules. If a tag does not exist for a rule, no changes are made.\n- `set_tags` sets tags for rules, overwriting any existing tags. If the set of tags is the same as the existing tags, no changes are made.\n","type":"object","properties":{"type":{"enum":["add_tags","delete_tags","set_tags"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"}},"required":["type","value"]},"Security_Detections_API_BulkActionEditPayloadTimeline":{"description":"Edits timeline of rules.\n\n- `set_timeline` sets a timeline for rules. If the same timeline already exists for a rule, no changes are made.\n","type":"object","properties":{"type":{"enum":["set_timeline"],"type":"string"},"value":{"type":"object","properties":{"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"}},"required":["timeline_id","timeline_title"]}},"required":["type","value"]},"Security_Detections_API_BulkActionsDryRunErrCode":{"enum":["IMMUTABLE","PREBUILT_CUSTOMIZATION_LICENSE","MACHINE_LEARNING_AUTH","MACHINE_LEARNING_INDEX_PATTERN","ESQL_INDEX_PATTERN","MANUAL_RULE_RUN_FEATURE","MANUAL_RULE_RUN_DISABLED_RULE"],"type":"string"},"Security_Detections_API_BulkActionSkipResult":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"skip_reason":{"$ref":"#/components/schemas/Security_Detections_API_BulkEditSkipReason"}},"required":["id","skip_reason"]},"Security_Detections_API_BulkDeleteRules":{"type":"object","properties":{"action":{"enum":["delete"],"type":"string"},"ids":{"description":"Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.","items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter rules.","type":"string"}},"required":["action"]},"Security_Detections_API_BulkDisableRules":{"type":"object","properties":{"action":{"enum":["disable"],"type":"string"},"ids":{"description":"Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.","items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter rules.","type":"string"}},"required":["action"]},"Security_Detections_API_BulkDuplicateRules":{"type":"object","properties":{"action":{"enum":["duplicate"],"type":"string"},"duplicate":{"description":"Duplicate object that describes applying an update action.","type":"object","properties":{"include_exceptions":{"description":"Whether to copy exceptions from the original rule","type":"boolean"},"include_expired_exceptions":{"description":"Whether to copy expired exceptions from the original rule","type":"boolean"}},"required":["include_exceptions","include_expired_exceptions"]},"ids":{"description":"Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.","items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter rules.","type":"string"}},"required":["action"]},"Security_Detections_API_BulkEditActionResponse":{"type":"object","properties":{"attributes":{"type":"object","properties":{"errors":{"items":{"$ref":"#/components/schemas/Security_Detections_API_NormalizedRuleError"},"type":"array"},"results":{"$ref":"#/components/schemas/Security_Detections_API_BulkEditActionResults"},"summary":{"$ref":"#/components/schemas/Security_Detections_API_BulkEditActionSummary"}},"required":["results","summary"]},"message":{"type":"string"},"rules_count":{"type":"integer"},"status_code":{"type":"integer"},"success":{"type":"boolean"}},"required":["attributes"]},"Security_Detections_API_BulkEditActionResults":{"type":"object","properties":{"created":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"},"type":"array"},"deleted":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"},"type":"array"},"skipped":{"items":{"$ref":"#/components/schemas/Security_Detections_API_BulkActionSkipResult"},"type":"array"},"updated":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleResponse"},"type":"array"}},"required":["updated","created","deleted","skipped"]},"Security_Detections_API_BulkEditActionSummary":{"description":"A rule can only be skipped when the bulk action to be performed on it results in nothing being done. For example, if the `edit` action is used to add a tag to a rule that already has that tag, or to delete an index pattern that is not specified in a rule. Objects returned in `attributes.results.skipped` will only include rules' `id`, `name`, and `skip_reason`.","type":"object","properties":{"failed":{"type":"integer"},"skipped":{"type":"integer"},"succeeded":{"type":"integer"},"total":{"type":"integer"}},"required":["failed","skipped","succeeded","total"]},"Security_Detections_API_BulkEditRules":{"type":"object","properties":{"action":{"enum":["edit"],"type":"string"},"edit":{"description":"Array of objects containing the edit operations","items":{"$ref":"#/components/schemas/Security_Detections_API_BulkActionEditPayload"},"minItems":1,"type":"array"},"ids":{"description":"Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.","items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter rules.","type":"string"}},"required":["action","edit"]},"Security_Detections_API_BulkEditSkipReason":{"enum":["RULE_NOT_MODIFIED"],"type":"string"},"Security_Detections_API_BulkEnableRules":{"type":"object","properties":{"action":{"enum":["enable"],"type":"string"},"ids":{"description":"Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.","items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter rules.","type":"string"}},"required":["action"]},"Security_Detections_API_BulkExportActionResponse":{"type":"string"},"Security_Detections_API_BulkExportRules":{"type":"object","properties":{"action":{"enum":["export"],"type":"string"},"ids":{"description":"Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.","items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter rules.","type":"string"}},"required":["action"]},"Security_Detections_API_BulkManualRuleRun":{"type":"object","properties":{"action":{"enum":["run"],"type":"string"},"ids":{"description":"Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.","items":{"type":"string"},"minItems":1,"type":"array"},"query":{"description":"Query to filter rules.","type":"string"},"run":{"description":"Object that describes applying a manual rule run action.","type":"object","properties":{"end_date":{"description":"End date of the manual rule run","type":"string"},"start_date":{"description":"Start date of the manual rule run","type":"string"}},"required":["start_date","end_date"]}},"required":["action","run"]},"Security_Detections_API_ConcurrentSearches":{"minimum":1,"type":"integer"},"Security_Detections_API_DataViewId":{"type":"string"},"Security_Detections_API_DefaultParams":{"type":"object","properties":{"command":{"enum":["isolate"],"type":"string"},"comment":{"type":"string"}},"required":["command"]},"Security_Detections_API_EcsMapping":{"additionalProperties":{"type":"object","properties":{"field":{"type":"string"},"value":{"oneOf":[{"type":"string"},{"items":{"type":"string"},"type":"array"}]}}},"description":"Map Osquery results columns or static values to Elastic Common Schema (ECS) fields. Example: \"ecs_mapping\": {\"process.pid\": {\"field\": \"pid\"}}","type":"object"},"Security_Detections_API_EndpointResponseAction":{"type":"object","properties":{"action_type_id":{"enum":[".endpoint"],"type":"string"},"params":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_DefaultParams"},{"$ref":"#/components/schemas/Security_Detections_API_ProcessesParams"}]}},"required":["action_type_id","params"]},"Security_Detections_API_EqlOptionalFields":{"type":"object","properties":{"alert_suppression":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppression"},"data_view_id":{"$ref":"#/components/schemas/Security_Detections_API_DataViewId"},"event_category_override":{"$ref":"#/components/schemas/Security_Detections_API_EventCategoryOverride"},"filters":{"$ref":"#/components/schemas/Security_Detections_API_RuleFilterArray"},"index":{"$ref":"#/components/schemas/Security_Detections_API_IndexPatternArray"},"tiebreaker_field":{"$ref":"#/components/schemas/Security_Detections_API_TiebreakerField"},"timestamp_field":{"$ref":"#/components/schemas/Security_Detections_API_TimestampField"}}},"Security_Detections_API_EqlQueryLanguage":{"enum":["eql"],"type":"string"},"Security_Detections_API_EqlRequiredFields":{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_EqlQueryLanguage","description":"Query language to use"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"type":{"description":"Rule type","enum":["eql"],"type":"string"}},"required":["type","query","language"]},"Security_Detections_API_EqlRule":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity","version","tags","enabled","risk_score_mapping","severity_mapping","interval","from","to","actions","exceptions_list","author","false_positives","references","max_signals","threat","setup","related_integrations","required_fields"]},{"$ref":"#/components/schemas/Security_Detections_API_ResponseFields"},{"$ref":"#/components/schemas/Security_Detections_API_EqlRuleResponseFields"}]},"Security_Detections_API_EqlRuleCreateFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_EqlRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_EqlOptionalFields"}]},"Security_Detections_API_EqlRuleCreateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_EqlRuleCreateFields"}]},"Security_Detections_API_EqlRulePatchFields":{"allOf":[{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_EqlQueryLanguage","description":"Query language to use"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"type":{"description":"Rule type","enum":["eql"],"type":"string"}}},{"$ref":"#/components/schemas/Security_Detections_API_EqlOptionalFields"}]},"Security_Detections_API_EqlRulePatchProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}}},{"$ref":"#/components/schemas/Security_Detections_API_EqlRulePatchFields"}]},"Security_Detections_API_EqlRuleResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_EqlRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_EqlOptionalFields"}]},"Security_Detections_API_EqlRuleUpdateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_EqlRuleCreateFields"}]},"Security_Detections_API_ErrorSchema":{"additionalProperties":false,"type":"object","properties":{"error":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"minimum":400,"type":"integer"}},"required":["status_code","message"]},"id":{"type":"string"},"item_id":{"minLength":1,"type":"string"},"list_id":{"minLength":1,"type":"string"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"}},"required":["error"]},"Security_Detections_API_EsqlQueryLanguage":{"enum":["esql"],"type":"string"},"Security_Detections_API_EsqlRule":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity","version","tags","enabled","risk_score_mapping","severity_mapping","interval","from","to","actions","exceptions_list","author","false_positives","references","max_signals","threat","setup","related_integrations","required_fields"]},{"$ref":"#/components/schemas/Security_Detections_API_ResponseFields"},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleResponseFields"}]},"Security_Detections_API_EsqlRuleCreateFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields"}]},"Security_Detections_API_EsqlRuleCreateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleCreateFields"}]},"Security_Detections_API_EsqlRuleOptionalFields":{"type":"object","properties":{"alert_suppression":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppression"}}},"Security_Detections_API_EsqlRulePatchProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"language":{"$ref":"#/components/schemas/Security_Detections_API_EsqlQueryLanguage"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"type":{"description":"Rule type","enum":["esql"],"type":"string"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}}},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields"}]},"Security_Detections_API_EsqlRuleRequiredFields":{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_EsqlQueryLanguage"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"type":{"description":"Rule type","enum":["esql"],"type":"string"}},"required":["type","language","query"]},"Security_Detections_API_EsqlRuleResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields"}]},"Security_Detections_API_EsqlRuleUpdateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleCreateFields"}]},"Security_Detections_API_EventCategoryOverride":{"type":"string"},"Security_Detections_API_ExceptionListType":{"description":"The exception type","enum":["detection","rule_default","endpoint","endpoint_trusted_apps","endpoint_events","endpoint_host_isolation_exceptions","endpoint_blocklists"],"type":"string"},"Security_Detections_API_ExternalRuleSource":{"description":"Type of rule source for externally sourced rules, i.e. rules that have an external source, such as the Elastic Prebuilt rules repo.","type":"object","properties":{"is_customized":{"$ref":"#/components/schemas/Security_Detections_API_IsExternalRuleCustomized"},"type":{"enum":["external"],"type":"string"}},"required":["type","is_customized"]},"Security_Detections_API_FindRulesSortField":{"enum":["created_at","createdAt","enabled","execution_summary.last_execution.date","execution_summary.last_execution.metrics.execution_gap_duration_s","execution_summary.last_execution.metrics.total_indexing_duration_ms","execution_summary.last_execution.metrics.total_search_duration_ms","execution_summary.last_execution.status","name","risk_score","riskScore","severity","updated_at","updatedAt"],"type":"string"},"Security_Detections_API_HistoryWindowStart":{"description":"Start date to use when checking if a term has been seen before. Supports relative dates – for example, now-30d will search the last 30 days of data when checking if a term is new. We do not recommend using absolute dates, which can cause issues with rule performance due to querying increasing amounts of data over time.","format":"nonempty","minLength":1,"type":"string"},"Security_Detections_API_IndexMigrationStatus":{"type":"object","properties":{"index":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"is_outdated":{"type":"boolean"},"migrations":{"items":{"$ref":"#/components/schemas/Security_Detections_API_MigrationStatus"},"type":"array"},"signal_versions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_AlertVersion"},"type":"array"},"version":{"type":"integer"}},"required":["index","version","signal_versions","migrations","is_outdated"]},"Security_Detections_API_IndexPatternArray":{"description":"Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).\n\u003e info\n\u003e This field is not supported for ES|QL rules.\n","items":{"type":"string"},"type":"array"},"Security_Detections_API_InternalRuleSource":{"description":"Type of rule source for internally sourced rules, i.e. created within the Kibana apps.","type":"object","properties":{"type":{"enum":["internal"],"type":"string"}},"required":["type"]},"Security_Detections_API_InvestigationFields":{"description":"Schema for fields relating to investigation fields. These are user defined fields we use to highlight\nin various features in the UI such as alert details flyout and exceptions auto-population from alert.\n","type":"object","properties":{"field_names":{"items":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"minItems":1,"type":"array"}},"required":["field_names"]},"Security_Detections_API_InvestigationGuide":{"description":"Notes to help investigate alerts produced by the rule.","type":"string"},"Security_Detections_API_IsExternalRuleCustomized":{"description":"Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value).","type":"boolean"},"Security_Detections_API_IsRuleEnabled":{"description":"Determines whether the rule is enabled. Defaults to true.","type":"boolean"},"Security_Detections_API_IsRuleImmutable":{"deprecated":true,"description":"This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.","type":"boolean"},"Security_Detections_API_ItemsPerSearch":{"minimum":1,"type":"integer"},"Security_Detections_API_KqlQueryLanguage":{"enum":["kuery","lucene"],"type":"string"},"Security_Detections_API_MachineLearningJobId":{"description":"Machine learning job ID(s) the rule monitors for anomaly scores.","oneOf":[{"type":"string"},{"items":{"type":"string"},"minItems":1,"type":"array"}]},"Security_Detections_API_MachineLearningRule":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity","version","tags","enabled","risk_score_mapping","severity_mapping","interval","from","to","actions","exceptions_list","author","false_positives","references","max_signals","threat","setup","related_integrations","required_fields"]},{"$ref":"#/components/schemas/Security_Detections_API_ResponseFields"},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields"}]},"Security_Detections_API_MachineLearningRuleCreateFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields"}]},"Security_Detections_API_MachineLearningRuleCreateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields"}]},"Security_Detections_API_MachineLearningRuleOptionalFields":{"type":"object","properties":{"alert_suppression":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppression"}}},"Security_Detections_API_MachineLearningRulePatchFields":{"allOf":[{"type":"object","properties":{"anomaly_threshold":{"$ref":"#/components/schemas/Security_Detections_API_AnomalyThreshold"},"machine_learning_job_id":{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningJobId"},"type":{"description":"Rule type","enum":["machine_learning"],"type":"string"}}},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields"}]},"Security_Detections_API_MachineLearningRulePatchProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}}},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields"}]},"Security_Detections_API_MachineLearningRuleRequiredFields":{"type":"object","properties":{"anomaly_threshold":{"$ref":"#/components/schemas/Security_Detections_API_AnomalyThreshold"},"machine_learning_job_id":{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningJobId"},"type":{"description":"Rule type","enum":["machine_learning"],"type":"string"}},"required":["type","machine_learning_job_id","anomaly_threshold"]},"Security_Detections_API_MachineLearningRuleResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields"}]},"Security_Detections_API_MachineLearningRuleUpdateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields"}]},"Security_Detections_API_MaxSignals":{"default":100,"description":"Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).\n\u003e info\n\u003e This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.\n","minimum":1,"type":"integer"},"Security_Detections_API_MigrationCleanupResult":{"type":"object","properties":{"destinationIndex":{"type":"string"},"error":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"integer"}},"required":["message","status_code"]},"id":{"type":"string"},"sourceIndex":{"type":"string"},"status":{"enum":["success","failure","pending"],"type":"string"},"updated":{"format":"date-time","type":"string"},"version":{"type":"string"}},"required":["id","destinationIndex","status","sourceIndex","version","updated"]},"Security_Detections_API_MigrationFinalizationResult":{"type":"object","properties":{"completed":{"type":"boolean"},"destinationIndex":{"type":"string"},"error":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"integer"}},"required":["message","status_code"]},"id":{"type":"string"},"sourceIndex":{"type":"string"},"status":{"enum":["success","failure","pending"],"type":"string"},"updated":{"format":"date-time","type":"string"},"version":{"type":"string"}},"required":["id","completed","destinationIndex","status","sourceIndex","version","updated"]},"Security_Detections_API_MigrationStatus":{"type":"object","properties":{"id":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"status":{"enum":["success","failure","pending"],"type":"string"},"updated":{"format":"date-time","type":"string"},"version":{"type":"integer"}},"required":["id","status","version","updated"]},"Security_Detections_API_NewTermsFields":{"description":"Fields to monitor for new values.","items":{"type":"string"},"maxItems":3,"minItems":1,"type":"array"},"Security_Detections_API_NewTermsRule":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity","version","tags","enabled","risk_score_mapping","severity_mapping","interval","from","to","actions","exceptions_list","author","false_positives","references","max_signals","threat","setup","related_integrations","required_fields"]},{"$ref":"#/components/schemas/Security_Detections_API_ResponseFields"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields"}]},"Security_Detections_API_NewTermsRuleCreateFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields"}]},"Security_Detections_API_NewTermsRuleCreateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields"}]},"Security_Detections_API_NewTermsRuleDefaultableFields":{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}}},"Security_Detections_API_NewTermsRuleOptionalFields":{"type":"object","properties":{"alert_suppression":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppression"},"data_view_id":{"$ref":"#/components/schemas/Security_Detections_API_DataViewId"},"filters":{"$ref":"#/components/schemas/Security_Detections_API_RuleFilterArray"},"index":{"$ref":"#/components/schemas/Security_Detections_API_IndexPatternArray"}}},"Security_Detections_API_NewTermsRulePatchFields":{"allOf":[{"type":"object","properties":{"history_window_start":{"$ref":"#/components/schemas/Security_Detections_API_HistoryWindowStart"},"new_terms_fields":{"$ref":"#/components/schemas/Security_Detections_API_NewTermsFields"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"type":{"description":"Rule type","enum":["new_terms"],"type":"string"}}},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields"}]},"Security_Detections_API_NewTermsRulePatchProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}}},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRulePatchFields"}]},"Security_Detections_API_NewTermsRuleRequiredFields":{"type":"object","properties":{"history_window_start":{"$ref":"#/components/schemas/Security_Detections_API_HistoryWindowStart"},"new_terms_fields":{"$ref":"#/components/schemas/Security_Detections_API_NewTermsFields"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"type":{"description":"Rule type","enum":["new_terms"],"type":"string"}},"required":["type","query","new_terms_fields","history_window_start"]},"Security_Detections_API_NewTermsRuleResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields"},{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}},"required":["language"]}]},"Security_Detections_API_NewTermsRuleUpdateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields"}]},"Security_Detections_API_NonEmptyString":{"description":"A string that does not contain only whitespace characters","format":"nonempty","minLength":1,"type":"string"},"Security_Detections_API_NormalizedRuleAction":{"additionalProperties":false,"type":"object","properties":{"alerts_filter":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionAlertsFilter"},"frequency":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionFrequency"},"group":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionGroup"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionId"},"params":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionParams"}},"required":["id","params"]},"Security_Detections_API_NormalizedRuleError":{"type":"object","properties":{"err_code":{"$ref":"#/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode"},"message":{"type":"string"},"rules":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleDetailsInError"},"type":"array"},"status_code":{"type":"integer"}},"required":["message","status_code","rules"]},"Security_Detections_API_OsqueryParams":{"type":"object","properties":{"ecs_mapping":{"$ref":"#/components/schemas/Security_Detections_API_EcsMapping"},"pack_id":{"description":"To specify a query pack, use the packId field. Example: \"packId\": \"processes_elastic\"","type":"string"},"queries":{"items":{"$ref":"#/components/schemas/Security_Detections_API_OsqueryQuery"},"type":"array"},"query":{"description":"To run a single query, use the query field and enter a SQL query. Example: \"query\": \"SELECT * FROM processes;\"","type":"string"},"saved_query_id":{"description":"To run a saved query, use the saved_query_id field and specify the saved query ID. Example: \"saved_query_id\": \"processes_elastic\"","type":"string"},"timeout":{"description":"A timeout period, in seconds, after which the query will stop running. Overwriting the default timeout allows you to support queries that require more time to complete. The default and minimum supported value is 60. The maximum supported value is 900. Example: \"timeout\": 120.","type":"number"}}},"Security_Detections_API_OsqueryQuery":{"type":"object","properties":{"ecs_mapping":{"$ref":"#/components/schemas/Security_Detections_API_EcsMapping"},"id":{"description":"Query ID","type":"string"},"platform":{"type":"string"},"query":{"description":"Query to run","type":"string"},"removed":{"type":"boolean"},"snapshot":{"type":"boolean"},"version":{"description":"Query version","type":"string"}},"required":["id","query"]},"Security_Detections_API_OsqueryResponseAction":{"type":"object","properties":{"action_type_id":{"enum":[".osquery"],"type":"string"},"params":{"$ref":"#/components/schemas/Security_Detections_API_OsqueryParams"}},"required":["action_type_id","params"]},"Security_Detections_API_PlatformErrorResponse":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"integer"}},"required":["statusCode","error","message"]},"Security_Detections_API_ProcessesParams":{"type":"object","properties":{"command":{"description":"To run an endpoint response action, specify a value for the command field. Example: \"command\": \"isolate\"","enum":["kill-process","suspend-process"],"type":"string"},"comment":{"description":"Add a note that explains or describes the action. You can find your comment in the response actions history log. Example: \"comment\": \"Check processes\"","type":"string"},"config":{"type":"object","properties":{"field":{"description":"Field to use instead of process.pid","type":"string"},"overwrite":{"default":true,"description":"Whether to overwrite field with process.pid","type":"boolean"}},"required":["field"]}},"required":["command","config"]},"Security_Detections_API_QueryRule":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity","version","tags","enabled","risk_score_mapping","severity_mapping","interval","from","to","actions","exceptions_list","author","false_positives","references","max_signals","threat","setup","related_integrations","required_fields"]},{"$ref":"#/components/schemas/Security_Detections_API_ResponseFields"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleResponseFields"}]},"Security_Detections_API_QueryRuleCreateFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields"}]},"Security_Detections_API_QueryRuleCreateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleCreateFields"}]},"Security_Detections_API_QueryRuleDefaultableFields":{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"}}},"Security_Detections_API_QueryRuleOptionalFields":{"type":"object","properties":{"alert_suppression":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppression"},"data_view_id":{"$ref":"#/components/schemas/Security_Detections_API_DataViewId"},"filters":{"$ref":"#/components/schemas/Security_Detections_API_RuleFilterArray"},"index":{"$ref":"#/components/schemas/Security_Detections_API_IndexPatternArray"},"saved_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryId"}}},"Security_Detections_API_QueryRulePatchFields":{"allOf":[{"type":"object","properties":{"type":{"description":"Rule type","enum":["query"],"type":"string"}}},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields"}]},"Security_Detections_API_QueryRulePatchProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}}},{"$ref":"#/components/schemas/Security_Detections_API_QueryRulePatchFields"}]},"Security_Detections_API_QueryRuleRequiredFields":{"type":"object","properties":{"type":{"description":"Rule type","enum":["query"],"type":"string"}},"required":["type"]},"Security_Detections_API_QueryRuleResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleOptionalFields"},{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"}},"required":["query","language"]}]},"Security_Detections_API_QueryRuleUpdateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleCreateFields"}]},"Security_Detections_API_RelatedIntegration":{"description":"Related integration is a potential dependency of a rule. It's assumed that if the user installs\none of the related integrations of a rule, the rule might start to work properly because it will\nhave source events (generated by this integration) potentially matching the rule's query.\n\nNOTE: Proper work is not guaranteed, because a related integration, if installed, can be\nconfigured differently or generate data that is not necessarily relevant for this rule.\n\nRelated integration is a combination of a Fleet package and (optionally) one of the\npackage's \"integrations\" that this package contains. It is represented by 3 properties:\n\n- `package`: name of the package (required, unique id)\n- `version`: version of the package (required, semver-compatible)\n- `integration`: name of the integration of this package (optional, id within the package)\n\nThere are Fleet packages like `windows` that contain only one integration; in this case,\n`integration` should be unspecified. There are also packages like `aws` and `azure` that contain\nseveral integrations; in this case, `integration` should be specified.\n","example":{"integration":"activitylogs","package":"azure","version":"~1.1.6"},"type":"object","properties":{"integration":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"package":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"version":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"}},"required":["package","version"]},"Security_Detections_API_RelatedIntegrationArray":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegration"},"type":"array"},"Security_Detections_API_RequiredField":{"description":"Describes an Elasticsearch field that is needed for the rule to function.\n\nAlmost all types of Security rules check source event documents for a match to some kind of\nquery or filter. If a document has certain field with certain values, then it's a match and\nthe rule will generate an alert.\n\nRequired field is an event field that must be present in the source indices of a given rule.\n\n@example\nconst standardEcsField: RequiredField = {\n name: 'event.action',\n type: 'keyword',\n ecs: true,\n};\n\n@example\nconst nonEcsField: RequiredField = {\n name: 'winlog.event_data.AttributeLDAPDisplayName',\n type: 'keyword',\n ecs: false,\n};\n","type":"object","properties":{"ecs":{"description":"Indicates whether the field is ECS-compliant. This property is only present in responses. Its value is computed based on field’s name and type.","type":"boolean"},"name":{"description":"Name of an Elasticsearch field","format":"nonempty","minLength":1,"type":"string"},"type":{"description":"Type of the Elasticsearch field","format":"nonempty","minLength":1,"type":"string"}},"required":["name","type","ecs"]},"Security_Detections_API_RequiredFieldArray":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredField"},"type":"array"},"Security_Detections_API_RequiredFieldInput":{"description":"Input parameters to create a RequiredField. Does not include the `ecs` field, because `ecs` is calculated on the backend based on the field name and type.","type":"object","properties":{"name":{"description":"Name of an Elasticsearch field","format":"nonempty","minLength":1,"type":"string"},"type":{"description":"Type of the Elasticsearch field","format":"nonempty","minLength":1,"type":"string"}},"required":["name","type"]},"Security_Detections_API_ResponseAction":{"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_OsqueryResponseAction"},{"$ref":"#/components/schemas/Security_Detections_API_EndpointResponseAction"}]},"Security_Detections_API_ResponseFields":{"type":"object","properties":{"created_at":{"format":"date-time","type":"string"},"created_by":{"type":"string"},"execution_summary":{"$ref":"#/components/schemas/Security_Detections_API_RuleExecutionSummary"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"immutable":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleImmutable"},"required_fields":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldArray"},"revision":{"$ref":"#/components/schemas/Security_Detections_API_RuleRevision"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_source":{"$ref":"#/components/schemas/Security_Detections_API_RuleSource"},"updated_at":{"format":"date-time","type":"string"},"updated_by":{"type":"string"}},"required":["id","rule_id","immutable","rule_source","updated_at","updated_by","created_at","created_by","revision","related_integrations","required_fields"]},"Security_Detections_API_RiskScore":{"description":"A numerical representation of the alert's severity from 0 to 100, where:\n* `0` - `21` represents low severity\n* `22` - `47` represents medium severity\n* `48` - `73` represents high severity\n* `74` - `100` represents critical severity\n","maximum":100,"minimum":0,"type":"integer"},"Security_Detections_API_RiskScoreMapping":{"description":"Overrides generated alerts' risk_score with a value from the source event","items":{"type":"object","properties":{"field":{"description":"Source event field used to override the default `risk_score`.","type":"string"},"operator":{"enum":["equals"],"type":"string"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"value":{"type":"string"}},"required":["field","operator","value"]},"type":"array"},"Security_Detections_API_RuleAction":{"type":"object","properties":{"action_type_id":{"description":"The action type used for sending notifications, can be:\n\n - `.slack`\n - `.slack_api`\n - `.email`\n - `.index`\n - `.pagerduty`\n - `.swimlane`\n - `.webhook`\n - `.servicenow`\n - `.servicenow-itom`\n - `.servicenow-sir`\n - `.jira`\n - `.resilient`\n - `.opsgenie`\n - `.teams`\n - `.torq`\n - `.tines`\n - `.d3security`\n","type":"string"},"alerts_filter":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionAlertsFilter"},"frequency":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionFrequency"},"group":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionGroup"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionId"},"params":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionParams"},"uuid":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"}},"required":["action_type_id","id","params"]},"Security_Detections_API_RuleActionAlertsFilter":{"additionalProperties":true,"description":"Object containing an action’s conditional filters.\n\n- `timeframe` (object, optional): Object containing the time frame for when this action can be run.\n - `days` (array of integers, required): List of days of the week on which this action will be run. Days of the week are expressed as numbers between `1-7`, where `1` is Monday and `7` is Sunday. To select all days of the week, enter an empty array.\n - `hours` (object, required): The hours of the day during which this action will run. Hours of the day are expressed as two strings in the format `hh:mm` in `24` hour time. A start of `00:00` and an end of `24:00` means the action can run all day.\n - start (string, required): Start time in `hh:mm` format.\n - end (string, required): End time in `hh:mm` format.\n - `timezone` (string, required): An ISO timezone name, such as `Europe/Madrid` or `America/New_York`. Specific offsets such as `UTC` or `UTC+1` will also work, but lack built-in DST.\n- `query` (object, optional): Object containing a query filter which gets applied to an action and determines whether the action should run.\n - `kql` (string, required): A KQL string.\n - `filters` (array of objects, required): Array of filter objects, as defined in the `kbn-es-query` package.\n \n","type":"object"},"Security_Detections_API_RuleActionFrequency":{"description":"The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals).","type":"object","properties":{"notifyWhen":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionNotifyWhen"},"summary":{"description":"Action summary indicates whether we will send a summary notification about all the generate alerts or notification per individual alert","type":"boolean"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle","nullable":true}},"required":["summary","notifyWhen","throttle"]},"Security_Detections_API_RuleActionGroup":{"description":"Optionally groups actions by use cases. Use `default` for alert notifications.","type":"string"},"Security_Detections_API_RuleActionId":{"description":"The connector ID.","type":"string"},"Security_Detections_API_RuleActionNotifyWhen":{"description":"Defines how often rules run actions.","enum":["onActiveAlert","onThrottleInterval","onActionGroupChange"],"type":"string"},"Security_Detections_API_RuleActionParams":{"additionalProperties":true,"description":"Object containing the allowed connector fields, which varies according to the connector type.\n\nFor Slack:\n\n - `message` (string, required): The notification message.\n\nFor email:\n\n - `to`, `cc`, `bcc` (string): Email addresses to which the notifications are sent. At least one field must have a value.\n - `subject` (string, optional): Email subject line.\n - `message` (string, required): Email body text.\n\nFor Webhook:\n\n - `body` (string, required): JSON payload.\n\nFor PagerDuty:\n\n - `severity` (string, required): Severity of on the alert notification, can be: `Critical`, `Error`, `Warning` or `Info`.\n - `eventAction` (string, required): Event [action type](https://v2.developer.pagerduty.com/docs/events-api-v2#event-action), which can be `trigger`, `resolve`, or `acknowledge`.\n - `dedupKey` (string, optional): Groups alert notifications with the same PagerDuty alert.\n - `timestamp` (DateTime, optional): ISO-8601 format [timestamp](https://v2.developer.pagerduty.com/docs/types#datetime).\n - `component` (string, optional): Source machine component responsible for the event, for example `security-solution`.\n - `group` (string, optional): Enables logical grouping of service components.\n - `source` (string, optional): The affected system. Defaults to the Kibana saved object ID of the action.\n - `summary` (string, options): Summary of the event. Defaults to `No summary provided`. Maximum length is 1024 characters.\n - `class` (string, optional): Value indicating the class/type of the event.\n","type":"object"},"Security_Detections_API_RuleActionThrottle":{"description":"Defines how often rule actions are taken.","oneOf":[{"enum":["no_actions","rule"],"type":"string"},{"description":"Time interval in seconds, minutes, hours, or days.","example":"1h","pattern":"^[1-9]\\d*[smhd]$","type":"string"}]},"Security_Detections_API_RuleAuthorArray":{"description":"The rule’s author.","items":{"type":"string"},"type":"array"},"Security_Detections_API_RuleCreateProps":{"anyOf":[{"$ref":"#/components/schemas/Security_Detections_API_EqlRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps"},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleCreateProps"}],"discriminator":{"propertyName":"type"}},"Security_Detections_API_RuleDescription":{"description":"The rule’s description.","example":"Detects anomalous Windows process creation events.","minLength":1,"type":"string"},"Security_Detections_API_RuleDetailsInError":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"}},"required":["id"]},"Security_Detections_API_RuleExceptionList":{"description":"Array of [exception containers](https://www.elastic.co/guide/en/security/current/exceptions-api-overview.html), which define exceptions that prevent the rule from generating alerts even when its other criteria are met.\n","type":"object","properties":{"id":{"description":"ID of the exception container","format":"nonempty","minLength":1,"type":"string"},"list_id":{"description":"List ID of the exception container","format":"nonempty","minLength":1,"type":"string"},"namespace_type":{"description":"Determines the exceptions validity in rule's Kibana space","enum":["agnostic","single"],"type":"string"},"type":{"$ref":"#/components/schemas/Security_Detections_API_ExceptionListType"}},"required":["id","list_id","type","namespace_type"]},"Security_Detections_API_RuleExecutionMetrics":{"type":"object","properties":{"execution_gap_duration_s":{"description":"Duration in seconds of execution gap","minimum":0,"type":"integer"},"frozen_indices_queried_count":{"description":"Count of frozen indices queried during the rule execution. These indices could not be entirely excluded after applying the time range filter.","minimum":0,"type":"integer"},"gap_range":{"description":"Range of the execution gap","type":"object","properties":{"gte":{"description":"Start date of the execution gap","type":"string"},"lte":{"description":"End date of the execution gap","type":"string"}},"required":["gte","lte"]},"total_enrichment_duration_ms":{"description":"Total time spent enriching documents during current rule execution cycle","minimum":0,"type":"integer"},"total_indexing_duration_ms":{"description":"Total time spent indexing documents during current rule execution cycle","minimum":0,"type":"integer"},"total_search_duration_ms":{"description":"Total time spent performing ES searches as measured by Kibana; includes network latency and time spent serializing/deserializing request/response","minimum":0,"type":"integer"}}},"Security_Detections_API_RuleExecutionStatus":{"description":"Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with the Framework's status to determine the resulting status of a rule.\n- going to run - @deprecated Replaced by the 'running' status but left for backwards compatibility with rule execution events already written to Event Log in the prior versions of Kibana. Don't use when writing rule status changes.\n- running - Rule execution started but not reached any intermediate or final status.\n- partial failure - Rule can partially fail for various reasons either in the middle of an execution (in this case we update its status right away) or in the end of it. So currently this status can be both intermediate and final at the same time. A typical reason for a partial failure: not all the indices that the rule searches over actually exist.\n- failed - Rule failed to execute due to unhandled exception or a reason defined in the business logic of its executor function.\n- succeeded - Rule executed successfully without any issues. Note: this status is just an indication of a rule's \"health\". The rule might or might not generate any alerts despite of it.","enum":["going to run","running","partial failure","failed","succeeded"],"type":"string"},"Security_Detections_API_RuleExecutionStatusOrder":{"type":"integer"},"Security_Detections_API_RuleExecutionSummary":{"description":"Summary of the last execution of a rule.\n\u003e info\n\u003e This field is under development and its usage or schema may change\n","type":"object","properties":{"last_execution":{"type":"object","properties":{"date":{"description":"Date of the last execution","format":"date-time","type":"string"},"message":{"type":"string"},"metrics":{"$ref":"#/components/schemas/Security_Detections_API_RuleExecutionMetrics"},"status":{"$ref":"#/components/schemas/Security_Detections_API_RuleExecutionStatus","description":"Status of the last execution"},"status_order":{"$ref":"#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder"}},"required":["date","status","status_order","message","metrics"]}},"required":["last_execution"]},"Security_Detections_API_RuleFalsePositiveArray":{"description":"String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.","items":{"type":"string"},"type":"array"},"Security_Detections_API_RuleFilterArray":{"description":"The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.\n\u003e info\n\u003e This field is not supported for ES|QL rules.\n","items":{},"type":"array"},"Security_Detections_API_RuleInterval":{"description":"Frequency of rule execution, using a date math range. For example, \"1h\" means the rule runs every hour. Defaults to 5m (5 minutes).","type":"string"},"Security_Detections_API_RuleIntervalFrom":{"description":"Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).","format":"date-math","type":"string"},"Security_Detections_API_RuleIntervalTo":{"type":"string"},"Security_Detections_API_RuleLicense":{"description":"The rule's license.","type":"string"},"Security_Detections_API_RuleMetadata":{"additionalProperties":true,"description":"Placeholder for metadata about the rule.\n\u003e info\n\u003e This field is overwritten when you save changes to the rule’s settings.\n","type":"object"},"Security_Detections_API_RuleName":{"description":"A human-readable name for the rule.","example":"Anomalous Windows Process Creation","minLength":1,"type":"string"},"Security_Detections_API_RuleNameOverride":{"description":"Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.","type":"string"},"Security_Detections_API_RuleObjectId":{"$ref":"#/components/schemas/Security_Detections_API_UUID","description":"A dynamic unique identifier for the rule object. It is randomly generated when a rule is created and cannot be changed after that. It is always a UUID. It is unique within a given Kibana space. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have different object `id`s."},"Security_Detections_API_RulePatchProps":{"anyOf":[{"$ref":"#/components/schemas/Security_Detections_API_EqlRulePatchProps"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRulePatchProps"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRulePatchProps"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRulePatchProps"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps"},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRulePatchProps"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRulePatchProps"},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRulePatchProps"}]},"Security_Detections_API_RulePreviewLoggedRequest":{"type":"object","properties":{"description":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"duration":{"type":"integer"},"request":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"request_type":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"}}},"Security_Detections_API_RulePreviewLogs":{"type":"object","properties":{"duration":{"description":"Execution duration in milliseconds","type":"integer"},"errors":{"items":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"type":"array"},"requests":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RulePreviewLoggedRequest"},"type":"array"},"startedAt":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"warnings":{"items":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"type":"array"}},"required":["errors","warnings","duration"]},"Security_Detections_API_RulePreviewParams":{"type":"object","properties":{"invocationCount":{"type":"integer"},"timeframeEnd":{"format":"date-time","type":"string"}},"required":["invocationCount","timeframeEnd"]},"Security_Detections_API_RuleQuery":{"description":"[Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.\n\n- For indicator match rules, only the query’s results are used to determine whether an alert is generated.\n- ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.\n","type":"string"},"Security_Detections_API_RuleReferenceArray":{"description":"Array containing notes about or references to relevant information about the rule. Defaults to an empty array.","items":{"type":"string"},"type":"array"},"Security_Detections_API_RuleResponse":{"anyOf":[{"$ref":"#/components/schemas/Security_Detections_API_EqlRule"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRule"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRule"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRule"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRule"},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRule"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRule"},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRule"}],"discriminator":{"propertyName":"type"}},"Security_Detections_API_RuleRevision":{"description":"The rule's revision number.\n\nIt represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.\n\u003e info\n\u003e Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.\n","minimum":0,"type":"integer"},"Security_Detections_API_RuleSignatureId":{"description":"A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.","type":"string"},"Security_Detections_API_RuleSource":{"description":"Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.","discriminator":{"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/Security_Detections_API_ExternalRuleSource"},{"$ref":"#/components/schemas/Security_Detections_API_InternalRuleSource"}]},"Security_Detections_API_RuleTagArray":{"description":"String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.","items":{"type":"string"},"type":"array"},"Security_Detections_API_RuleUpdateProps":{"anyOf":[{"$ref":"#/components/schemas/Security_Detections_API_EqlRuleUpdateProps"},{"$ref":"#/components/schemas/Security_Detections_API_QueryRuleUpdateProps"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps"},{"$ref":"#/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps"},{"$ref":"#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps"},{"$ref":"#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps"}],"discriminator":{"propertyName":"type"}},"Security_Detections_API_RuleVersion":{"description":"The rule's version number.\n\n- For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules). \n- For custom rules it is set to `1` when the rule is created. \n\u003e info\n\u003e It is not incremented on each update. Compare this to the `revision` field.\n","minimum":1,"type":"integer"},"Security_Detections_API_SavedObjectResolveAliasPurpose":{"enum":["savedObjectConversion","savedObjectImport"],"type":"string"},"Security_Detections_API_SavedObjectResolveAliasTargetId":{"type":"string"},"Security_Detections_API_SavedObjectResolveOutcome":{"enum":["exactMatch","aliasMatch","conflict"],"type":"string"},"Security_Detections_API_SavedQueryId":{"description":"Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.","type":"string"},"Security_Detections_API_SavedQueryRule":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity","version","tags","enabled","risk_score_mapping","severity_mapping","interval","from","to","actions","exceptions_list","author","false_positives","references","max_signals","threat","setup","related_integrations","required_fields"]},{"$ref":"#/components/schemas/Security_Detections_API_ResponseFields"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields"}]},"Security_Detections_API_SavedQueryRuleCreateFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields"}]},"Security_Detections_API_SavedQueryRuleCreateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields"}]},"Security_Detections_API_SavedQueryRuleDefaultableFields":{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}}},"Security_Detections_API_SavedQueryRuleOptionalFields":{"type":"object","properties":{"alert_suppression":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppression"},"data_view_id":{"$ref":"#/components/schemas/Security_Detections_API_DataViewId"},"filters":{"$ref":"#/components/schemas/Security_Detections_API_RuleFilterArray"},"index":{"$ref":"#/components/schemas/Security_Detections_API_IndexPatternArray"},"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"}}},"Security_Detections_API_SavedQueryRulePatchFields":{"allOf":[{"type":"object","properties":{"saved_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryId"},"type":{"description":"Rule type","enum":["saved_query"],"type":"string"}}},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields"}]},"Security_Detections_API_SavedQueryRulePatchProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}}},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields"}]},"Security_Detections_API_SavedQueryRuleRequiredFields":{"type":"object","properties":{"saved_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryId"},"type":{"description":"Rule type","enum":["saved_query"],"type":"string"}},"required":["type","saved_id"]},"Security_Detections_API_SavedQueryRuleResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields"},{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}},"required":["language"]}]},"Security_Detections_API_SavedQueryRuleUpdateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields"}]},"Security_Detections_API_SetAlertsStatusByIds":{"type":"object","properties":{"signal_ids":{"description":"List of alert `id`s.","items":{"format":"nonempty","minLength":1,"type":"string"},"minItems":1,"type":"array"},"status":{"$ref":"#/components/schemas/Security_Detections_API_AlertStatus"}},"required":["signal_ids","status"]},"Security_Detections_API_SetAlertsStatusByQuery":{"type":"object","properties":{"conflicts":{"default":"abort","enum":["abort","proceed"],"type":"string"},"query":{"additionalProperties":true,"type":"object"},"status":{"$ref":"#/components/schemas/Security_Detections_API_AlertStatus"}},"required":["query","status"]},"Security_Detections_API_SetAlertTags":{"description":"Object with list of tags to add and remove.","type":"object","properties":{"tags_to_add":{"$ref":"#/components/schemas/Security_Detections_API_AlertTags"},"tags_to_remove":{"$ref":"#/components/schemas/Security_Detections_API_AlertTags"}},"required":["tags_to_add","tags_to_remove"]},"Security_Detections_API_SetupGuide":{"description":"Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.","type":"string"},"Security_Detections_API_Severity":{"description":"Severity level of alerts produced by the rule, which must be one of the following:\n* `low`: Alerts that are of interest but generally not considered to be security incidents\n* `medium`: Alerts that require investigation\n* `high`: Alerts that require immediate investigation\n* `critical`: Alerts that indicate it is highly likely a security incident has occurred\n","enum":["low","medium","high","critical"],"type":"string"},"Security_Detections_API_SeverityMapping":{"description":"Overrides generated alerts' severity with values from the source event","items":{"type":"object","properties":{"field":{"description":"Source event field used to override the default `severity`.","type":"string"},"operator":{"enum":["equals"],"type":"string"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"value":{"type":"string"}},"required":["field","operator","severity","value"]},"type":"array"},"Security_Detections_API_SiemErrorResponse":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"integer"}},"required":["status_code","message"]},"Security_Detections_API_SkippedAlertsIndexMigration":{"type":"object","properties":{"index":{"type":"string"}},"required":["index"]},"Security_Detections_API_SortOrder":{"enum":["asc","desc"],"type":"string"},"Security_Detections_API_Threat":{"description":"\u003e info\n\u003e Currently, only threats described using the MITRE ATT\u0026CK\u0026trade; framework are supported.\n","type":"object","properties":{"framework":{"description":"Relevant attack framework","type":"string"},"tactic":{"$ref":"#/components/schemas/Security_Detections_API_ThreatTactic"},"technique":{"description":"Array containing information on the attack techniques (optional)","items":{"$ref":"#/components/schemas/Security_Detections_API_ThreatTechnique"},"type":"array"}},"required":["framework","tactic"]},"Security_Detections_API_ThreatArray":{"items":{"$ref":"#/components/schemas/Security_Detections_API_Threat"},"type":"array"},"Security_Detections_API_ThreatFilters":{"items":{"description":"Query and filter context array used to filter documents from the Elasticsearch index containing the threat values"},"type":"array"},"Security_Detections_API_ThreatIndex":{"description":"Elasticsearch indices used to check which field values generate alerts.","items":{"type":"string"},"type":"array"},"Security_Detections_API_ThreatIndicatorPath":{"description":"Defines the path to the threat indicator in the indicator documents (optional)","type":"string"},"Security_Detections_API_ThreatMapping":{"description":"Array of entries objects that define mappings between the source event fields and the values in the Elasticsearch threat index. Each entries object must contain these fields:\n\n- field: field from the event indices on which the rule runs\n- type: must be mapping\n- value: field from the Elasticsearch threat index\n \nYou can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic.\n","items":{"type":"object","properties":{"entries":{"items":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"},"type":{"enum":["mapping"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Detections_API_NonEmptyString"}},"required":["field","type","value"]},"type":"array"}},"required":["entries"]},"minItems":1,"type":"array"},"Security_Detections_API_ThreatMatchRule":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity","version","tags","enabled","risk_score_mapping","severity_mapping","interval","from","to","actions","exceptions_list","author","false_positives","references","max_signals","threat","setup","related_integrations","required_fields"]},{"$ref":"#/components/schemas/Security_Detections_API_ResponseFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields"}]},"Security_Detections_API_ThreatMatchRuleCreateFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields"}]},"Security_Detections_API_ThreatMatchRuleCreateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields"}]},"Security_Detections_API_ThreatMatchRuleDefaultableFields":{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}}},"Security_Detections_API_ThreatMatchRuleOptionalFields":{"type":"object","properties":{"alert_suppression":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppression"},"concurrent_searches":{"$ref":"#/components/schemas/Security_Detections_API_ConcurrentSearches"},"data_view_id":{"$ref":"#/components/schemas/Security_Detections_API_DataViewId"},"filters":{"$ref":"#/components/schemas/Security_Detections_API_RuleFilterArray"},"index":{"$ref":"#/components/schemas/Security_Detections_API_IndexPatternArray"},"items_per_search":{"$ref":"#/components/schemas/Security_Detections_API_ItemsPerSearch"},"saved_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryId"},"threat_filters":{"$ref":"#/components/schemas/Security_Detections_API_ThreatFilters"},"threat_indicator_path":{"$ref":"#/components/schemas/Security_Detections_API_ThreatIndicatorPath"},"threat_language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}}},"Security_Detections_API_ThreatMatchRulePatchFields":{"allOf":[{"type":"object","properties":{"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"threat_index":{"$ref":"#/components/schemas/Security_Detections_API_ThreatIndex"},"threat_mapping":{"$ref":"#/components/schemas/Security_Detections_API_ThreatMapping"},"threat_query":{"$ref":"#/components/schemas/Security_Detections_API_ThreatQuery"},"type":{"description":"Rule type","enum":["threat_match"],"type":"string"}}},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields"}]},"Security_Detections_API_ThreatMatchRulePatchProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}}},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields"}]},"Security_Detections_API_ThreatMatchRuleRequiredFields":{"type":"object","properties":{"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"threat_index":{"$ref":"#/components/schemas/Security_Detections_API_ThreatIndex"},"threat_mapping":{"$ref":"#/components/schemas/Security_Detections_API_ThreatMapping"},"threat_query":{"$ref":"#/components/schemas/Security_Detections_API_ThreatQuery"},"type":{"description":"Rule type","enum":["threat_match"],"type":"string"}},"required":["type","query","threat_query","threat_mapping","threat_index"]},"Security_Detections_API_ThreatMatchRuleResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields"},{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}},"required":["language"]}]},"Security_Detections_API_ThreatMatchRuleUpdateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields"}]},"Security_Detections_API_ThreatQuery":{"description":"Query used to determine which fields in the Elasticsearch index are used for generating alerts.","type":"string"},"Security_Detections_API_ThreatSubtechnique":{"type":"object","properties":{"id":{"description":"Subtechnique ID","type":"string"},"name":{"description":"Subtechnique name","type":"string"},"reference":{"description":"Subtechnique reference","type":"string"}},"required":["id","name","reference"]},"Security_Detections_API_ThreatTactic":{"description":"Object containing information on the attack type\n","type":"object","properties":{"id":{"description":"Tactic ID","type":"string"},"name":{"description":"Tactic name","type":"string"},"reference":{"description":"Tactic reference","type":"string"}},"required":["id","name","reference"]},"Security_Detections_API_ThreatTechnique":{"type":"object","properties":{"id":{"description":"Technique ID","type":"string"},"name":{"description":"Technique name","type":"string"},"reference":{"description":"Technique reference","type":"string"},"subtechnique":{"description":"Array containing more specific information on the attack technique.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_ThreatSubtechnique"},"type":"array"}},"required":["id","name","reference"]},"Security_Detections_API_Threshold":{"type":"object","properties":{"cardinality":{"$ref":"#/components/schemas/Security_Detections_API_ThresholdCardinality"},"field":{"$ref":"#/components/schemas/Security_Detections_API_ThresholdField"},"value":{"$ref":"#/components/schemas/Security_Detections_API_ThresholdValue"}},"required":["field","value"]},"Security_Detections_API_ThresholdAlertSuppression":{"description":"Defines alert suppression configuration.","type":"object","properties":{"duration":{"$ref":"#/components/schemas/Security_Detections_API_AlertSuppressionDuration"}},"required":["duration"]},"Security_Detections_API_ThresholdCardinality":{"description":"The field on which the cardinality is applied.","items":{"type":"object","properties":{"field":{"description":"The field on which to calculate and compare the cardinality.","type":"string"},"value":{"description":"The threshold value from which an alert is generated based on unique number of values of cardinality.field.","minimum":0,"type":"integer"}},"required":["field","value"]},"type":"array"},"Security_Detections_API_ThresholdField":{"description":"The field on which the threshold is applied. If you specify an empty array ([]), alerts are generated when the query returns at least the number of results specified in the value field.","oneOf":[{"type":"string"},{"items":{"type":"string"},"type":"array"}]},"Security_Detections_API_ThresholdRule":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity","version","tags","enabled","risk_score_mapping","severity_mapping","interval","from","to","actions","exceptions_list","author","false_positives","references","max_signals","threat","setup","related_integrations","required_fields"]},{"$ref":"#/components/schemas/Security_Detections_API_ResponseFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields"}]},"Security_Detections_API_ThresholdRuleCreateFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields"}]},"Security_Detections_API_ThresholdRuleCreateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields"}]},"Security_Detections_API_ThresholdRuleDefaultableFields":{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}}},"Security_Detections_API_ThresholdRuleOptionalFields":{"type":"object","properties":{"alert_suppression":{"$ref":"#/components/schemas/Security_Detections_API_ThresholdAlertSuppression"},"data_view_id":{"$ref":"#/components/schemas/Security_Detections_API_DataViewId"},"filters":{"$ref":"#/components/schemas/Security_Detections_API_RuleFilterArray"},"index":{"$ref":"#/components/schemas/Security_Detections_API_IndexPatternArray"},"saved_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedQueryId"}}},"Security_Detections_API_ThresholdRulePatchFields":{"allOf":[{"type":"object","properties":{"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"threshold":{"$ref":"#/components/schemas/Security_Detections_API_Threshold"},"type":{"description":"Rule type","enum":["threshold"],"type":"string"}}},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields"}]},"Security_Detections_API_ThresholdRulePatchProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}}},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRulePatchFields"}]},"Security_Detections_API_ThresholdRuleRequiredFields":{"type":"object","properties":{"query":{"$ref":"#/components/schemas/Security_Detections_API_RuleQuery"},"threshold":{"$ref":"#/components/schemas/Security_Detections_API_Threshold"},"type":{"description":"Rule type","enum":["threshold"],"type":"string"}},"required":["type","query","threshold"]},"Security_Detections_API_ThresholdRuleResponseFields":{"allOf":[{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields"},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields"},{"type":"object","properties":{"language":{"$ref":"#/components/schemas/Security_Detections_API_KqlQueryLanguage"}},"required":["language"]}]},"Security_Detections_API_ThresholdRuleUpdateProps":{"allOf":[{"type":"object","properties":{"actions":{"description":"Array defining the automated actions (notifications) taken when alerts are generated.","items":{"$ref":"#/components/schemas/Security_Detections_API_RuleAction"},"type":"array"},"alias_purpose":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId"},"author":{"$ref":"#/components/schemas/Security_Detections_API_RuleAuthorArray"},"building_block_type":{"$ref":"#/components/schemas/Security_Detections_API_BuildingBlockType"},"description":{"$ref":"#/components/schemas/Security_Detections_API_RuleDescription"},"enabled":{"$ref":"#/components/schemas/Security_Detections_API_IsRuleEnabled"},"exceptions_list":{"items":{"$ref":"#/components/schemas/Security_Detections_API_RuleExceptionList"},"type":"array"},"false_positives":{"$ref":"#/components/schemas/Security_Detections_API_RuleFalsePositiveArray"},"from":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalFrom"},"id":{"$ref":"#/components/schemas/Security_Detections_API_RuleObjectId"},"interval":{"$ref":"#/components/schemas/Security_Detections_API_RuleInterval"},"investigation_fields":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationFields"},"license":{"$ref":"#/components/schemas/Security_Detections_API_RuleLicense"},"max_signals":{"$ref":"#/components/schemas/Security_Detections_API_MaxSignals"},"meta":{"$ref":"#/components/schemas/Security_Detections_API_RuleMetadata"},"name":{"$ref":"#/components/schemas/Security_Detections_API_RuleName"},"namespace":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndexNamespace"},"note":{"$ref":"#/components/schemas/Security_Detections_API_InvestigationGuide"},"outcome":{"$ref":"#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome"},"output_index":{"$ref":"#/components/schemas/Security_Detections_API_AlertsIndex"},"references":{"$ref":"#/components/schemas/Security_Detections_API_RuleReferenceArray"},"related_integrations":{"$ref":"#/components/schemas/Security_Detections_API_RelatedIntegrationArray"},"required_fields":{"description":"Elasticsearch fields and their types that need to be present for the rule to function.\n\u003e info\n\u003e The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.\n","items":{"$ref":"#/components/schemas/Security_Detections_API_RequiredFieldInput"},"type":"array"},"response_actions":{"items":{"$ref":"#/components/schemas/Security_Detections_API_ResponseAction"},"type":"array"},"risk_score":{"$ref":"#/components/schemas/Security_Detections_API_RiskScore"},"risk_score_mapping":{"$ref":"#/components/schemas/Security_Detections_API_RiskScoreMapping"},"rule_id":{"$ref":"#/components/schemas/Security_Detections_API_RuleSignatureId"},"rule_name_override":{"$ref":"#/components/schemas/Security_Detections_API_RuleNameOverride"},"setup":{"$ref":"#/components/schemas/Security_Detections_API_SetupGuide"},"severity":{"$ref":"#/components/schemas/Security_Detections_API_Severity"},"severity_mapping":{"$ref":"#/components/schemas/Security_Detections_API_SeverityMapping"},"tags":{"$ref":"#/components/schemas/Security_Detections_API_RuleTagArray"},"threat":{"$ref":"#/components/schemas/Security_Detections_API_ThreatArray"},"throttle":{"$ref":"#/components/schemas/Security_Detections_API_RuleActionThrottle"},"timeline_id":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateId"},"timeline_title":{"$ref":"#/components/schemas/Security_Detections_API_TimelineTemplateTitle"},"timestamp_override":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverride"},"timestamp_override_fallback_disabled":{"$ref":"#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled"},"to":{"$ref":"#/components/schemas/Security_Detections_API_RuleIntervalTo"},"version":{"$ref":"#/components/schemas/Security_Detections_API_RuleVersion"}},"required":["name","description","risk_score","severity"]},{"$ref":"#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields"}]},"Security_Detections_API_ThresholdValue":{"description":"The threshold value from which an alert is generated.","minimum":1,"type":"integer"},"Security_Detections_API_ThrottleForBulkActions":{"description":"Defines the maximum interval in which a rule’s actions are executed.\n\u003e info\n\u003e The rule level `throttle` field is deprecated in Elastic Security 8.8 and will remain active for at least the next 12 months.\n\u003e In Elastic Security 8.8 and later, you can use the `frequency` field to define frequencies for individual actions. Actions without frequencies will acquire a converted version of the rule’s `throttle` field. In the response, the converted `throttle` setting appears in the individual actions' `frequency` field.\n","enum":["rule","1h","1d","7d"],"type":"string"},"Security_Detections_API_TiebreakerField":{"description":"Sets a secondary field for sorting events","type":"string"},"Security_Detections_API_TimelineTemplateId":{"description":"Timeline template ID","type":"string"},"Security_Detections_API_TimelineTemplateTitle":{"description":"Timeline template title","type":"string"},"Security_Detections_API_TimestampField":{"description":"Specifies the name of the event timestamp field used for sorting a sequence of events. Not to be confused with `timestamp_override`, which specifies the more general field used for querying events within a range. Defaults to the @timestamp ECS field.","type":"string"},"Security_Detections_API_TimestampOverride":{"description":"Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.","type":"string"},"Security_Detections_API_TimestampOverrideFallbackDisabled":{"description":"Disables the fallback to the event's @timestamp field","type":"boolean"},"Security_Detections_API_UUID":{"description":"A universally unique identifier","format":"uuid","type":"string"},"Security_Detections_API_WarningSchema":{"type":"object","properties":{"actionPath":{"type":"string"},"buttonLabel":{"type":"string"},"message":{"type":"string"},"type":{"type":"string"}},"required":["type","message","actionPath"]},"Security_Endpoint_Exceptions_API_EndpointList":{"oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList"},{"additionalProperties":false,"type":"object"}]},"Security_Endpoint_Exceptions_API_EndpointListItem":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem"},"Security_Endpoint_Exceptions_API_ExceptionList":{"type":"object","properties":{"_version":{"description":"The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version.","type":"string"},"created_at":{"description":"Autogenerated date of object creation.","format":"date-time","type":"string"},"created_by":{"description":"Autogenerated value - user that created object.","type":"string"},"description":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription"},"id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId"},"immutable":{"type":"boolean"},"list_id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId"},"meta":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta"},"name":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName"},"namespace_type":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType"},"os_types":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray"},"tags":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags"},"tie_breaker_id":{"description":"Field used in search to ensure all containers are sorted and returned correctly.","type":"string"},"type":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType"},"updated_at":{"description":"Autogenerated date of last object update.","format":"date-time","type":"string"},"updated_by":{"description":"Autogenerated value - user that last updated object.","type":"string"},"version":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion"}},"required":["id","list_id","type","name","description","immutable","namespace_type","version","tie_breaker_id","created_at","created_by","updated_at","updated_by"]},"Security_Endpoint_Exceptions_API_ExceptionListDescription":{"description":"Describes the exception list.","example":"This list tracks allowlisted values.","type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListHumanId":{"description":"Exception list's human readable string identifier, e.g. `trusted-linux-processes`.","example":"simple_list","format":"nonempty","minLength":1,"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListId":{"description":"Exception list's identifier.","example":"9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85","format":"nonempty","minLength":1,"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListItem":{"type":"object","properties":{"_version":{"description":"The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version.","type":"string"},"comments":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray"},"created_at":{"description":"Autogenerated date of object creation.","format":"date-time","type":"string"},"created_by":{"description":"Autogenerated value - user that created object.","type":"string"},"description":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription"},"entries":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray"},"expire_time":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime"},"id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId"},"item_id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId"},"list_id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId"},"meta":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta"},"name":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName"},"namespace_type":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType"},"os_types":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray"},"tags":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags"},"tie_breaker_id":{"description":"Field used in search to ensure all containers are sorted and returned correctly.","type":"string"},"type":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType"},"updated_at":{"description":"Autogenerated date of last object update.","format":"date-time","type":"string"},"updated_by":{"description":"Autogenerated value - user that last updated object.","type":"string"}},"required":["id","item_id","list_id","type","name","description","entries","namespace_type","comments","tie_breaker_id","created_at","created_by","updated_at","updated_by"]},"Security_Endpoint_Exceptions_API_ExceptionListItemComment":{"type":"object","properties":{"comment":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"created_at":{"description":"Autogenerated date of object creation.","format":"date-time","type":"string"},"created_by":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"updated_at":{"description":"Autogenerated date of last object update.","format":"date-time","type":"string"},"updated_by":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"}},"required":["id","comment","created_at","created_by"]},"Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray":{"description":"Array of comment fields:\n\n- comment (string): Comments about the exception item.\n","items":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment"},"type":"array"},"Security_Endpoint_Exceptions_API_ExceptionListItemDescription":{"description":"Describes the exception list.","type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListItemEntry":{"anyOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard"}],"discriminator":{"propertyName":"type"}},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray":{"items":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry"},"type":"array"},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"operator":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["exists"],"type":"string"}},"required":["type","field","operator"]},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryList":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"list":{"type":"object","properties":{"id":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ListId"},"type":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ListType"}},"required":["id","type"]},"operator":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["list"],"type":"string"}},"required":["type","field","list","operator"]},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"operator":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["match"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"}},"required":["type","field","value","operator"]},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"operator":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["match_any"],"type":"string"},"value":{"items":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"minItems":1,"type":"array"}},"required":["type","field","value","operator"]},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"operator":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["wildcard"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"}},"required":["type","field","value","operator"]},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested":{"type":"object","properties":{"entries":{"items":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem"},"minItems":1,"type":"array"},"field":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"type":{"enum":["nested"],"type":"string"}},"required":["type","field","entries"]},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem":{"oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny"},{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists"}]},"Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator":{"enum":["excluded","included"],"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime":{"description":"The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions.","format":"date-time","type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListItemHumanId":{"description":"Human readable string identifier, e.g. `trusted-linux-processes`","example":"simple_list_item","format":"nonempty","minLength":1,"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListItemId":{"description":"Exception's identifier.","example":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","format":"nonempty","minLength":1,"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListItemMeta":{"additionalProperties":true,"type":"object"},"Security_Endpoint_Exceptions_API_ExceptionListItemName":{"description":"Exception list name.","format":"nonempty","minLength":1,"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray":{"items":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType"},"type":"array"},"Security_Endpoint_Exceptions_API_ExceptionListItemTags":{"items":{"description":"String array containing words and phrases to help categorize exception items.","format":"nonempty","minLength":1,"type":"string"},"type":"array"},"Security_Endpoint_Exceptions_API_ExceptionListItemType":{"enum":["simple"],"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListMeta":{"additionalProperties":true,"description":"Placeholder for metadata about the list container.","type":"object"},"Security_Endpoint_Exceptions_API_ExceptionListName":{"description":"The name of the exception list.","example":"My exception list","type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListOsType":{"description":"Use this field to specify the operating system.","enum":["linux","macos","windows"],"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray":{"description":"Use this field to specify the operating system. Only enter one value.","items":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType"},"type":"array"},"Security_Endpoint_Exceptions_API_ExceptionListTags":{"description":"String array containing words and phrases to help categorize exception containers.","items":{"type":"string"},"type":"array"},"Security_Endpoint_Exceptions_API_ExceptionListType":{"description":"The type of exception list to be created. Different list types may denote where they can be utilized.","enum":["detection","rule_default","endpoint","endpoint_trusted_apps","endpoint_events","endpoint_host_isolation_exceptions","endpoint_blocklists"],"type":"string"},"Security_Endpoint_Exceptions_API_ExceptionListVersion":{"description":"The document version, automatically increasd on updates.","minimum":1,"type":"integer"},"Security_Endpoint_Exceptions_API_ExceptionNamespaceType":{"description":"Determines whether the exception container is available in all Kibana spaces or just the space\nin which it is created, where:\n\n- `single`: Only available in the Kibana space in which it is created.\n- `agnostic`: Available in all Kibana spaces.\n","enum":["agnostic","single"],"type":"string"},"Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter":{"$ref":"#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString"},"Security_Endpoint_Exceptions_API_ListId":{"description":"Value list's identifier.","example":"21b01cfb-058d-44b9-838c-282be16c91cd","format":"nonempty","minLength":1,"type":"string"},"Security_Endpoint_Exceptions_API_ListType":{"description":"Specifies the Elasticsearch data type of excludes the list container holds. Some common examples:\n\n- `keyword`: Many ECS fields are Elasticsearch keywords\n- `ip`: IP addresses\n- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation)\n","enum":["binary","boolean","byte","date","date_nanos","date_range","double","double_range","float","float_range","geo_point","geo_shape","half_float","integer","integer_range","ip","ip_range","keyword","long","long_range","shape","short","text"],"type":"string"},"Security_Endpoint_Exceptions_API_NonEmptyString":{"description":"A string that does not contain only whitespace characters","format":"nonempty","minLength":1,"type":"string"},"Security_Endpoint_Exceptions_API_PlatformErrorResponse":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"integer"}},"required":["statusCode","error","message"]},"Security_Endpoint_Exceptions_API_SiemErrorResponse":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"integer"}},"required":["status_code","message"]},"Security_Endpoint_Management_API_ActionStateSuccessResponse":{"type":"object","properties":{"body":{"type":"object","properties":{"data":{"type":"object","properties":{"canEncrypt":{"type":"boolean"}}}},"required":["data"]}},"required":["body"]},"Security_Endpoint_Management_API_ActionStatusSuccessResponse":{"type":"object","properties":{"body":{"type":"object","properties":{"data":{"type":"object","properties":{"agent_id":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentId"},"pending_actions":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema"}},"required":["agent_id","pending_actions"]}},"required":["data"]}},"required":["body"]},"Security_Endpoint_Management_API_AgentId":{"description":"Agent ID","type":"string"},"Security_Endpoint_Management_API_AgentIds":{"description":"A list of agent IDs. Max of 50.","example":["agent-id-1","agent-id-2"],"minLength":1,"oneOf":[{"items":{"minLength":1,"type":"string"},"maxItems":50,"minItems":1,"type":"array"},{"minLength":1,"type":"string"}]},"Security_Endpoint_Management_API_AgentTypes":{"description":"List of agent types to retrieve. Defaults to `endpoint`.","enum":["endpoint","sentinel_one","crowdstrike","microsoft_defender_endpoint"],"example":"endpoint","type":"string"},"Security_Endpoint_Management_API_AlertIds":{"description":"A list of alerts `id`s.","items":{"format":"nonempty","minLength":1,"type":"string"},"minItems":1,"type":"array"},"Security_Endpoint_Management_API_CaseIds":{"description":"Case IDs to be updated (cannot contain empty strings)","example":["case-id-1","case-id-2"],"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"},"Security_Endpoint_Management_API_CloudFileScriptParameters":{"type":"object","properties":{"cloudFile":{"description":"Script name in cloud storage.","minLength":1,"type":"string"},"commandLine":{"description":"Command line arguments.","minLength":1,"type":"string"},"timeout":{"description":"Timeout in seconds.","minimum":1,"type":"integer"}},"required":["cloudFile"]},"Security_Endpoint_Management_API_Command":{"description":"The command to be executed (cannot be an empty string)","enum":["isolate","unisolate","kill-process","suspend-process","running-processes","get-file","execute","upload","scan"],"minLength":1,"type":"string"},"Security_Endpoint_Management_API_Commands":{"description":"A list of response action command names.","example":["isolate","unisolate"],"items":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Command"},"type":"array"},"Security_Endpoint_Management_API_Comment":{"description":"Optional comment","example":"This is a comment","type":"string"},"Security_Endpoint_Management_API_EndDate":{"description":"An end date in ISO format or Date Math format.","example":"2023-10-31T23:59:59.999Z","type":"string"},"Security_Endpoint_Management_API_EndpointIds":{"description":"List of endpoint IDs (cannot contain empty strings)","example":["endpoint-id-1","endpoint-id-2"],"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"},"Security_Endpoint_Management_API_EndpointMetadataResponse":{"example":{"host_status":"healthy","last_checkin":"2023-07-04T15:48:57.360Z","metadata":{"@timestamp":"2023-07-04T15:48:57.3609346Z","agent":{"build":{"original":"version: 7.16.0, compiled: Tue Nov 16 17:00:00 2021, branch: 7.16, commit: 73a51033db85e0fb3be1c934697ef6a2b08979ab"},"id":"abb8a826-6812-448c-a571-6d8269b51449","type":"endpoint","version":"7.16.0"},"data_stream":{"dataset":"endpoint.metadata","namespace":"default","type":"metrics"},"ecs":{"version":"1.11.0"},"elastic":{"agent":{"id":"abb8a826-6812-448c-a571-6d8269b51449"}},"Endpoint":{"capabilities":["isolation"],"configuration":{"isolation":false},"policy":{"applied":{"endpoint_policy_version":"2","id":"d5371dcd-93b7-4627-af88-4084f7d6aa3e","name":"test","status":"success","version":"3"}},"state":{"isolation":false},"status":"enrolled"},"event":{"action":"endpoint_metadata","agent_id_status":"verified","category":["host"],"created":"2023-07-04T15:48:57.3609346Z","dataset":"endpoint.metadata","id":"MNtRc++KoKHXXwlj+++++OhZ","ingested":"2023-07-04T15:48:58Z","kind":"metric","module":"endpoint","sequence":43757,"type":["info"]},"host":{"architecture":"x86_64","hostname":"WinDev2104Eval","id":"17d9cabc-7edd-43bc-bacb-8da5f5e6c0e5","ip":["10.0.2.15","fe80::21a6:63d3:d70e:e3ad","127.0.0.1","::1"],"mac":["08:00:27:b1:1d:5a"],"name":"WinDev2104Eval","os":{"Ext":{"variant":"Windows 10 Enterprise Evaluation"},"family":"windows","full":"Windows 10 Enterprise Evaluation 20H2 (10.0.19042.906)","kernel":"20H2 (10.0.19042.906)","name":"Windows","platform":"windows","type":"windows","version":"20H2 (10.0.19042.906)"}},"message":"Endpoint metadata","policy_info":{"agent":{"applied":{"id":"ed7e3720-4bad-11ec-a2a8-fb22e62a5753","revision":3},"configured":{"id":"ed7e3720-4bad-11ec-a2a8-fb22e62a5753","revision":3}},"endpoint":{"id":"d5371dcd-93b7-4627-af88-4084f7d6aa3e","revision":2}}}},"type":"object","properties":{}},"Security_Endpoint_Management_API_ExecuteRouteRequestBody":{"allOf":[{"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]},{"type":"object","properties":{"parameters":{"type":"object","properties":{"command":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Command"},"timeout":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Timeout"}},"required":["command"]}},"required":["parameters"]}],"example":{"comment":"Get list of all files","endpoint_ids":["b3d6de74-36b0-4fa8-be46-c375bf1771bf"],"parameters":{"command":"ls -al","timeout":600}}},"Security_Endpoint_Management_API_ExecuteRouteResponse":{"example":{"data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentState":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"isCompleted":false,"wasSuccessful":false}},"agentType":"endpoint","command":"execute","comment":"Get list of all files","createdBy":"myuser","hosts":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"name":"gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r"}},"id":"9f934028-2300-4927-b531-b26376793dc4","isCompleted":false,"isExpired":false,"outputs":{},"parameters":{"command":"ls -al","timeout":600},"startedAt":"2023-07-28T18:43:27.362Z","status":"pending","wasSuccessful":false}},"type":"object","properties":{}},"Security_Endpoint_Management_API_GetEndpointActionListResponse":{"example":{"data":[{"agents":["afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"],"agentType":"endpoint","command":"running-processes","completedAt":"2022-08-08T09:50:47.672Z","createdBy":"elastic","id":"b3d6de74-36b0-4fa8-be46-c375bf1771bf","isCompleted":true,"isExpired":false,"startedAt":"2022-08-08T15:24:57.402Z","wasSuccessful":true},{"agents":["afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"],"agentType":"endpoint","command":"isolate","completedAt":"2022-08-08T10:41:57.352Z","createdBy":"elastic","id":"43b4098b-8752-4fbb-a7a7-6df7c74d0ee3","isCompleted":true,"isExpired":false,"startedAt":"2022-08-08T15:23:37.359Z","wasSuccessful":true},{"agents":["afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"],"agentType":"endpoint","command":"kill-process","comment":"bad process - taking up too much cpu","completedAt":"2022-08-08T09:44:50.952Z","createdBy":"elastic","id":"5bc92c86-b8e6-42dd-837f-12ad29e09caa","isCompleted":true,"isExpired":false,"startedAt":"2022-08-08T14:38:44.125Z","wasSuccessful":true},{"agents":["afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"],"agentType":"endpoint","command":"unisolate","comment":"Not a threat to the network","completedAt":"2022-08-08T09:40:47.398Z","createdBy":"elastic","id":"790d54e0-3aa3-4e5b-8255-3ce9d851246a","isCompleted":true,"isExpired":false,"startedAt":"2022-08-08T14:38:15.391Z","wasSuccessful":true}],"elasticAgentIds":["afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"],"endDate":"now","page":1,"pageSize":10,"startDate":"now-24h/h","total":4},"type":"object","properties":{}},"Security_Endpoint_Management_API_GetEndpointActionResponse":{"example":{"data":{"agents":["afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"],"agentType":"endpoint","command":"running-processes","completedAt":"2022-08-08T09:50:47.672Z","createdBy":"elastic","id":"b3d6de74-36b0-4fa8-be46-c375bf1771bf","isCompleted":true,"isExpired":false,"outputs":{"afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0":{"content":{"entries":[{"command":"/opt/cmd1","entity_id":"fk2ym7bl3oiu3okjcik0xosc0i0m75x3eh49nu3uaqt4dqanjt","pid":"822","user":"Dexter"},{"command":"/opt/cmd3/opt/cmd3/opt/cmd3/opt/cmd3","entity_id":"pwvz91m48wpj9j7ov9gtw8fp7u2rat4eu5ipte37hnhdcbi2pt","pid":"984","user":"Jada"}]},"type":"json"}},"startedAt":"2022-08-08T15:24:57.402Z","wasSuccessful":true}},"type":"object","properties":{}},"Security_Endpoint_Management_API_GetFileRouteRequestBody":{"allOf":[{"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]},{"type":"object","properties":{"parameters":{"type":"object","properties":{"path":{"type":"string"}},"required":["path"]}},"required":["parameters"]}],"example":{"comment":"Get my file","endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"],"parameters":{"path":"/usr/my-file.txt"}}},"Security_Endpoint_Management_API_GetFileRouteResponse":{"example":{"data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentState":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"isCompleted":false,"wasSuccessful":false}},"agentType":"endpoint","command":"get-file","createdBy":"myuser","hosts":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"name":"gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r"}},"id":"27ba1b42-7cc6-4e53-86ce-675c876092b2","isCompleted":false,"isExpired":false,"outputs":{},"parameters":{"path":"/usr/my-file.txt"},"startedAt":"2023-07-28T19:00:03.911Z","status":"pending","wasSuccessful":false}},"type":"object","properties":{}},"Security_Endpoint_Management_API_GetProcessesRouteRequestBody":{"example":{"endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"]},"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]},"Security_Endpoint_Management_API_GetProcessesRouteResponse":{"example":{"data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentType":"endpoint","command":"running-processes","comment":"","completedAt":"2022-07-29T19:09:44.961Z","createdBy":"myuser","errors":[],"id":"233db9ea-6733-4849-9226-5a7039c7161d","isCompleted":true,"isExpired":false,"outputs":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"content":{"key":"value"},"type":"json"}},"parameters":{},"startedAt":"2022-07-29T19:08:49.126Z","wasSuccessful":true}},"type":"object","properties":{}},"Security_Endpoint_Management_API_HostPathScriptParameters":{"type":"object","properties":{"commandLine":{"description":"Command line arguments.","minLength":1,"type":"string"},"hostPath":{"description":"Absolute or relative path of script on host machine.","minLength":1,"type":"string"},"timeout":{"description":"Timeout in seconds.","minimum":1,"type":"integer"}},"required":["hostPath"]},"Security_Endpoint_Management_API_HostStatuses":{"description":"A set of agent health statuses to filter by.","example":["healthy","updating"],"items":{"enum":["healthy","offline","updating","inactive","unenrolled"],"type":"string"},"type":"array"},"Security_Endpoint_Management_API_IsolateRouteResponse":{"example":{"action":"233db9ea-6733-4849-9226-5a7039c7161d","data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentType":"endpoint","command":"suspend-process","comment":"suspend the process","completedAt":"2022-07-29T19:09:44.961Z","createdBy":"myuser","errors":[],"id":"233db9ea-6733-4849-9226-5a7039c7161d","isCompleted":true,"isExpired":false,"outputs":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"content":{"key":"value"},"type":"json"}},"parameters":{"entity_id":"abc123"},"startedAt":"2022-07-29T19:08:49.126Z","wasSuccessful":true}},"type":"object","properties":{}},"Security_Endpoint_Management_API_KillProcessRouteRequestBody":{"allOf":[{"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]},{"type":"object","properties":{"parameters":{"oneOf":[{"type":"object","properties":{"pid":{"description":"The process ID (PID) of the process to terminate.","example":123,"minimum":1,"type":"integer"}}},{"type":"object","properties":{"entity_id":{"description":"The entity ID of the process to terminate.","example":"abc123","minLength":1,"type":"string"}}},{"type":"object","properties":{"process_name":{"description":"The name of the process to terminate. Valid for SentinelOne agent type only.","example":"Elastic","minLength":1,"type":"string"}}}]}},"required":["parameters"]}],"example":{"comment":"terminate the process","endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"],"parameters":{"entity_id":"abc123"}}},"Security_Endpoint_Management_API_KillProcessRouteResponse":{"example":{"data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentType":"endpoint","command":"kill-process","comment":"terminate the process","completedAt":"2022-07-29T19:09:44.961Z","createdBy":"myuser","errors":[],"id":"233db9ea-6733-4849-9226-5a7039c7161d","isCompleted":true,"isExpired":false,"outputs":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"content":{"key":"value"},"type":"json"}},"parameters":{"entity_id":"abc123"},"startedAt":"2022-07-29T19:08:49.126Z","wasSuccessful":true}},"type":"object","properties":{}},"Security_Endpoint_Management_API_Kuery":{"description":"A KQL string.","example":"united.endpoint.host.os.name : 'Windows'","type":"string"},"Security_Endpoint_Management_API_MetadataListResponse":{"example":{"data":[{"host_status":"healthy","last_checkin":"2023-07-04T15:47:57.432Z","metadata":{"@timestamp":"2023-07-04T15:47:57.432173535Z","agent":{"build":{"original":"version: 7.16.0, compiled: Tue Nov 16 16:00:00 2021, branch: 7.16, commit: 73a51033db85e0fb3be1c934697ef6a2b08979ab"},"id":"285297c6-3bff-4b83-9a07-f3e749801123","type":"endpoint","version":"7.16.0"},"data_stream":{"dataset":"endpoint.metadata","namespace":"default","type":"metrics"},"ecs":{"version":"1.11.0"},"elastic":{"agent":{"id":"285297c6-3bff-4b83-9a07-f3e749801123"}},"Endpoint":{"capabilities":["isolation"],"configuration":{"isolation":false},"policy":{"applied":{"endpoint_policy_version":"2","id":"d5371dcd-93b7-4627-af88-4084f7d6aa3e","name":"test","status":"success","version":"3"}},"state":{"isolation":false},"status":"enrolled"},"event":{"action":"endpoint_metadata","agent_id_status":"verified","category":["host"],"created":"2023-07-04T15:47:57.432173535Z","dataset":"endpoint.metadata","id":"MNtSXK/SkhEBnmgt++++++7S","ingested":"2023-07-04T15:47:58Z","kind":"metric","module":"endpoint","sequence":400,"type":["info"]},"host":{"architecture":"x86_64","hostname":"david-Xubuntu","id":"0cfead88e2024bd8a27476352b5ab264","ip":["127.0.0.1","::1","10.0.2.15","fe80::2ac7:8e15:b957:2fa1"],"mac":["08:00:27:e6:78:8b"],"name":"david-Xubuntu","os":{"Ext":{"variant":"Ubuntu"},"family":"ubuntu","full":"Ubuntu 20.04.2","kernel":"5.8.0-59-generic #66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021","name":"Linux","platform":"ubuntu","type":"linux","version":"20.04.2"}},"message":"Endpoint metadata"},"policy_info":{"agent":{"applied":{"id":"ed7e3720-4bad-11ec-a2a8-fb22e62a5753","revision":0},"configured":{"id":"ed7e3720-4bad-11ec-a2a8-fb22e62a5753","revision":3}},"endpoint":{"id":"d5371dcd-93b7-4627-af88-4084f7d6aa3e","revision":2}}},{"host_status":"healthy","last_checkin":"2023-07-04T15:44:31.491Z","metadata":{"@timestamp":"2023-07-04T15:44:31.4917849Z","agent":{"build":{"original":"version: 7.16.0, compiled: Tue Nov 16 17:00:00 2021, branch: 7.16, commit: 73a51033db85e0fb3be1c934697ef6a2b08979ab"},"id":"abb8a826-6812-448c-a571-6d8269b51449","type":"endpoint","version":"7.16.0"},"data_stream":{"dataset":"endpoint.metadata","namespace":"default","type":"metrics"},"ecs":{"version":"1.11.0"},"elastic":{"agent":{"id":"abb8a826-6812-448c-a571-6d8269b51449"}},"Endpoint":{"capabilities":["isolation"],"configuration":{"isolation":false},"policy":{"applied":{"endpoint_policy_version":"2","id":"d5371dcd-93b7-4627-af88-4084f7d6aa3e","name":"test","status":"success","version":"3"}},"state":{"isolation":false},"status":"enrolled"},"event":{"action":"endpoint_metadata","agent_id_status":"verified","category":["host"],"created":"2023-07-04T15:44:31.4917849Z","dataset":"endpoint.metadata","id":"MNtRc++KoKHXXwlj+++++/N9","ingested":"2023-07-04T15:44:33Z","kind":"metric","module":"endpoint","sequence":5159,"type":["info"]},"host":{"architecture":"x86_64","hostname":"WinDev2104Eval","id":"17d9cabc-7edd-43bc-bacb-8da5f5e6c0e5","ip":["10.0.2.15","fe80::21a6:63d3:d70e:e3ad","127.0.0.1","::1"],"mac":["08:00:27:b1:1d:5a"],"name":"WinDev2104Eval","os":{"Ext":{"variant":"Windows 10 Enterprise Evaluation"},"family":"windows","full":"Windows 10 Enterprise Evaluation 20H2 (10.0.19042.906)","kernel":"20H2 (10.0.19042.906)","name":"Windows","platform":"windows","type":"windows","version":"20H2 (10.0.19042.906)"}},"message":"Endpoint metadata"},"policy_info":{"agent":{"applied":{"id":"ed7e3720-4bad-11ec-a2a8-fb22e62a5753","revision":0},"configured":{"id":"ed7e3720-4bad-11ec-a2a8-fb22e62a5753","revision":3}},"endpoint":{"id":"d5371dcd-93b7-4627-af88-4084f7d6aa3e","revision":2}}}],"page":0,"pageSize":10,"sortDirection":"desc","sortField":"enrolled_at","total":2},"type":"object","properties":{}},"Security_Endpoint_Management_API_Page":{"default":1,"description":"Page number","example":1,"minimum":1,"type":"integer"},"Security_Endpoint_Management_API_PageSize":{"default":10,"description":"Number of items per page","example":10,"maximum":100,"minimum":1,"type":"integer"},"Security_Endpoint_Management_API_Parameters":{"description":"Optional parameters object","type":"object"},"Security_Endpoint_Management_API_PendingActionDataType":{"type":"integer"},"Security_Endpoint_Management_API_PendingActionsSchema":{"oneOf":[{"type":"object","properties":{"execute":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"},"get-file":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"},"isolate":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"},"kill-process":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"},"running-processes":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"},"scan":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"},"suspend-process":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"},"unisolate":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"},"upload":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType"}}},{"additionalProperties":true,"type":"object"}]},"Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse":{"type":"object","properties":{"note":{"type":"string"}}},"Security_Endpoint_Management_API_RawScriptParameters":{"type":"object","properties":{"commandLine":{"description":"Command line arguments.","minLength":1,"type":"string"},"raw":{"description":"Raw script content.","minLength":1,"type":"string"},"timeout":{"description":"Timeout in seconds.","minimum":1,"type":"integer"}},"required":["raw"]},"Security_Endpoint_Management_API_RunScriptRouteRequestBody":{"type":"object","properties":{"parameters":{"description":"Exactly one of 'Raw', 'HostPath', or 'CloudFile' must be provided. CommandLine and Timeout are optional for all.","oneOf":[{"$ref":"#/components/schemas/Security_Endpoint_Management_API_RawScriptParameters"},{"$ref":"#/components/schemas/Security_Endpoint_Management_API_HostPathScriptParameters"},{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CloudFileScriptParameters"}]}},"required":["parameters"]},"Security_Endpoint_Management_API_ScanRouteRequestBody":{"allOf":[{"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]},{"type":"object","properties":{"parameters":{"type":"object","properties":{"path":{"description":"The folder or file’s full path (including the file name).","example":"/usr/my-file.txt","type":"string"}},"required":["path"]}},"required":["parameters"]}],"example":{"comment":"Scan the file for malware","endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"],"parameters":{"path":"/usr/my-file.txt"}}},"Security_Endpoint_Management_API_ScanRouteResponse":{"example":{"data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentState":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"isCompleted":false,"wasSuccessful":false}},"agentType":"endpoint","command":"scan","createdBy":"myuser","hosts":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"name":"gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r"}},"id":"27ba1b42-7cc6-4e53-86ce-675c876092b2","isCompleted":false,"isExpired":false,"outputs":{},"parameters":{"path":"/usr/my-file.txt"},"startedAt":"2023-07-28T19:00:03.911Z","status":"pending","wasSuccessful":false}},"type":"object","properties":{}},"Security_Endpoint_Management_API_SortDirection":{"description":"Determines the sort order.","enum":["asc","desc"],"example":"desc","type":"string"},"Security_Endpoint_Management_API_SortField":{"description":"Determines which field is used to sort the results.","enum":["enrolled_at","metadata.host.hostname","host_status","metadata.Endpoint.policy.applied.name","metadata.Endpoint.policy.applied.status","metadata.host.os.name","metadata.host.ip","metadata.agent.version","last_checkin"],"example":"enrolled_at","type":"string"},"Security_Endpoint_Management_API_StartDate":{"description":"A start date in ISO 8601 format or Date Math format.","example":"2023-10-31T00:00:00.000Z","type":"string"},"Security_Endpoint_Management_API_SuccessResponse":{"type":"object","properties":{}},"Security_Endpoint_Management_API_SuspendProcessRouteRequestBody":{"allOf":[{"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]},{"type":"object","properties":{"parameters":{"oneOf":[{"type":"object","properties":{"pid":{"description":"The process ID (PID) of the process to suspend.","example":123,"minimum":1,"type":"integer"}}},{"type":"object","properties":{"entity_id":{"description":"The entity ID of the process to suspend.","example":"abc123","minLength":1,"type":"string"}}}]}},"required":["parameters"]}],"example":{"comment":"suspend the process","endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"],"parameters":{"entity_id":"abc123"}}},"Security_Endpoint_Management_API_SuspendProcessRouteResponse":{"example":{"data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentType":"endpoint","command":"suspend-process","comment":"suspend the process","completedAt":"2022-07-29T19:09:44.961Z","createdBy":"myuser","errors":[],"id":"233db9ea-6733-4849-9226-5a7039c7161d","isCompleted":true,"isExpired":false,"outputs":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"content":{"key":"value"},"type":"json"}},"parameters":{"entity_id":"abc123"},"startedAt":"2022-07-29T19:08:49.126Z","wasSuccessful":true}},"type":"object","properties":{}},"Security_Endpoint_Management_API_Timeout":{"description":"The maximum timeout value in milliseconds (optional)","minimum":1,"type":"integer"},"Security_Endpoint_Management_API_Type":{"description":"Type of response action","enum":["automated","manual"],"type":"string"},"Security_Endpoint_Management_API_Types":{"description":"List of types of response actions","example":["automated","manual"],"items":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Type"},"maxLength":2,"minLength":1,"type":"array"},"Security_Endpoint_Management_API_UnisolateRouteResponse":{"example":{"action":"233db9ea-6733-4849-9226-5a7039c7161d","data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentType":"endpoint","command":"suspend-process","comment":"suspend the process","completedAt":"2022-07-29T19:09:44.961Z","createdBy":"myuser","errors":[],"id":"233db9ea-6733-4849-9226-5a7039c7161d","isCompleted":true,"isExpired":false,"outputs":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"content":{"key":"value"},"type":"json"}},"parameters":{"entity_id":"abc123"},"startedAt":"2022-07-29T19:08:49.126Z","wasSuccessful":true}},"type":"object","properties":{}},"Security_Endpoint_Management_API_UploadRouteRequestBody":{"allOf":[{"type":"object","properties":{"agent_type":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AgentTypes"},"alert_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_AlertIds"},"case_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_CaseIds"},"comment":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Comment"},"endpoint_ids":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_EndpointIds"},"parameters":{"$ref":"#/components/schemas/Security_Endpoint_Management_API_Parameters"}},"required":["endpoint_ids"]},{"type":"object","properties":{"file":{"description":"The binary content of the file.","example":"RWxhc3RpYw==","format":"binary","type":"string"},"parameters":{"type":"object","properties":{"overwrite":{"default":false,"description":"Overwrite the file on the host if it already exists.","example":false,"type":"boolean"}}}},"required":["parameters","file"]}],"example":{"endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"],"file":"RWxhc3RpYw==","parameters":{}}},"Security_Endpoint_Management_API_UploadRouteResponse":{"example":{"data":{"agents":["ed518850-681a-4d60-bb98-e22640cae2a8"],"agentState":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"isCompleted":false,"wasSuccessful":false}},"agentType":"endpoint","command":"upload","createdBy":"elastic","hosts":{"ed518850-681a-4d60-bb98-e22640cae2a8":{"name":"Host-5i6cuc8kdv"}},"id":"9ff6aebc-2cb6-481e-8869-9b30036c9731","isCompleted":false,"isExpired":false,"outputs":{},"parameters":{"file_id":"10e4ce3d-4abb-4f93-a0cd-eaf63a489280","file_name":"fix-malware.sh","file_sha256":"a0bed94220193ba4895c0aa5b4e7e293381d15765cb164ddf7be5cdd010ae42a","file_size":69},"startedAt":"2023-07-03T15:07:22.837Z","status":"pending","wasSuccessful":false}},"type":"object","properties":{}},"Security_Endpoint_Management_API_UserIds":{"description":"A list of user IDs.","example":["user-id-1","user-id-2"],"oneOf":[{"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"},{"minLength":1,"type":"string"}]},"Security_Endpoint_Management_API_WithOutputs":{"description":"A list of action IDs that should include the complete output of the action.","example":["action-id-1","action-id-2"],"oneOf":[{"items":{"minLength":1,"type":"string"},"minItems":1,"type":"array"},{"minLength":1,"type":"string"}]},"Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem":{"type":"object","properties":{"index":{"type":"integer"},"message":{"type":"string"}},"required":["message","index"]},"Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats":{"type":"object","properties":{"failed":{"type":"integer"},"successful":{"type":"integer"},"total":{"type":"integer"}},"required":["successful","failed","total"]},"Security_Entity_Analytics_API_AssetCriticalityLevel":{"description":"The criticality level of the asset.","enum":["low_impact","medium_impact","high_impact","extreme_impact"],"type":"string"},"Security_Entity_Analytics_API_AssetCriticalityLevelsForBulkUpload":{"description":"The criticality level of the asset for bulk upload. The value `unassigned` is used to indicate that the criticality level is not assigned and is only used for bulk upload.","enum":["low_impact","medium_impact","high_impact","extreme_impact","unassigned"],"type":"string"},"Security_Entity_Analytics_API_AssetCriticalityRecord":{"allOf":[{"$ref":"#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord"},{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts"},{"type":"object","properties":{"@timestamp":{"description":"The time the record was created or updated.","example":"2017-07-21T17:32:28Z","format":"date-time","type":"string"}},"required":["@timestamp"]}],"example":{"@timestamp":"2024-08-02T11:15:34.290Z","asset":{"criticality":"high_impact"},"criticality_level":"high_impact","host":{"asset":{"criticality":"high_impact"},"name":"my_host"},"id_field":"host.name","id_value":"my_host"}},"Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts":{"type":"object","properties":{"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["asset"]},"entity":{"type":"object","properties":{"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality"]},"id":{"type":"string"}},"required":["id"]},"host":{"type":"object","properties":{"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality"]},"name":{"type":"string"}},"required":["name"]},"service":{"type":"object","properties":{"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality"]},"name":{"type":"string"}},"required":["name"]},"user":{"type":"object","properties":{"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality"]},"name":{"type":"string"}},"required":["name"]}},"required":["asset"]},"Security_Entity_Analytics_API_AssetCriticalityRecordIdParts":{"type":"object","properties":{"id_field":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_IdField","description":"The field representing the ID.","example":"host.name"},"id_value":{"description":"The ID value of the asset.","type":"string"}},"required":["id_value","id_field"]},"Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse":{"type":"object","properties":{"cleanup_successful":{"example":false,"type":"boolean"},"errors":{"items":{"type":"object","properties":{"error":{"type":"string"},"seq":{"type":"integer"}},"required":["seq","error"]},"type":"array"}},"required":["cleanup_successful","errors"]},"Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse":{"type":"object","properties":{"errors":{"items":{"type":"object","properties":{"error":{"type":"string"},"seq":{"type":"integer"}},"required":["seq","error"]},"type":"array"},"risk_engine_saved_object_configured":{"example":false,"type":"boolean"}},"required":["risk_engine_saved_object_configured","errors"]},"Security_Entity_Analytics_API_CreateAssetCriticalityRecord":{"allOf":[{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts"},{"type":"object","properties":{"criticality_level":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality_level"]}]},"Security_Entity_Analytics_API_EngineComponentResource":{"enum":["entity_engine","entity_definition","index","component_template","index_template","ingest_pipeline","enrich_policy","task","transform"],"type":"string"},"Security_Entity_Analytics_API_EngineComponentStatus":{"type":"object","properties":{"errors":{"items":{"type":"object","properties":{"message":{"type":"string"},"title":{"type":"string"}}},"type":"array"},"health":{"enum":["green","yellow","red","unknown"],"type":"string"},"id":{"type":"string"},"installed":{"type":"boolean"},"metadata":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_Metadata"},"resource":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineComponentResource"}},"required":["id","installed","resource"]},"Security_Entity_Analytics_API_EngineDataviewUpdateResult":{"type":"object","properties":{"changes":{"type":"object","properties":{"indexPatterns":{"items":{"type":"string"},"type":"array"}}},"type":{"type":"string"}},"required":["type"]},"Security_Entity_Analytics_API_EngineDescriptor":{"type":"object","properties":{"delay":{"default":"1m","pattern":"[smdh]$","type":"string"},"docsPerSecond":{"type":"integer"},"error":{"type":"object","properties":{"action":{"enum":["init"],"type":"string"},"message":{"type":"string"}},"required":["message","action"]},"fieldHistoryLength":{"type":"integer"},"filter":{"type":"string"},"frequency":{"default":"1m","pattern":"[smdh]$","type":"string"},"indexPattern":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_IndexPattern"},"lookbackPeriod":{"default":"24h","pattern":"[smdh]$","type":"string"},"status":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineStatus"},"timeout":{"default":"180s","pattern":"[smdh]$","type":"string"},"timestampField":{"type":"string"},"type":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityType"}},"required":["type","indexPattern","status","fieldHistoryLength"]},"Security_Entity_Analytics_API_EngineMetadata":{"type":"object","properties":{"Type":{"type":"string"}},"required":["Type"]},"Security_Entity_Analytics_API_EngineStatus":{"enum":["installing","started","stopped","updating","error"],"type":"string"},"Security_Entity_Analytics_API_Entity":{"oneOf":[{"$ref":"#/components/schemas/Security_Entity_Analytics_API_UserEntity"},{"$ref":"#/components/schemas/Security_Entity_Analytics_API_HostEntity"},{"$ref":"#/components/schemas/Security_Entity_Analytics_API_ServiceEntity"},{"$ref":"#/components/schemas/Security_Entity_Analytics_API_GenericEntity"}]},"Security_Entity_Analytics_API_EntityRiskLevels":{"enum":["Unknown","Low","Moderate","High","Critical"],"type":"string"},"Security_Entity_Analytics_API_EntityRiskScoreRecord":{"type":"object","properties":{"@timestamp":{"description":"The time at which the risk score was calculated.","example":"2017-07-21T17:32:28Z","format":"date-time","type":"string"},"calculated_level":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels","description":"Lexical description of the entity's risk.","example":"Critical"},"calculated_score":{"description":"The raw numeric value of the given entity's risk score.","format":"double","type":"number"},"calculated_score_norm":{"description":"The normalized numeric value of the given entity's risk score. Useful for comparing with other entities.","format":"double","maximum":100,"minimum":0,"type":"number"},"category_1_count":{"description":"The number of risk input documents that contributed to the Category 1 score (`category_1_score`).","format":"integer","type":"number"},"category_1_score":{"description":"The contribution of Category 1 to the overall risk score (`calculated_score`). Category 1 contains Detection Engine Alerts.","format":"double","type":"number"},"category_2_count":{"format":"integer","type":"number"},"category_2_score":{"format":"double","type":"number"},"criticality_level":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"},"criticality_modifier":{"format":"double","type":"number"},"id_field":{"description":"The identifier field defining this risk score. Coupled with `id_value`, uniquely identifies the entity being scored.","example":"host.name","type":"string"},"id_value":{"description":"The identifier value defining this risk score. Coupled with `id_field`, uniquely identifies the entity being scored.","example":"example.host","type":"string"},"inputs":{"description":"A list of the highest-risk documents contributing to this risk score. Useful for investigative purposes.","items":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput"},"type":"array"},"notes":{"items":{"type":"string"},"type":"array"}},"required":["@timestamp","id_field","id_value","calculated_level","calculated_score","calculated_score_norm","category_1_score","category_1_count","inputs","notes"]},"Security_Entity_Analytics_API_EntityType":{"enum":["user","host","service","generic"],"type":"string"},"Security_Entity_Analytics_API_GenericEntity":{"type":"object","properties":{"@timestamp":{"format":"date-time","type":"string"},"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality"]},"entity":{"type":"object","properties":{"category":{"type":"string"},"EngineMetadata":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineMetadata"},"id":{"type":"string"},"name":{"type":"string"},"source":{"type":"string"},"type":{"type":"string"}},"required":["id","name","type"]}},"required":["entity"]},"Security_Entity_Analytics_API_HostEntity":{"type":"object","properties":{"@timestamp":{"format":"date-time","type":"string"},"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality"]},"entity":{"type":"object","properties":{"EngineMetadata":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineMetadata"},"name":{"type":"string"},"source":{"type":"string"},"type":{"type":"string"}},"required":["name","source","type"]},"event":{"type":"object","properties":{"ingested":{"format":"date-time","type":"string"}}},"host":{"type":"object","properties":{"architecture":{"items":{"type":"string"},"type":"array"},"domain":{"items":{"type":"string"},"type":"array"},"hostname":{"items":{"type":"string"},"type":"array"},"id":{"items":{"type":"string"},"type":"array"},"ip":{"items":{"type":"string"},"type":"array"},"mac":{"items":{"type":"string"},"type":"array"},"name":{"type":"string"},"risk":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord"},"type":{"items":{"type":"string"},"type":"array"}},"required":["name"]}},"required":["host","entity"]},"Security_Entity_Analytics_API_IdField":{"enum":["host.name","user.name","service.name","entity.id"],"type":"string"},"Security_Entity_Analytics_API_IndexPattern":{"type":"string"},"Security_Entity_Analytics_API_InspectQuery":{"type":"object","properties":{"dsl":{"items":{"type":"string"},"type":"array"},"response":{"items":{"type":"string"},"type":"array"}},"required":["dsl","response"]},"Security_Entity_Analytics_API_Interval":{"description":"Interval in which enrich policy runs. For example, `\"1h\"` means the rule runs every hour. Must be less than or equal to half the duration of the lookback period,","example":"1h","pattern":"^[1-9]\\d*[smh]$","type":"string"},"Security_Entity_Analytics_API_Metadata":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_TransformStatsMetadata"},"Security_Entity_Analytics_API_MonitoredUserDoc":{"type":"object","properties":{"@timestamp":{"format":"date-time","type":"string"},"entity_analytics_monitoring":{"type":"object","properties":{"labels":{"items":{"type":"object","properties":{"field":{"type":"string"},"source":{"type":"string"},"value":{"type":"string"}}},"type":"array"}}},"event":{"type":"object","properties":{"ingested":{"format":"date-time","type":"string"}}},"id":{"type":"string"},"labels":{"type":"object","properties":{"monitoring":{"type":"object","properties":{"privileged_users":{"enum":["monitored","deleted"],"type":"string"}}},"source_indices":{"items":{"type":"string"},"type":"array"},"source_integrations":{"items":{"type":"string"},"type":"array"},"sources":{"items":{"enum":["csv","index_sync","api"]},"type":"array"}}},"user":{"type":"object","properties":{"name":{"type":"string"}}}}},"Security_Entity_Analytics_API_MonitoringEngineDescriptor":{"type":"object","properties":{"status":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineStatus"}},"required":["type","status"]},"Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse":{"type":"object","properties":{"full_error":{"type":"string"},"message":{"type":"string"}},"required":["message","full_error"]},"Security_Entity_Analytics_API_RiskEngineScheduleNowResponse":{"type":"object","properties":{"success":{"type":"boolean"}}},"Security_Entity_Analytics_API_RiskScoreInput":{"description":"A generic representation of a document contributing to a Risk Score.","type":"object","properties":{"category":{"description":"The risk category of the risk input document.","example":"category_1","type":"string"},"contribution_score":{"format":"double","type":"number"},"description":{"description":"A human-readable description of the risk input document.","example":"Generated from Detection Engine Rule: Malware Prevention Alert","type":"string"},"id":{"description":"The unique identifier (`_id`) of the original source document","example":"91a93376a507e86cfbf282166275b89f9dbdb1f0be6c8103c6ff2909ca8e1a1c","type":"string"},"index":{"description":"The unique index (`_index`) of the original source document","example":".internal.alerts-security.alerts-default-000001","type":"string"},"risk_score":{"description":"The weighted risk score of the risk input document.","format":"double","maximum":100,"minimum":0,"type":"number"},"timestamp":{"description":"The @timestamp of the risk input document.","example":"2017-07-21T17:32:28Z","type":"string"}},"required":["id","index","description","category"]},"Security_Entity_Analytics_API_ServiceEntity":{"type":"object","properties":{"@timestamp":{"format":"date-time","type":"string"},"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality"]},"entity":{"type":"object","properties":{"EngineMetadata":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineMetadata"},"name":{"type":"string"},"source":{"type":"string"},"type":{"type":"string"}},"required":["name","source","type"]},"event":{"type":"object","properties":{"ingested":{"format":"date-time","type":"string"}}},"service":{"type":"object","properties":{"name":{"type":"string"},"risk":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord"}},"required":["name"]}},"required":["service","entity"]},"Security_Entity_Analytics_API_StoreStatus":{"enum":["not_installed","installing","running","stopped","error"],"type":"string"},"Security_Entity_Analytics_API_TaskManagerUnavailableResponse":{"description":"Task manager is unavailable","type":"object","properties":{"message":{"type":"string"},"status_code":{"minimum":400,"type":"integer"}},"required":["status_code","message"]},"Security_Entity_Analytics_API_TransformStatsMetadata":{"type":"object","properties":{"delete_time_in_ms":{"type":"integer"},"documents_deleted":{"type":"integer"},"documents_indexed":{"type":"integer"},"documents_processed":{"type":"integer"},"exponential_avg_checkpoint_duration_ms":{"type":"integer"},"exponential_avg_documents_indexed":{"type":"integer"},"exponential_avg_documents_processed":{"type":"integer"},"index_failures":{"type":"integer"},"index_time_in_ms":{"type":"integer"},"index_total":{"type":"integer"},"pages_processed":{"type":"integer"},"processing_time_in_ms":{"type":"integer"},"processing_total":{"type":"integer"},"search_failures":{"type":"integer"},"search_time_in_ms":{"type":"integer"},"search_total":{"type":"integer"},"trigger_count":{"type":"integer"}},"required":["pages_processed","documents_processed","documents_indexed","trigger_count","index_time_in_ms","index_total","index_failures","search_time_in_ms","search_total","search_failures","processing_time_in_ms","processing_total","exponential_avg_checkpoint_duration_ms","exponential_avg_documents_indexed","exponential_avg_documents_processed"]},"Security_Entity_Analytics_API_UserEntity":{"type":"object","properties":{"@timestamp":{"format":"date-time","type":"string"},"asset":{"type":"object","properties":{"criticality":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel"}},"required":["criticality"]},"entity":{"type":"object","properties":{"EngineMetadata":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EngineMetadata"},"name":{"type":"string"},"source":{"type":"string"},"type":{"type":"string"}},"required":["name","source","type"]},"event":{"type":"object","properties":{"ingested":{"format":"date-time","type":"string"}}},"user":{"type":"object","properties":{"domain":{"items":{"type":"string"},"type":"array"},"email":{"items":{"type":"string"},"type":"array"},"full_name":{"items":{"type":"string"},"type":"array"},"hash":{"items":{"type":"string"},"type":"array"},"id":{"items":{"type":"string"},"type":"array"},"name":{"type":"string"},"risk":{"$ref":"#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord"},"roles":{"items":{"type":"string"},"type":"array"}},"required":["name"]}},"required":["user","entity"]},"Security_Entity_Analytics_API_UserName":{"type":"object","properties":{"user":{"type":"object","properties":{"name":{"description":"The name of the user.","type":"string"}}}}},"Security_Exceptions_API_CreateExceptionListItemComment":{"type":"object","properties":{"comment":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"}},"required":["comment"]},"Security_Exceptions_API_CreateExceptionListItemCommentArray":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment"},"type":"array"},"Security_Exceptions_API_CreateRuleExceptionListItemComment":{"type":"object","properties":{"comment":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"}},"required":["comment"]},"Security_Exceptions_API_CreateRuleExceptionListItemCommentArray":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment"},"type":"array"},"Security_Exceptions_API_CreateRuleExceptionListItemProps":{"type":"object","properties":{"comments":{"$ref":"#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray","default":[]},"description":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription"},"entries":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray"},"expire_time":{"format":"date-time","type":"string"},"item_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId"},"meta":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta"},"name":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemName"},"namespace_type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType","default":"single"},"os_types":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray","default":[]},"tags":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemTags","default":[]},"type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemType"}},"required":["type","name","description","entries"]},"Security_Exceptions_API_ExceptionList":{"type":"object","properties":{"_version":{"description":"The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version.","type":"string"},"created_at":{"description":"Autogenerated date of object creation.","format":"date-time","type":"string"},"created_by":{"description":"Autogenerated value - user that created object.","type":"string"},"description":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListDescription"},"id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListId"},"immutable":{"type":"boolean"},"list_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"},"meta":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListMeta"},"name":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListName"},"namespace_type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType"},"os_types":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray"},"tags":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListTags"},"tie_breaker_id":{"description":"Field used in search to ensure all containers are sorted and returned correctly.","type":"string"},"type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListType"},"updated_at":{"description":"Autogenerated date of last object update.","format":"date-time","type":"string"},"updated_by":{"description":"Autogenerated value - user that last updated object.","type":"string"},"version":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListVersion"}},"required":["id","list_id","type","name","description","immutable","namespace_type","version","tie_breaker_id","created_at","created_by","updated_at","updated_by"]},"Security_Exceptions_API_ExceptionListDescription":{"description":"Describes the exception list.","example":"This list tracks allowlisted values.","type":"string"},"Security_Exceptions_API_ExceptionListHumanId":{"description":"Exception list's human readable string identifier, e.g. `trusted-linux-processes`.","example":"simple_list","format":"nonempty","minLength":1,"type":"string"},"Security_Exceptions_API_ExceptionListId":{"description":"Exception list's identifier.","example":"9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85","format":"nonempty","minLength":1,"type":"string"},"Security_Exceptions_API_ExceptionListItem":{"type":"object","properties":{"_version":{"description":"The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version.","type":"string"},"comments":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray"},"created_at":{"description":"Autogenerated date of object creation.","format":"date-time","type":"string"},"created_by":{"description":"Autogenerated value - user that created object.","type":"string"},"description":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription"},"entries":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray"},"expire_time":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime"},"id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemId"},"item_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId"},"list_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"},"meta":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta"},"name":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemName"},"namespace_type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType"},"os_types":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray"},"tags":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemTags"},"tie_breaker_id":{"description":"Field used in search to ensure all containers are sorted and returned correctly.","type":"string"},"type":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemType"},"updated_at":{"description":"Autogenerated date of last object update.","format":"date-time","type":"string"},"updated_by":{"description":"Autogenerated value - user that last updated object.","type":"string"}},"required":["id","item_id","list_id","type","name","description","entries","namespace_type","comments","tie_breaker_id","created_at","created_by","updated_at","updated_by"]},"Security_Exceptions_API_ExceptionListItemComment":{"type":"object","properties":{"comment":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"created_at":{"description":"Autogenerated date of object creation.","format":"date-time","type":"string"},"created_by":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"id":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"updated_at":{"description":"Autogenerated date of last object update.","format":"date-time","type":"string"},"updated_by":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"}},"required":["id","comment","created_at","created_by"]},"Security_Exceptions_API_ExceptionListItemCommentArray":{"description":"Array of comment fields:\n\n- comment (string): Comments about the exception item.\n","items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemComment"},"type":"array"},"Security_Exceptions_API_ExceptionListItemDescription":{"description":"Describes the exception list.","type":"string"},"Security_Exceptions_API_ExceptionListItemEntry":{"anyOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch"},{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny"},{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList"},{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists"},{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested"},{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard"}],"discriminator":{"propertyName":"type"}},"Security_Exceptions_API_ExceptionListItemEntryArray":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntry"},"type":"array"},"Security_Exceptions_API_ExceptionListItemEntryExists":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"operator":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["exists"],"type":"string"}},"required":["type","field","operator"]},"Security_Exceptions_API_ExceptionListItemEntryList":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"list":{"type":"object","properties":{"id":{"$ref":"#/components/schemas/Security_Exceptions_API_ListId"},"type":{"$ref":"#/components/schemas/Security_Exceptions_API_ListType"}},"required":["id","type"]},"operator":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["list"],"type":"string"}},"required":["type","field","list","operator"]},"Security_Exceptions_API_ExceptionListItemEntryMatch":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"operator":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["match"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"}},"required":["type","field","value","operator"]},"Security_Exceptions_API_ExceptionListItemEntryMatchAny":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"operator":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["match_any"],"type":"string"},"value":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"minItems":1,"type":"array"}},"required":["type","field","value","operator"]},"Security_Exceptions_API_ExceptionListItemEntryMatchWildcard":{"type":"object","properties":{"field":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"operator":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator"},"type":{"enum":["wildcard"],"type":"string"},"value":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"}},"required":["type","field","value","operator"]},"Security_Exceptions_API_ExceptionListItemEntryNested":{"type":"object","properties":{"entries":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem"},"minItems":1,"type":"array"},"field":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"type":{"enum":["nested"],"type":"string"}},"required":["type","field","entries"]},"Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem":{"oneOf":[{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch"},{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny"},{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists"}]},"Security_Exceptions_API_ExceptionListItemEntryOperator":{"enum":["excluded","included"],"type":"string"},"Security_Exceptions_API_ExceptionListItemExpireTime":{"description":"The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions.","format":"date-time","type":"string"},"Security_Exceptions_API_ExceptionListItemHumanId":{"description":"Human readable string identifier, e.g. `trusted-linux-processes`","example":"simple_list_item","format":"nonempty","minLength":1,"type":"string"},"Security_Exceptions_API_ExceptionListItemId":{"description":"Exception's identifier.","example":"71a9f4b2-c85c-49b4-866f-c71eb9e67da2","format":"nonempty","minLength":1,"type":"string"},"Security_Exceptions_API_ExceptionListItemMeta":{"additionalProperties":true,"type":"object"},"Security_Exceptions_API_ExceptionListItemName":{"description":"Exception list name.","format":"nonempty","minLength":1,"type":"string"},"Security_Exceptions_API_ExceptionListItemOsTypeArray":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListOsType"},"type":"array"},"Security_Exceptions_API_ExceptionListItemTags":{"items":{"description":"String array containing words and phrases to help categorize exception items.","format":"nonempty","minLength":1,"type":"string"},"type":"array"},"Security_Exceptions_API_ExceptionListItemType":{"enum":["simple"],"type":"string"},"Security_Exceptions_API_ExceptionListMeta":{"additionalProperties":true,"description":"Placeholder for metadata about the list container.","type":"object"},"Security_Exceptions_API_ExceptionListName":{"description":"The name of the exception list.","example":"My exception list","type":"string"},"Security_Exceptions_API_ExceptionListOsType":{"description":"Use this field to specify the operating system.","enum":["linux","macos","windows"],"type":"string"},"Security_Exceptions_API_ExceptionListOsTypeArray":{"description":"Use this field to specify the operating system. Only enter one value.","items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListOsType"},"type":"array"},"Security_Exceptions_API_ExceptionListsImportBulkError":{"type":"object","properties":{"error":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"integer"}},"required":["status_code","message"]},"id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListId"},"item_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId"},"list_id":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListHumanId"}},"required":["error"]},"Security_Exceptions_API_ExceptionListsImportBulkErrorArray":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError"},"type":"array"},"Security_Exceptions_API_ExceptionListTags":{"description":"String array containing words and phrases to help categorize exception containers.","items":{"type":"string"},"type":"array"},"Security_Exceptions_API_ExceptionListType":{"description":"The type of exception list to be created. Different list types may denote where they can be utilized.","enum":["detection","rule_default","endpoint","endpoint_trusted_apps","endpoint_events","endpoint_host_isolation_exceptions","endpoint_blocklists"],"type":"string"},"Security_Exceptions_API_ExceptionListVersion":{"description":"The document version, automatically increasd on updates.","minimum":1,"type":"integer"},"Security_Exceptions_API_ExceptionNamespaceType":{"description":"Determines whether the exception container is available in all Kibana spaces or just the space\nin which it is created, where:\n\n- `single`: Only available in the Kibana space in which it is created.\n- `agnostic`: Available in all Kibana spaces.\n","enum":["agnostic","single"],"type":"string"},"Security_Exceptions_API_FindExceptionListItemsFilter":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"Security_Exceptions_API_FindExceptionListsFilter":{"example":"exception-list.attributes.name:%Detection%20List","type":"string"},"Security_Exceptions_API_ListId":{"description":"Value list's identifier.","example":"21b01cfb-058d-44b9-838c-282be16c91cd","format":"nonempty","minLength":1,"type":"string"},"Security_Exceptions_API_ListType":{"description":"Specifies the Elasticsearch data type of excludes the list container holds. Some common examples:\n\n- `keyword`: Many ECS fields are Elasticsearch keywords\n- `ip`: IP addresses\n- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation)\n","enum":["binary","boolean","byte","date","date_nanos","date_range","double","double_range","float","float_range","geo_point","geo_shape","half_float","integer","integer_range","ip","ip_range","keyword","long","long_range","shape","short","text"],"type":"string"},"Security_Exceptions_API_NonEmptyString":{"description":"A string that does not contain only whitespace characters","format":"nonempty","minLength":1,"type":"string"},"Security_Exceptions_API_PlatformErrorResponse":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"integer"}},"required":["statusCode","error","message"]},"Security_Exceptions_API_RuleId":{"$ref":"#/components/schemas/Security_Exceptions_API_UUID"},"Security_Exceptions_API_SiemErrorResponse":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"integer"}},"required":["status_code","message"]},"Security_Exceptions_API_UpdateExceptionListItemComment":{"type":"object","properties":{"comment":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"},"id":{"$ref":"#/components/schemas/Security_Exceptions_API_NonEmptyString"}},"required":["comment"]},"Security_Exceptions_API_UpdateExceptionListItemCommentArray":{"items":{"$ref":"#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment"},"type":"array"},"Security_Exceptions_API_UUID":{"description":"A universally unique identifier","format":"uuid","type":"string"},"Security_Lists_API_FindListItemsCursor":{"description":"Returns the items that come after the last item returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all items are sorted and returned correctly.","example":"WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d","format":"nonempty","minLength":1,"type":"string"},"Security_Lists_API_FindListItemsFilter":{"example":"value:127.0.0.1","type":"string"},"Security_Lists_API_FindListsCursor":{"example":"WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d","format":"nonempty","minLength":1,"type":"string"},"Security_Lists_API_FindListsFilter":{"example":"value:127.0.0.1","type":"string"},"Security_Lists_API_List":{"type":"object","properties":{"_version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersionId"},"@timestamp":{"example":"2025-01-08T04:47:34.273Z","format":"date-time","type":"string"},"created_at":{"description":"Autogenerated date of object creation.","example":"2025-01-08T04:47:34.273Z","format":"date-time","type":"string"},"created_by":{"description":"Autogenerated value - user that created object.","example":"elastic","type":"string"},"description":{"$ref":"#/components/schemas/Security_Lists_API_ListDescription"},"deserializer":{"$ref":"#/components/schemas/Security_Lists_API_ListDeserializer"},"id":{"$ref":"#/components/schemas/Security_Lists_API_ListId"},"immutable":{"type":"boolean"},"meta":{"$ref":"#/components/schemas/Security_Lists_API_ListMetadata"},"name":{"$ref":"#/components/schemas/Security_Lists_API_ListName"},"serializer":{"$ref":"#/components/schemas/Security_Lists_API_ListSerializer"},"tie_breaker_id":{"description":"Field used in search to ensure all containers are sorted and returned correctly.","example":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"string"},"type":{"$ref":"#/components/schemas/Security_Lists_API_ListType"},"updated_at":{"description":"Autogenerated date of last object update.","example":"2025-01-08T04:47:34.273Z","format":"date-time","type":"string"},"updated_by":{"description":"Autogenerated value - user that last updated object.","example":"elastic","type":"string"},"version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersion"}},"required":["id","type","name","description","immutable","version","tie_breaker_id","created_at","created_by","updated_at","updated_by"]},"Security_Lists_API_ListDescription":{"description":"Describes the value list.","format":"nonempty","minLength":1,"type":"string"},"Security_Lists_API_ListDeserializer":{"description":"Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions:\n\n- `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`.\n- `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.\n- `{{{gte}}},{{{lte}}}` - Date range values.\n","example":"{{value}}","type":"string"},"Security_Lists_API_ListId":{"description":"Value list's identifier.","example":"21b01cfb-058d-44b9-838c-282be16c91cd","format":"nonempty","minLength":1,"type":"string"},"Security_Lists_API_ListItem":{"type":"object","properties":{"_version":{"$ref":"#/components/schemas/Security_Lists_API_ListVersionId"},"@timestamp":{"example":"2025-01-08T04:47:34.273Z","format":"date-time","type":"string"},"created_at":{"description":"Autogenerated date of object creation.","example":"2025-01-08T04:47:34.273Z","format":"date-time","type":"string"},"created_by":{"description":"Autogenerated value - user that created object.","example":"elastic","type":"string"},"deserializer":{"$ref":"#/components/schemas/Security_Lists_API_ListDeserializer"},"id":{"$ref":"#/components/schemas/Security_Lists_API_ListItemId"},"list_id":{"$ref":"#/components/schemas/Security_Lists_API_ListId"},"meta":{"$ref":"#/components/schemas/Security_Lists_API_ListItemMetadata"},"serializer":{"$ref":"#/components/schemas/Security_Lists_API_ListSerializer"},"tie_breaker_id":{"description":"Field used in search to ensure all containers are sorted and returned correctly.","example":"f5508188-b1e9-4e6e-9662-d039a7d89899","type":"string"},"type":{"$ref":"#/components/schemas/Security_Lists_API_ListType"},"updated_at":{"description":"Autogenerated date of last object update.","example":"2025-01-08T04:47:34.273Z","format":"date-time","type":"string"},"updated_by":{"description":"Autogenerated value - user that last updated object.","example":"elastic","type":"string"},"value":{"$ref":"#/components/schemas/Security_Lists_API_ListItemValue"}},"required":["id","type","list_id","value","tie_breaker_id","created_at","created_by","updated_at","updated_by"]},"Security_Lists_API_ListItemId":{"description":"Value list item's identifier.","example":"54b01cfb-058d-44b9-838c-282be16c91cd","format":"nonempty","minLength":1,"type":"string"},"Security_Lists_API_ListItemMetadata":{"additionalProperties":true,"description":"Placeholder for metadata about the value list item.","type":"object"},"Security_Lists_API_ListItemPrivileges":{"type":"object","properties":{"application":{"additionalProperties":{"type":"boolean"},"type":"object"},"cluster":{"additionalProperties":{"type":"boolean"},"type":"object"},"has_all_requested":{"type":"boolean"},"index":{"additionalProperties":{"additionalProperties":{"type":"boolean"},"type":"object"},"type":"object"},"username":{"type":"string"}},"required":["username","has_all_requested","cluster","index","application"]},"Security_Lists_API_ListItemValue":{"description":"The value used to evaluate exceptions.","format":"nonempty","minLength":1,"type":"string"},"Security_Lists_API_ListMetadata":{"additionalProperties":true,"description":"Placeholder for metadata about the value list.","type":"object"},"Security_Lists_API_ListName":{"description":"Value list's name.","example":"List of bad IPs","format":"nonempty","minLength":1,"type":"string"},"Security_Lists_API_ListPrivileges":{"type":"object","properties":{"application":{"additionalProperties":{"type":"boolean"},"type":"object"},"cluster":{"additionalProperties":{"type":"boolean"},"type":"object"},"has_all_requested":{"type":"boolean"},"index":{"additionalProperties":{"additionalProperties":{"type":"boolean"},"type":"object"},"type":"object"},"username":{"type":"string"}},"required":["username","has_all_requested","cluster","index","application"]},"Security_Lists_API_ListSerializer":{"description":"Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups:\n\n- `(?\u003cvalue\u003e.+)` - Single value item types, such as ip, long, date, keyword, and text.\n- `(?\u003cgte\u003e.+)-(?\u003clte\u003e.+)|(?\u003cvalue\u003e.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`.\n","example":"(?\u003cvalue\u003e((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))","type":"string"},"Security_Lists_API_ListType":{"description":"Specifies the Elasticsearch data type of excludes the list container holds. Some common examples:\n\n- `keyword`: Many ECS fields are Elasticsearch keywords\n- `ip`: IP addresses\n- `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation)\n","enum":["binary","boolean","byte","date","date_nanos","date_range","double","double_range","float","float_range","geo_point","geo_shape","half_float","integer","integer_range","ip","ip_range","keyword","long","long_range","shape","short","text"],"type":"string"},"Security_Lists_API_ListVersion":{"description":"The document version number.","example":1,"minimum":1,"type":"integer"},"Security_Lists_API_ListVersionId":{"description":"The version id, normally returned by the API when the document is retrieved. Use it ensure updates are done against the latest version.\n","example":"WzIsMV0=","type":"string"},"Security_Lists_API_PlatformErrorResponse":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"statusCode":{"type":"integer"}},"required":["statusCode","error","message"]},"Security_Lists_API_SiemErrorResponse":{"type":"object","properties":{"message":{"type":"string"},"status_code":{"type":"integer"}},"required":["status_code","message"]},"Security_Osquery_API_ArrayQueries":{"description":"An array of queries to run.","items":{"$ref":"#/components/schemas/Security_Osquery_API_ArrayQueriesItem"},"type":"array"},"Security_Osquery_API_ArrayQueriesItem":{"type":"object","properties":{"ecs_mapping":{"$ref":"#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined"},"id":{"$ref":"#/components/schemas/Security_Osquery_API_QueryId"},"platform":{"$ref":"#/components/schemas/Security_Osquery_API_PlatformOrUndefined"},"query":{"$ref":"#/components/schemas/Security_Osquery_API_Query"},"removed":{"$ref":"#/components/schemas/Security_Osquery_API_RemovedOrUndefined"},"snapshot":{"$ref":"#/components/schemas/Security_Osquery_API_SnapshotOrUndefined"},"version":{"$ref":"#/components/schemas/Security_Osquery_API_VersionOrUndefined"}}},"Security_Osquery_API_CreateLiveQueryRequestBody":{"example":{"agent_all":true,"ecs_mapping":{"host.uptime":{"field":"total_seconds"}},"query":"select * from uptime;"},"type":"object","properties":{"agent_all":{"description":"When `true`, the query runs on all agents.","type":"boolean"},"agent_ids":{"description":"A list of agent IDs to run the query on.","items":{"type":"string"},"type":"array"},"agent_platforms":{"description":"A list of agent platforms to run the query on.","items":{"type":"string"},"type":"array"},"agent_policy_ids":{"description":"A list of agent policy IDs to run the query on.","items":{"type":"string"},"type":"array"},"alert_ids":{"description":"A list of alert IDs associated with the live query.","items":{"type":"string"},"type":"array"},"case_ids":{"description":"A list of case IDs associated with the live query.","items":{"type":"string"},"type":"array"},"ecs_mapping":{"$ref":"#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined"},"event_ids":{"description":"A list of event IDs associated with the live query.","items":{"type":"string"},"type":"array"},"metadata":{"description":"Custom metadata object associated with the live query.","nullable":true,"type":"object"},"pack_id":{"$ref":"#/components/schemas/Security_Osquery_API_PackIdOrUndefined"},"queries":{"$ref":"#/components/schemas/Security_Osquery_API_ArrayQueries"},"query":{"$ref":"#/components/schemas/Security_Osquery_API_QueryOrUndefined"},"saved_query_id":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined"}}},"Security_Osquery_API_CreateLiveQueryResponse":{"example":{"data":{"@timestamp":"2022-07-26T09:59:32.220Z","action_id":"3c42c847-eb30-4452-80e0-728584042334","agent_all":true,"agent_ids":[],"agent_platforms":[],"agent_policy_ids":[],"agents":["16d7caf5-efd2-4212-9b62-73dafc91fa13"],"expiration":"2022-07-26T10:04:32.220Z","input_type":"osquery","metadata":{"execution_context":{"name":"osquery","url":"/app/osquery/live_queries/new"}},"queries":[{"action_id":"609c4c66-ba3d-43fa-afdd-53e244577aa0","agents":["16d7caf5-efd2-4212-9b62-73dafc91fa13"],"ecs_mapping":{"host.uptime":{"field":"total_seconds"}},"id":"6724a474-cbba-41ef-a1aa-66aebf0879e2","query":"select * from uptime;","timeout":120}],"type":"INPUT_ACTION","user_id":"elastic"}},"type":"object","properties":{}},"Security_Osquery_API_CreatePacksRequestBody":{"example":{"description":"My pack","enabled":true,"name":"my_pack","policy_ids":["my_policy_id","fleet-server-policy"],"queries":{"my_query":{"ecs_mapping":{"client.port":{"field":"port"},"tags":{"value":["tag1","tag2"]}},"interval":60,"query":"SELECT * FROM listening_ports;","timeout":120}},"shards":{"fleet-server-policy":58,"my_policy_id":35}},"type":"object","properties":{"description":{"$ref":"#/components/schemas/Security_Osquery_API_PackDescriptionOrUndefined"},"enabled":{"$ref":"#/components/schemas/Security_Osquery_API_EnabledOrUndefined"},"name":{"$ref":"#/components/schemas/Security_Osquery_API_PackName"},"policy_ids":{"$ref":"#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined"},"queries":{"$ref":"#/components/schemas/Security_Osquery_API_ObjectQueries"},"shards":{"$ref":"#/components/schemas/Security_Osquery_API_Shards"}}},"Security_Osquery_API_CreatePacksResponse":{"example":{"data":{"created_at":"2025-02-26T13:37:30.452Z","created_by":"elastic","description":"My pack","enabled":true,"name":"my_pack","queries":{"ports":{"ecs_mapping":{"client.port":{"field":"port"}},"interval":60,"query":"SELECT * FROM listening_ports;","removed":false,"snapshot":true,"timeout":120}},"saved_object_id":"1c266590-381f-428c-878f-c80c1334f856","shards":[{"key":"47638692-7c4c-4053-aa3e-7186f28df349","value":35},{"key":"5e267651-fe50-443e-8d3f-3bbc9171b618","value":58}],"updated_at":"2025-02-26T13:37:30.452Z","updated_by":"elastic"}},"type":"object","properties":{}},"Security_Osquery_API_CreateSavedQueryRequestBody":{"example":{"description":"Saved query description","ecs_mapping":{"host.uptime":{"field":"total_seconds"}},"id":"saved_query_id","interval":"60","platform":"linux,darwin","query":"select * from uptime;","timeout":120,"version":"2.8.0"},"type":"object","properties":{"description":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryDescriptionOrUndefined"},"ecs_mapping":{"$ref":"#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined"},"id":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryId"},"interval":{"$ref":"#/components/schemas/Security_Osquery_API_Interval"},"platform":{"$ref":"#/components/schemas/Security_Osquery_API_PlatformOrUndefined"},"query":{"$ref":"#/components/schemas/Security_Osquery_API_QueryOrUndefined"},"removed":{"$ref":"#/components/schemas/Security_Osquery_API_RemovedOrUndefined"},"snapshot":{"$ref":"#/components/schemas/Security_Osquery_API_SnapshotOrUndefined"},"version":{"$ref":"#/components/schemas/Security_Osquery_API_VersionOrUndefined"}}},"Security_Osquery_API_CreateSavedQueryResponse":{"example":{"data":{}},"type":"object","properties":{}},"Security_Osquery_API_DefaultSuccessResponse":{"type":"object","properties":{}},"Security_Osquery_API_ECSMapping":{"additionalProperties":{"$ref":"#/components/schemas/Security_Osquery_API_ECSMappingItem"},"description":"Map osquery results columns or static values to Elastic Common Schema (ECS) fields","example":{"host.uptime":{"field":"total_seconds"}},"type":"object"},"Security_Osquery_API_ECSMappingItem":{"type":"object","properties":{"field":{"description":"The ECS field to map to.","example":"host.uptime","type":"string"},"value":{"description":"The value to map to the ECS field.","example":"total_seconds","oneOf":[{"type":"string"},{"items":{"type":"string"},"type":"array"}]}}},"Security_Osquery_API_ECSMappingOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_ECSMapping","nullable":true},"Security_Osquery_API_Enabled":{"description":"Enables the pack.","example":true,"type":"boolean"},"Security_Osquery_API_EnabledOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_Enabled","nullable":true},"Security_Osquery_API_FindLiveQueryDetailsResponse":{"example":{"data":{"@timestamp":"2022-07-26T09:59:32.220Z","action_id":"3c42c847-eb30-4452-80e0-728584042334","agents":["16d7caf5-efd2-4212-9b62-73dafc91fa13"],"expiration":"2022-07-26T10:04:32.220Z","queries":[{"action_id":"609c4c66-ba3d-43fa-afdd-53e244577aa0","agents":["16d7caf5-efd2-4212-9b62-73dafc91fa13"],"docs":0,"ecs_mapping":{"host.uptime":{"field":"total_seconds"}},"failed":1,"id":"6724a474-cbba-41ef-a1aa-66aebf0879e2","pending":0,"query":"select * from uptime;","responded":1,"saved_query_id":"42ba9c50-0cc5-11ed-aa1d-2b27890bc90d","status":"completed","successful":0}],"status":"completed","user_id":"elastic"}},"type":"object","properties":{}},"Security_Osquery_API_FindLiveQueryResponse":{"example":{"data":{"items":[{"fields":{"@timestamp":"2023-10-31T00:00:00Z","action_id":"3c42c847-eb30-4452-80e0-728584042334","agents":["16d7caf5-efd2-4212-9b62-73dafc91fa13"],"expiration":"2023-10-31T00:00:00Z","queries":[{"action_id":"609c4c66-ba3d-43fa-afdd-53e244577aa0","agents":["16d7caf5-efd2-4212-9b62-73dafc91fa13"],"ecs_mapping":{"host.uptime":{"field":"total_seconds"}},"id":"6724a474-cbba-41ef-a1aa-66aebf0879e2","query":"select * from uptime;","saved_query_id":"42ba9c50-0cc5-11ed-aa1d-2b27890bc90d"}],"user_id":"elastic"}}]}},"type":"object","properties":{}},"Security_Osquery_API_FindPackResponse":{"example":{"data":{"created_at":"2022-07-25T19:41:10.263Z","created_by":"elastic","description":"","enabled":true,"id":"3c42c847-eb30-4452-80e0-728584042334","name":"test_pack","namespaces":["default"],"policy_ids":[],"queries":{"uptime":{"ecs_mapping":{"message":{"field":"days"}},"interval":3600,"query":"select * from uptime"}},"read_only":false,"type":"osquery-pack","updated_at":"2022-07-25T20:12:01.455Z","updated_by":"elastic"}},"type":"object","properties":{}},"Security_Osquery_API_FindPacksResponse":{"example":{"data":[{"attributes":{"created_at":"2023-10-31T00:00:00Z","created_by":"elastic","description":"My pack description","enabled":true,"name":"My Pack","queries":[{"ecs_mapping":[{"host.uptime":{"field":"total_seconds"}}],"id":"uptime","interval":"3600","query":"select * from uptime;"}],"updated_at":"2023-10-31T00:00:00Z","updated_by":"elastic"},"id":"42ba9c50-0cc5-11ed-aa1d-2b27890bc90d","namespaces":["default"],"type":"osquery-pack"}],"page":1,"pageSize":10,"policy_ids":[],"total":1},"type":"object","properties":{}},"Security_Osquery_API_FindSavedQueryDetailResponse":{"example":{"data":{"attributes":{"created_at":"2022-07-26T09:28:08.597Z","created_by":"elastic","description":"Saved query description","ecs_mapping":{"host.uptime":{"field":"total_seconds"}},"id":"saved_query_id","interval":"60","platform":"linux,darwin","prebuilt":false,"query":"select * from uptime;","updated_at":"2022-07-26T09:28:08.597Z","updated_by":"elastic","version":"2.8.0"},"coreMigrationVersion":"8.4.0","id":"3c42c847-eb30-4452-80e0-728584042334","namespaces":["default"],"references":[],"type":"osquery-saved-query","updated_at":"2022-07-26T09:28:08.600Z","version":"WzQzMTcsMV0="}},"type":"object","properties":{}},"Security_Osquery_API_FindSavedQueryResponse":{"example":{"data":[{"attributes":{"created_at":"2022-07-26T09:28:08.597Z","created_by":"elastic","description":"Saved query description","ecs_mapping":{"host.uptime":{"field":"total_seconds"}},"id":"saved_query_id","interval":"60","platform":"linux,darwin","prebuilt":false,"query":"select * from uptime;","updated_at":"2022-07-26T09:28:08.597Z","updated_by":"elastic","version":"2.8.0"},"id":"42ba9c50-0cc5-11ed-aa1d-2b27890bc90d","namespaces":["default"],"type":"osquery-saved-query"}],"page":1,"per_page":100,"total":11},"type":"object","properties":{}},"Security_Osquery_API_GetLiveQueryResultsResponse":{"description":"The response for getting live query results.","example":{"data":{"edges":[{},{}],"total":2}},"type":"object","properties":{}},"Security_Osquery_API_Interval":{"description":"An interval, in seconds, on which to run the query.","example":"60","type":"string"},"Security_Osquery_API_IntervalOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_Interval","nullable":true},"Security_Osquery_API_KueryOrUndefined":{"description":"The kuery to filter the results by.","example":"agent.id: 16d7caf5-efd2-4212-9b62-73dafc91fa13","nullable":true,"type":"string"},"Security_Osquery_API_ObjectQueries":{"additionalProperties":{"$ref":"#/components/schemas/Security_Osquery_API_ObjectQueriesItem"},"description":"An object of queries.","type":"object"},"Security_Osquery_API_ObjectQueriesItem":{"type":"object","properties":{"ecs_mapping":{"$ref":"#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined"},"id":{"$ref":"#/components/schemas/Security_Osquery_API_QueryId"},"platform":{"$ref":"#/components/schemas/Security_Osquery_API_PlatformOrUndefined"},"query":{"$ref":"#/components/schemas/Security_Osquery_API_Query"},"removed":{"$ref":"#/components/schemas/Security_Osquery_API_RemovedOrUndefined"},"saved_query_id":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined"},"snapshot":{"$ref":"#/components/schemas/Security_Osquery_API_SnapshotOrUndefined"},"version":{"$ref":"#/components/schemas/Security_Osquery_API_VersionOrUndefined"}}},"Security_Osquery_API_PackDescription":{"description":"The pack description.","example":"Pack description","type":"string"},"Security_Osquery_API_PackDescriptionOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_PackDescription","nullable":true},"Security_Osquery_API_PackId":{"description":"The ID of the pack you want to run, retrieve, update, or delete.","example":"3c42c847-eb30-4452-80e0-728584042334","type":"string"},"Security_Osquery_API_PackIdOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_PackId","nullable":true},"Security_Osquery_API_PackName":{"description":"The pack name.","type":"string"},"Security_Osquery_API_PageOrUndefined":{"description":"The page number to return. The default is 1.","example":1,"nullable":true,"type":"integer"},"Security_Osquery_API_PageSizeOrUndefined":{"description":"The number of results to return per page. The default is 20.","example":20,"nullable":true,"type":"integer"},"Security_Osquery_API_Platform":{"description":"Restricts the query to a specified platform. The default is all platforms. To specify multiple platforms, use commas. For example, `linux,darwin`.","example":"linux,darwin","type":"string"},"Security_Osquery_API_PlatformOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_Platform","nullable":true},"Security_Osquery_API_PolicyIds":{"description":"A list of agents policy IDs.","example":["policyId1","policyId2"],"items":{"type":"string"},"type":"array"},"Security_Osquery_API_PolicyIdsOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_PolicyIds","nullable":true},"Security_Osquery_API_Query":{"description":"The SQL query you want to run.","example":"select * from uptime;","type":"string"},"Security_Osquery_API_QueryId":{"description":"The ID of the query.","example":"3c42c847-eb30-4452-80e0-728584042334","type":"string"},"Security_Osquery_API_QueryOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_Query","nullable":true},"Security_Osquery_API_Removed":{"description":"Indicates whether the query is removed.","example":false,"type":"boolean"},"Security_Osquery_API_RemovedOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_Removed","nullable":true},"Security_Osquery_API_SavedQueryDescription":{"description":"The saved query description.","example":"Saved query description","type":"string"},"Security_Osquery_API_SavedQueryDescriptionOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryDescription","nullable":true},"Security_Osquery_API_SavedQueryId":{"description":"The ID of a saved query.","example":"3c42c847-eb30-4452-80e0-728584042334","type":"string"},"Security_Osquery_API_SavedQueryIdOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryId","nullable":true},"Security_Osquery_API_Shards":{"additionalProperties":{"type":"number"},"description":"An object with shard configuration for policies included in the pack. For each policy, set the shard configuration to a percentage (1–100) of target hosts.","example":{"policy_id":50},"type":"object"},"Security_Osquery_API_Snapshot":{"description":"Indicates whether the query is a snapshot.","example":true,"type":"boolean"},"Security_Osquery_API_SnapshotOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_Snapshot","nullable":true},"Security_Osquery_API_SortOrderOrUndefined":{"description":"Specifies the sort order.","enum":["asc","desc"],"example":"desc","type":"string"},"Security_Osquery_API_SortOrUndefined":{"default":"createdAt","description":"The field that is used to sort the results.","example":"createdAt","nullable":true,"type":"string"},"Security_Osquery_API_UpdatePacksRequestBody":{"example":{"name":"updated_my_pack_name"},"type":"object","properties":{"description":{"$ref":"#/components/schemas/Security_Osquery_API_PackDescriptionOrUndefined"},"enabled":{"$ref":"#/components/schemas/Security_Osquery_API_EnabledOrUndefined"},"name":{"$ref":"#/components/schemas/Security_Osquery_API_PackName"},"policy_ids":{"$ref":"#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined"},"queries":{"$ref":"#/components/schemas/Security_Osquery_API_ObjectQueries"},"shards":{"$ref":"#/components/schemas/Security_Osquery_API_Shards"}}},"Security_Osquery_API_UpdatePacksResponse":{"example":{"data":{"created_at":"2025-02-26T13:37:30.452Z","created_by":"elastic","description":"My pack","enabled":true,"name":"updated_my_pack_name","queries":{"ports":{"ecs_mapping":{"client.port":{"field":"port"}},"interval":60,"query":"SELECT * FROM listening_ports;","removed":false,"snapshot":true,"timeout":120}},"saved_object_id":"1c266590-381f-428c-878f-c80c1334f856","shards":[{"key":"47638692-7c4c-4053-aa3e-7186f28df349","value":35},{"key":"5e267651-fe50-443e-8d3f-3bbc9171b618","value":58}],"updated_at":"2025-02-26T13:40:16.297Z","updated_by":"elastic"}},"type":"object","properties":{}},"Security_Osquery_API_UpdateSavedQueryRequestBody":{"example":{"id":"updated_my_saved_query_name"},"type":"object","properties":{"description":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryDescriptionOrUndefined"},"ecs_mapping":{"$ref":"#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined"},"id":{"$ref":"#/components/schemas/Security_Osquery_API_SavedQueryId"},"interval":{"$ref":"#/components/schemas/Security_Osquery_API_IntervalOrUndefined"},"platform":{"$ref":"#/components/schemas/Security_Osquery_API_PlatformOrUndefined"},"query":{"$ref":"#/components/schemas/Security_Osquery_API_QueryOrUndefined"},"removed":{"$ref":"#/components/schemas/Security_Osquery_API_RemovedOrUndefined"},"snapshot":{"$ref":"#/components/schemas/Security_Osquery_API_SnapshotOrUndefined"},"version":{"$ref":"#/components/schemas/Security_Osquery_API_VersionOrUndefined"}}},"Security_Osquery_API_UpdateSavedQueryResponse":{"example":{"data":{}},"type":"object","properties":{}},"Security_Osquery_API_Version":{"description":"Uses the Osquery versions greater than or equal to the specified version string.","example":"1.0.0","type":"string"},"Security_Osquery_API_VersionOrUndefined":{"$ref":"#/components/schemas/Security_Osquery_API_Version","nullable":true},"Security_Timeline_API_AssociatedFilterType":{"description":"Filter notes based on their association with a document or saved object.","enum":["all","document_only","saved_object_only","document_and_saved_object","orphan"],"type":"string"},"Security_Timeline_API_BareNote":{"allOf":[{"$ref":"#/components/schemas/Security_Timeline_API_NoteCreatedAndUpdatedMetadata"},{"type":"object","properties":{"eventId":{"description":"The `_id` of the associated event for this note.","example":"d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc","nullable":true,"type":"string"},"note":{"description":"The text of the note","example":"This is an example text","nullable":true,"type":"string"},"timelineId":{"description":"The `savedObjectId` of the Timeline that this note is associated with","example":"15c1929b-0af7-42bd-85a8-56e234cc7c4e","type":"string"}},"required":["timelineId"]}]},"Security_Timeline_API_BarePinnedEvent":{"allOf":[{"$ref":"#/components/schemas/Security_Timeline_API_PinnedEventCreatedAndUpdatedMetadata"},{"type":"object","properties":{"eventId":{"description":"The `_id` of the associated event for this pinned event.","example":"d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc","type":"string"},"timelineId":{"description":"The `savedObjectId` of the timeline that this pinned event is associated with","example":"15c1929b-0af7-42bd-85a8-56e234cc7c4e","type":"string"}},"required":["eventId","timelineId"]}]},"Security_Timeline_API_ColumnHeaderResult":{"type":"object","properties":{"aggregatable":{"nullable":true,"type":"boolean"},"category":{"nullable":true,"type":"string"},"columnHeaderType":{"nullable":true,"type":"string"},"description":{"nullable":true,"type":"string"},"example":{"nullable":true,"type":"string"},"id":{"nullable":true,"type":"string"},"indexes":{"items":{"type":"string"},"nullable":true,"type":"array"},"name":{"nullable":true,"type":"string"},"placeholder":{"nullable":true,"type":"string"},"searchable":{"nullable":true,"type":"boolean"},"type":{"nullable":true,"type":"string"}}},"Security_Timeline_API_DataProviderQueryMatch":{"type":"object","properties":{"enabled":{"nullable":true,"type":"boolean"},"excluded":{"nullable":true,"type":"boolean"},"id":{"nullable":true,"type":"string"},"kqlQuery":{"nullable":true,"type":"string"},"name":{"nullable":true,"type":"string"},"queryMatch":{"$ref":"#/components/schemas/Security_Timeline_API_QueryMatchResult","nullable":true},"type":{"$ref":"#/components/schemas/Security_Timeline_API_DataProviderType","nullable":true}}},"Security_Timeline_API_DataProviderResult":{"type":"object","properties":{"and":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_DataProviderQueryMatch"},"nullable":true,"type":"array"},"enabled":{"nullable":true,"type":"boolean"},"excluded":{"nullable":true,"type":"boolean"},"id":{"nullable":true,"type":"string"},"kqlQuery":{"nullable":true,"type":"string"},"name":{"nullable":true,"type":"string"},"queryMatch":{"$ref":"#/components/schemas/Security_Timeline_API_QueryMatchResult","nullable":true},"type":{"$ref":"#/components/schemas/Security_Timeline_API_DataProviderType","nullable":true}}},"Security_Timeline_API_DataProviderType":{"description":"The type of data provider.","enum":["default","template"],"type":"string"},"Security_Timeline_API_DocumentIds":{"oneOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]},"Security_Timeline_API_FavoriteTimelineResponse":{"type":"object","properties":{"favorite":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_FavoriteTimelineResult"},"type":"array"},"savedObjectId":{"type":"string"},"templateTimelineId":{"nullable":true,"type":"string"},"templateTimelineVersion":{"nullable":true,"type":"number"},"timelineType":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineType"},"version":{"type":"string"}},"required":["savedObjectId","version"]},"Security_Timeline_API_FavoriteTimelineResult":{"description":"Indicates when and who marked a Timeline as a favorite.","example":{"favoriteDate":1741337636741,"userName":"elastic"},"type":"object","properties":{"favoriteDate":{"nullable":true,"type":"number"},"fullName":{"nullable":true,"type":"string"},"userName":{"nullable":true,"type":"string"}}},"Security_Timeline_API_FilterTimelineResult":{"example":{"meta":{"alias":"Custom filter name","disabled":false,"index":".alerts-security.alerts-default,logs-*","key":"@timestamp","negate":"false,","type":"exists","value":"exists"},"query":"{\"exists\":{\"field\":\"@timestamp\"}}"},"type":"object","properties":{"exists":{"nullable":true,"type":"string"},"match_all":{"nullable":true,"type":"string"},"meta":{"nullable":true,"type":"object","properties":{"alias":{"nullable":true,"type":"string"},"controlledBy":{"nullable":true,"type":"string"},"disabled":{"nullable":true,"type":"boolean"},"field":{"nullable":true,"type":"string"},"formattedValue":{"nullable":true,"type":"string"},"index":{"nullable":true,"type":"string"},"key":{"nullable":true,"type":"string"},"negate":{"nullable":true,"type":"boolean"},"params":{"nullable":true,"type":"string"},"type":{"nullable":true,"type":"string"},"value":{"nullable":true,"type":"string"}}},"missing":{"nullable":true,"type":"string"},"query":{"nullable":true,"type":"string"},"range":{"nullable":true,"type":"string"},"script":{"nullable":true,"type":"string"}}},"Security_Timeline_API_GetNotesResult":{"type":"object","properties":{"notes":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_Note"},"type":"array"},"totalCount":{"type":"number"}},"required":["totalCount","notes"]},"Security_Timeline_API_ImportTimelineResult":{"type":"object","properties":{"errors":{"description":"The list of failed Timeline imports","items":{"type":"object","properties":{"error":{"description":"The error containing the reason why the timeline could not be imported","type":"object","properties":{"message":{"description":"The reason why the timeline could not be imported","example":"Malformed JSON","type":"string"},"status_code":{"description":"The HTTP status code of the error","example":400,"type":"number"}}},"id":{"description":"The ID of the timeline that failed to import","example":"6ce1b592-84e3-4b4a-9552-f189d4b82075","type":"string"}}},"type":"array"},"success":{"description":"Indicates whether any of the Timelines were successfully imports","type":"boolean"},"success_count":{"description":"The amount of successfully imported/updated Timelines","example":99,"type":"number"},"timelines_installed":{"description":"The amount of successfully installed Timelines","example":80,"type":"number"},"timelines_updated":{"description":"The amount of successfully updated Timelines","example":19,"type":"number"}}},"Security_Timeline_API_ImportTimelines":{"allOf":[{"$ref":"#/components/schemas/Security_Timeline_API_SavedTimeline"},{"type":"object","properties":{"eventNotes":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_BareNote"},"nullable":true,"type":"array"},"globalNotes":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_BareNote"},"nullable":true,"type":"array"},"pinnedEventIds":{"items":{"type":"string"},"nullable":true,"type":"array"},"savedObjectId":{"nullable":true,"type":"string"},"version":{"nullable":true,"type":"string"}},"required":["savedObjectId","version","pinnedEventIds","eventNotes","globalNotes"]}]},"Security_Timeline_API_Note":{"allOf":[{"$ref":"#/components/schemas/Security_Timeline_API_BareNote"},{"type":"object","properties":{"noteId":{"description":"The `savedObjectId` of the note","example":"709f99c6-89b6-4953-9160-35945c8e174e","type":"string"},"version":{"description":"The version of the note","example":"WzQ2LDFd","type":"string"}},"required":["noteId","version"]}]},"Security_Timeline_API_NoteCreatedAndUpdatedMetadata":{"type":"object","properties":{"created":{"description":"The time the note was created, using a 13-digit Epoch timestamp.","example":1587468588922,"nullable":true,"type":"number"},"createdBy":{"description":"The user who created the note.","example":"casetester","nullable":true,"type":"string"},"updated":{"description":"The last time the note was updated, using a 13-digit Epoch timestamp","example":1741344876825,"nullable":true,"type":"number"},"updatedBy":{"description":"The user who last updated the note","example":"casetester","nullable":true,"type":"string"}}},"Security_Timeline_API_PersistPinnedEventResponse":{"oneOf":[{"$ref":"#/components/schemas/Security_Timeline_API_PinnedEvent"},{"type":"object","properties":{"unpinned":{"description":"Indicates whether the event was successfully unpinned","type":"boolean"}},"required":["unpinned"]}]},"Security_Timeline_API_PersistTimelineResponse":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineResponse"},"Security_Timeline_API_PinnedEvent":{"allOf":[{"$ref":"#/components/schemas/Security_Timeline_API_BarePinnedEvent"},{"type":"object","properties":{"pinnedEventId":{"description":"The `savedObjectId` of this pinned event","example":"10r1929b-0af7-42bd-85a8-56e234f98h2f3","type":"string"},"version":{"description":"The version of this pinned event","example":"WzQ2LDFe","type":"string"}},"required":["pinnedEventId","version"]}]},"Security_Timeline_API_PinnedEventCreatedAndUpdatedMetadata":{"type":"object","properties":{"created":{"description":"The time the pinned event was created, using a 13-digit Epoch timestamp.","example":1587468588922,"nullable":true,"type":"number"},"createdBy":{"description":"The user who created the pinned event.","example":"casetester","nullable":true,"type":"string"},"updated":{"description":"The last time the pinned event was updated, using a 13-digit Epoch timestamp","example":1741344876825,"nullable":true,"type":"number"},"updatedBy":{"description":"The user who last updated the pinned event","example":"casetester","nullable":true,"type":"string"}}},"Security_Timeline_API_QueryMatchResult":{"type":"object","properties":{"displayField":{"nullable":true,"type":"string"},"displayValue":{"nullable":true,"type":"string"},"field":{"nullable":true,"type":"string"},"operator":{"nullable":true,"type":"string"},"value":{"oneOf":[{"nullable":true,"type":"string"},{"items":{"type":"string"},"nullable":true,"type":"array"}]}}},"Security_Timeline_API_ResolvedTimeline":{"type":"object","properties":{"alias_purpose":{"$ref":"#/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose"},"alias_target_id":{"type":"string"},"outcome":{"$ref":"#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome"},"timeline":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject"}},"required":["timeline","outcome"]},"Security_Timeline_API_ResponseNote":{"type":"object","properties":{"note":{"$ref":"#/components/schemas/Security_Timeline_API_Note"}},"required":["note"]},"Security_Timeline_API_RowRendererId":{"description":"Identifies the available row renderers","enum":["alert","alerts","auditd","auditd_file","library","netflow","plain","registry","suricata","system","system_dns","system_endgame_process","system_file","system_fim","system_security_event","system_socket","threat_match","zeek"],"type":"string"},"Security_Timeline_API_SavedObjectIds":{"oneOf":[{"items":{"type":"string"},"type":"array"},{"type":"string"}]},"Security_Timeline_API_SavedObjectResolveAliasPurpose":{"enum":["savedObjectConversion","savedObjectImport"],"type":"string"},"Security_Timeline_API_SavedObjectResolveOutcome":{"enum":["exactMatch","aliasMatch","conflict"],"type":"string"},"Security_Timeline_API_SavedTimeline":{"type":"object","properties":{"columns":{"description":"The Timeline's columns","example":[{"columnHeaderType":"not-filtered","id":"@timestamp"},{"columnHeaderType":"not-filtered","id":"event.category"}],"items":{"$ref":"#/components/schemas/Security_Timeline_API_ColumnHeaderResult"},"nullable":true,"type":"array"},"created":{"description":"The time the Timeline was created, using a 13-digit Epoch timestamp.","example":1587468588922,"nullable":true,"type":"number"},"createdBy":{"description":"The user who created the Timeline.","example":"casetester","nullable":true,"type":"string"},"dataProviders":{"description":"Object containing query clauses","example":[{"enabled":true,"excluded":false,"id":"id-d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bcbf66f57d124dcc739c98e6b","name":"d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bcbf66f57d124dcc739c98e6b","queryMatch":{"field":"_id,","operator":":","value":"d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bcbf66f57d124dcc739c98e6b,"}}],"items":{"$ref":"#/components/schemas/Security_Timeline_API_DataProviderResult"},"nullable":true,"type":"array"},"dataViewId":{"description":"ID of the Timeline's Data View","example":"security-solution-default","nullable":true,"type":"string"},"dateRange":{"description":"The Timeline's search period.","example":{"end":1587456479201,"start":1587370079200},"nullable":true,"type":"object","properties":{"end":{"oneOf":[{"nullable":true,"type":"string"},{"nullable":true,"type":"number"}]},"start":{"oneOf":[{"nullable":true,"type":"string"},{"nullable":true,"type":"number"}]}}},"description":{"description":"The Timeline's description","example":"Investigating exposure of CVE XYZ","nullable":true,"type":"string"},"eqlOptions":{"description":"EQL query that is used in the correlation tab","example":{"eventCategoryField":"event.category","query":"sequence\\n[process where process.name == \"sudo\"]\\n[any where true]","size":100,"timestampField":"@timestamp"},"nullable":true,"type":"object","properties":{"eventCategoryField":{"nullable":true,"type":"string"},"query":{"nullable":true,"type":"string"},"size":{"oneOf":[{"nullable":true,"type":"string"},{"nullable":true,"type":"number"}]},"tiebreakerField":{"nullable":true,"type":"string"},"timestampField":{"nullable":true,"type":"string"}}},"eventType":{"deprecated":true,"description":"Event types displayed in the Timeline","example":"all","nullable":true,"type":"string"},"excludedRowRendererIds":{"description":"A list of row renderers that should not be used when in `Event renderers` mode","items":{"$ref":"#/components/schemas/Security_Timeline_API_RowRendererId"},"nullable":true,"type":"array"},"favorite":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_FavoriteTimelineResult"},"nullable":true,"type":"array"},"filters":{"description":"A list of filters that should be applied to the query","items":{"$ref":"#/components/schemas/Security_Timeline_API_FilterTimelineResult"},"nullable":true,"type":"array"},"indexNames":{"description":"A list of index names to use in the query (e.g. when the default data view has been modified)","example":[".logs*"],"items":{"type":"string"},"nullable":true,"type":"array"},"kqlMode":{"description":"Indicates whether the KQL bar filters the query results or searches for additional results, where:\n * `filter`: filters query results\n * `search`: displays additional search results","example":"search","nullable":true,"type":"string"},"kqlQuery":{"$ref":"#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult","nullable":true},"savedQueryId":{"description":"The ID of the saved query that might be used in the Query tab","example":"c7b16904-02d7-4f32-b8f2-cc20f9625d6e","nullable":true,"type":"string"},"savedSearchId":{"description":"The ID of the saved search that is used in the ES|QL tab","example":"6ce1b592-84e3-4b4a-9552-f189d4b82075","nullable":true,"type":"string"},"sort":{"$ref":"#/components/schemas/Security_Timeline_API_Sort","nullable":true},"status":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineStatus","nullable":true},"templateTimelineId":{"description":"A unique ID (UUID) for Timeline templates. For Timelines, the value is `null`.","example":"6ce1b592-84e3-4b4a-9552-f189d4b82075","nullable":true,"type":"string"},"templateTimelineVersion":{"description":"Timeline template version number. For Timelines, the value is `null`.","example":12,"nullable":true,"type":"number"},"timelineType":{"$ref":"#/components/schemas/Security_Timeline_API_TimelineType","nullable":true},"title":{"description":"The Timeline's title.","example":"CVE XYZ investigation","nullable":true,"type":"string"},"updated":{"description":"The last time the Timeline was updated, using a 13-digit Epoch timestamp","example":1741344876825,"nullable":true,"type":"number"},"updatedBy":{"description":"The user who last updated the Timeline","example":"casetester","nullable":true,"type":"string"}}},"Security_Timeline_API_SavedTimelineWithSavedObjectId":{"allOf":[{"$ref":"#/components/schemas/Security_Timeline_API_SavedTimeline"},{"type":"object","properties":{"savedObjectId":{"description":"The `savedObjectId` of the Timeline or Timeline template","example":"15c1929b-0af7-42bd-85a8-56e234cc7c4e","type":"string"},"version":{"description":"The version of the Timeline or Timeline template","example":"WzE0LDFd","type":"string"}},"required":["savedObjectId","version"]}]},"Security_Timeline_API_SerializedFilterQueryResult":{"description":"KQL bar query.","example":{"filterQuery":null,"kuery":{"expression":"_id : *","kind":"kuery"},"serializedQuery":"{\"bool\":{\"should\":[{\"exists\":{\"field\":\"_id\"}}],\"minimum_should_match\":1}}"},"type":"object","properties":{"filterQuery":{"nullable":true,"type":"object","properties":{"kuery":{"nullable":true,"type":"object","properties":{"expression":{"nullable":true,"type":"string"},"kind":{"nullable":true,"type":"string"}}},"serializedQuery":{"nullable":true,"type":"string"}}}}},"Security_Timeline_API_Sort":{"oneOf":[{"$ref":"#/components/schemas/Security_Timeline_API_SortObject"},{"items":{"$ref":"#/components/schemas/Security_Timeline_API_SortObject"},"type":"array"}]},"Security_Timeline_API_SortFieldTimeline":{"description":"The field to sort the timelines by.","enum":["title","description","updated","created"],"type":"string"},"Security_Timeline_API_SortObject":{"description":"Object indicating how rows are sorted in the Timeline's grid","example":{"columnId":"@timestamp","sortDirection":"desc"},"type":"object","properties":{"columnId":{"nullable":true,"type":"string"},"columnType":{"nullable":true,"type":"string"},"sortDirection":{"nullable":true,"type":"string"}}},"Security_Timeline_API_TimelineResponse":{"allOf":[{"$ref":"#/components/schemas/Security_Timeline_API_SavedTimeline"},{"$ref":"#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId"},{"type":"object","properties":{"eventIdToNoteIds":{"description":"A list of all the notes that are associated to this Timeline.","items":{"$ref":"#/components/schemas/Security_Timeline_API_Note"},"nullable":true,"type":"array"},"noteIds":{"description":"A list of all the ids of notes that are associated to this Timeline.","example":["709f99c6-89b6-4953-9160-35945c8e174e"],"items":{"type":"string"},"nullable":true,"type":"array"},"notes":{"description":"A list of all the notes that are associated to this Timeline.","items":{"$ref":"#/components/schemas/Security_Timeline_API_Note"},"nullable":true,"type":"array"},"pinnedEventIds":{"description":"A list of all the ids of pinned events that are associated to this Timeline.","example":["983f99c6-89b6-4953-9160-35945c8a194f"],"items":{"type":"string"},"nullable":true,"type":"array"},"pinnedEventsSaveObject":{"description":"A list of all the pinned events that are associated to this Timeline.","items":{"$ref":"#/components/schemas/Security_Timeline_API_PinnedEvent"},"nullable":true,"type":"array"}}}]},"Security_Timeline_API_TimelineSavedToReturnObject":{"allOf":[{"$ref":"#/components/schemas/Security_Timeline_API_SavedTimeline"},{"type":"object","properties":{"eventIdToNoteIds":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_Note"},"nullable":true,"type":"array"},"noteIds":{"items":{"type":"string"},"nullable":true,"type":"array"},"notes":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_Note"},"nullable":true,"type":"array"},"pinnedEventIds":{"items":{"type":"string"},"nullable":true,"type":"array"},"pinnedEventsSaveObject":{"items":{"$ref":"#/components/schemas/Security_Timeline_API_PinnedEvent"},"nullable":true,"type":"array"},"savedObjectId":{"type":"string"},"version":{"type":"string"}},"required":["savedObjectId","version"]}]},"Security_Timeline_API_TimelineStatus":{"description":"The status of the Timeline.","enum":["active","draft","immutable"],"type":"string"},"Security_Timeline_API_TimelineType":{"description":"The type of Timeline.","enum":["default","template"],"type":"string"},"Short_URL_APIs_urlResponse":{"type":"object","properties":{"accessCount":{"type":"integer"},"accessDate":{"type":"string"},"createDate":{"type":"string"},"id":{"description":"The identifier for the short URL.","type":"string"},"locator":{"type":"object","properties":{"id":{"description":"The identifier for the locator.","type":"string"},"state":{"description":"The locator parameters.","type":"object"},"version":{"description":"The version of Kibana when the short URL was created.","type":"string"}}},"slug":{"description":"A random human-readable slug is automatically generated if the `humanReadableSlug` parameter is set to `true`. If it is set to `false`, a random short string is generated.\n","type":"string"}}},"SLOs_400_response":{"title":"Bad request","type":"object","properties":{"error":{"example":"Bad Request","type":"string"},"message":{"example":"Invalid value 'foo' supplied to: [...]","type":"string"},"statusCode":{"example":400,"type":"number"}},"required":["statusCode","error","message"]},"SLOs_401_response":{"title":"Unauthorized","type":"object","properties":{"error":{"example":"Unauthorized","type":"string"},"message":{"example":"[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]","type":"string"},"statusCode":{"example":401,"type":"number"}},"required":["statusCode","error","message"]},"SLOs_403_response":{"title":"Unauthorized","type":"object","properties":{"error":{"example":"Unauthorized","type":"string"},"message":{"example":"[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]","type":"string"},"statusCode":{"example":403,"type":"number"}},"required":["statusCode","error","message"]},"SLOs_404_response":{"title":"Not found","type":"object","properties":{"error":{"example":"Not Found","type":"string"},"message":{"example":"SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found","type":"string"},"statusCode":{"example":404,"type":"number"}},"required":["statusCode","error","message"]},"SLOs_409_response":{"title":"Conflict","type":"object","properties":{"error":{"example":"Conflict","type":"string"},"message":{"example":"SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists","type":"string"},"statusCode":{"example":409,"type":"number"}},"required":["statusCode","error","message"]},"SLOs_budgeting_method":{"description":"The budgeting method to use when computing the rollup data.","enum":["occurrences","timeslices"],"example":"occurrences","title":"Budgeting method","type":"string"},"SLOs_bulk_delete_request":{"description":"The bulk delete SLO request takes a list of SLOs Definition id to delete.\n","properties":{"list":{"description":"An array of SLO Definition id","items":{"description":"The SLO Definition id","example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"},"type":"array"}},"required":["list"],"title":"Bulk delete SLO request","type":"object"},"SLOs_bulk_delete_response":{"description":"The bulk delete SLO response returns a taskId that can be used to poll for its status\n","properties":{"taskId":{"description":"The taskId of the bulk delete operation","example":"d08506b7-f0e8-4f8b-a06a-a83940f4db91","type":"string"}},"title":"Bulk delete SLO response","type":"object"},"SLOs_bulk_delete_status_response":{"description":"Indicates if the bulk deletion is completed, with the detailed results of the operation.","properties":{"error":{"description":"The error message if the bulk deletion operation failed","example":"Task not found","type":"string"},"isDone":{"description":"Indicates if the bulk deletion operation is completed","example":true,"type":"boolean"},"results":{"description":"The results of the bulk deletion operation, including the success status and any errors for each SLO","items":{"type":"object","properties":{"error":{"description":"The error message if the deletion operation failed for this SLO","example":"SLO [d08506b7-f0e8-4f8b-a06a-a83940f4db91] not found","type":"string"},"id":{"description":"The ID of the SLO that was deleted","example":"d08506b7-f0e8-4f8b-a06a-a83940f4db91","type":"string"},"success":{"description":"The result of the deletion operation for this SLO","example":true,"type":"boolean"}}},"type":"array"}},"title":"The status of the bulk deletion","type":"object"},"SLOs_bulk_purge_rollup_request":{"description":"The bulk purge rollup data request takes a list of SLO ids and a purge policy, then deletes the rollup data according to the purge policy. This API can be used to remove the staled data of an instance SLO that no longer get updated.\n","properties":{"list":{"description":"An array of slo ids","items":{"description":"The SLO Definition id","example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"},"type":"array"},"purgePolicy":{"description":"Policy that dictates which SLI documents to purge based on age","oneOf":[{"type":"object","properties":{"age":{"description":"The duration to determine which documents to purge, formatted as {duration}{unit}. This value should be greater than or equal to the time window of every SLO provided.","example":"7d","type":"string"},"purgeType":{"description":"Specifies whether documents will be purged based on a specific age or on a timestamp","enum":["fixed-age"],"type":"string"}}},{"type":"object","properties":{"purgeType":{"description":"Specifies whether documents will be purged based on a specific age or on a timestamp","enum":["fixed-time"],"type":"string"},"timestamp":{"description":"The timestamp to determine which documents to purge, formatted in ISO. This value should be older than the applicable time window of every SLO provided.","example":"2024-12-31T00:00:00.000Z","type":"string"}}}],"type":"object"}},"required":["list","purgePolicy"],"title":"Bulk Purge Rollup data request","type":"object"},"SLOs_bulk_purge_rollup_response":{"description":"The bulk purge rollup data response returns a task id from the elasticsearch deleteByQuery response.\n","properties":{"taskId":{"description":"The task id of the purge operation","example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"}},"title":"Bulk Purge Rollup data response","type":"object"},"SLOs_create_slo_request":{"description":"The create SLO API request body varies depending on the type of indicator, time window and budgeting method.\n","properties":{"budgetingMethod":{"$ref":"#/components/schemas/SLOs_budgeting_method"},"description":{"description":"A description for the SLO.","type":"string"},"groupBy":{"$ref":"#/components/schemas/SLOs_group_by"},"id":{"description":"A optional and unique identifier for the SLO. Must be between 8 and 36 chars","example":"my-super-slo-id","type":"string"},"indicator":{"oneOf":[{"$ref":"#/components/schemas/SLOs_indicator_properties_custom_kql"},{"$ref":"#/components/schemas/SLOs_indicator_properties_apm_availability"},{"$ref":"#/components/schemas/SLOs_indicator_properties_apm_latency"},{"$ref":"#/components/schemas/SLOs_indicator_properties_custom_metric"},{"$ref":"#/components/schemas/SLOs_indicator_properties_histogram"},{"$ref":"#/components/schemas/SLOs_indicator_properties_timeslice_metric"}]},"name":{"description":"A name for the SLO.","type":"string"},"objective":{"$ref":"#/components/schemas/SLOs_objective"},"settings":{"$ref":"#/components/schemas/SLOs_settings"},"tags":{"description":"List of tags","items":{"type":"string"},"type":"array"},"timeWindow":{"$ref":"#/components/schemas/SLOs_time_window"}},"required":["name","description","indicator","timeWindow","budgetingMethod","objective"],"title":"Create SLO request","type":"object"},"SLOs_create_slo_response":{"title":"Create SLO response","type":"object","properties":{"id":{"example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"}},"required":["id"]},"SLOs_delete_slo_instances_request":{"description":"The delete SLO instances request takes a list of SLO id and instance id, then delete the rollup and summary data. This API can be used to remove the staled data of an instance SLO that no longer get updated.\n","properties":{"list":{"description":"An array of slo id and instance id","items":{"type":"object","properties":{"instanceId":{"description":"The SLO instance identifier","example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"},"sloId":{"description":"The SLO unique identifier","example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"}},"required":["sloId","instanceId"]},"type":"array"}},"required":["list"],"title":"Delete SLO instances request","type":"object"},"SLOs_error_budget":{"title":"Error budget","type":"object","properties":{"consumed":{"description":"The error budget consummed, as a percentage of the initial value.","example":0.8,"type":"number"},"initial":{"description":"The initial error budget, as 1 - objective","example":0.02,"type":"number"},"isEstimated":{"description":"Only for SLO defined with occurrences budgeting method and calendar aligned time window.","example":true,"type":"boolean"},"remaining":{"description":"The error budget remaining, as a percentage of the initial value.","example":0.2,"type":"number"}},"required":["initial","consumed","remaining","isEstimated"]},"SLOs_filter":{"description":"Defines properties for a filter","properties":{"meta":{"$ref":"#/components/schemas/SLOs_filter_meta"},"query":{"type":"object"}},"title":"Filter","type":"object"},"SLOs_filter_meta":{"description":"Defines properties for a filter","properties":{"alias":{"nullable":true,"type":"string"},"controlledBy":{"type":"string"},"disabled":{"type":"boolean"},"field":{"type":"string"},"group":{"type":"string"},"index":{"type":"string"},"isMultiIndex":{"type":"boolean"},"key":{"type":"string"},"negate":{"type":"boolean"},"params":{"type":"object"},"type":{"type":"string"},"value":{"type":"string"}},"title":"FilterMeta","type":"object"},"SLOs_find_slo_definitions_response":{"description":"A paginated response of SLO definitions matching the query.\n","oneOf":[{"type":"object","properties":{"page":{"example":1,"type":"number"},"perPage":{"example":25,"type":"number"},"results":{"items":{"$ref":"#/components/schemas/SLOs_slo_with_summary_response"},"type":"array"},"total":{"example":34,"type":"number"}}},{"type":"object","properties":{"page":{"default":1,"description":"for backward compability","type":"number"},"perPage":{"description":"for backward compability","example":25,"type":"number"},"results":{"items":{"$ref":"#/components/schemas/SLOs_slo_with_summary_response"},"type":"array"},"searchAfter":{"description":"the cursor to provide to get the next paged results","example":["some-slo-id","other-cursor-id"],"items":{"type":"string"},"type":"array"},"size":{"example":25,"type":"number"},"total":{"example":34,"type":"number"}}}],"title":"Find SLO definitions response","type":"object"},"SLOs_find_slo_response":{"description":"A paginated response of SLOs matching the query.\n","properties":{"page":{"example":1,"type":"number"},"perPage":{"example":25,"type":"number"},"results":{"items":{"$ref":"#/components/schemas/SLOs_slo_with_summary_response"},"type":"array"},"searchAfter":{"type":"string"},"size":{"description":"Size provided for cursor based pagination","example":25,"type":"number"},"total":{"example":34,"type":"number"}},"title":"Find SLO response","type":"object"},"SLOs_group_by":{"description":"optional group by field or fields to use to generate an SLO per distinct value","example":[["service.name"],"service.name",["service.name","service.environment"]],"oneOf":[{"type":"string"},{"items":{"type":"string"},"type":"array"}],"title":"Group by"},"SLOs_indicator_properties_apm_availability":{"description":"Defines properties for the APM availability indicator type","type":"object","properties":{"params":{"description":"An object containing the indicator parameters.","nullable":false,"type":"object","properties":{"environment":{"description":"The APM service environment or \"*\"","example":"production","type":"string"},"filter":{"description":"KQL query used for filtering the data","example":"service.foo : \"bar\"","type":"string"},"index":{"description":"The index used by APM metrics","example":"metrics-apm*,apm*","type":"string"},"service":{"description":"The APM service name","example":"o11y-app","type":"string"},"transactionName":{"description":"The APM transaction name or \"*\"","example":"GET /my/api","type":"string"},"transactionType":{"description":"The APM transaction type or \"*\"","example":"request","type":"string"}},"required":["service","environment","transactionType","transactionName","index"]},"type":{"description":"The type of indicator.","example":"sli.apm.transactionDuration","type":"string"}},"required":["type","params"],"title":"APM availability"},"SLOs_indicator_properties_apm_latency":{"description":"Defines properties for the APM latency indicator type","type":"object","properties":{"params":{"description":"An object containing the indicator parameters.","nullable":false,"type":"object","properties":{"environment":{"description":"The APM service environment or \"*\"","example":"production","type":"string"},"filter":{"description":"KQL query used for filtering the data","example":"service.foo : \"bar\"","type":"string"},"index":{"description":"The index used by APM metrics","example":"metrics-apm*,apm*","type":"string"},"service":{"description":"The APM service name","example":"o11y-app","type":"string"},"threshold":{"description":"The latency threshold in milliseconds","example":250,"type":"number"},"transactionName":{"description":"The APM transaction name or \"*\"","example":"GET /my/api","type":"string"},"transactionType":{"description":"The APM transaction type or \"*\"","example":"request","type":"string"}},"required":["service","environment","transactionType","transactionName","index","threshold"]},"type":{"description":"The type of indicator.","example":"sli.apm.transactionDuration","type":"string"}},"required":["type","params"],"title":"APM latency"},"SLOs_indicator_properties_custom_kql":{"description":"Defines properties for a custom query indicator type","type":"object","properties":{"params":{"description":"An object containing the indicator parameters.","nullable":false,"type":"object","properties":{"dataViewId":{"description":"The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.","example":"03b80ab3-003d-498b-881c-3beedbaf1162","type":"string"},"filter":{"$ref":"#/components/schemas/SLOs_kql_with_filters"},"good":{"$ref":"#/components/schemas/SLOs_kql_with_filters_good"},"index":{"description":"The index or index pattern to use","example":"my-service-*","type":"string"},"timestampField":{"description":"The timestamp field used in the source indice.\n","example":"timestamp","type":"string"},"total":{"$ref":"#/components/schemas/SLOs_kql_with_filters_total"}},"required":["index","timestampField","good","total"]},"type":{"description":"The type of indicator.","example":"sli.kql.custom","type":"string"}},"required":["type","params"],"title":"Custom Query"},"SLOs_indicator_properties_custom_metric":{"description":"Defines properties for a custom metric indicator type","type":"object","properties":{"params":{"description":"An object containing the indicator parameters.","nullable":false,"type":"object","properties":{"dataViewId":{"description":"The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.","example":"03b80ab3-003d-498b-881c-3beedbaf1162","type":"string"},"filter":{"description":"the KQL query to filter the documents with.","example":"field.environment : \"production\" and service.name : \"my-service\"","type":"string"},"good":{"description":"An object defining the \"good\" metrics and equation\n","type":"object","properties":{"equation":{"description":"The equation to calculate the \"good\" metric.","example":"A","type":"string"},"metrics":{"description":"List of metrics with their name, aggregation type, and field.","items":{"oneOf":[{"type":"object","properties":{"aggregation":{"description":"The aggregation type of the metric.","enum":["sum"],"example":"sum","type":"string"},"field":{"description":"The field of the metric.","example":"processor.processed","type":"string"},"filter":{"description":"The filter to apply to the metric.","example":"processor.outcome: *","type":"string"},"name":{"description":"The name of the metric. Only valid options are A-Z","example":"A","pattern":"^[A-Z]$","type":"string"}},"required":["name","aggregation","field"]},{"type":"object","properties":{"aggregation":{"description":"The aggregation type of the metric.","enum":["doc_count"],"example":"doc_count","type":"string"},"filter":{"description":"The filter to apply to the metric.","example":"processor.outcome: *","type":"string"},"name":{"description":"The name of the metric. Only valid options are A-Z","example":"A","pattern":"^[A-Z]$","type":"string"}},"required":["name","aggregation"]}]},"type":"array"}},"required":["metrics","equation"]},"index":{"description":"The index or index pattern to use","example":"my-service-*","type":"string"},"timestampField":{"description":"The timestamp field used in the source indice.\n","example":"timestamp","type":"string"},"total":{"description":"An object defining the \"total\" metrics and equation\n","type":"object","properties":{"equation":{"description":"The equation to calculate the \"total\" metric.","example":"A","type":"string"},"metrics":{"description":"List of metrics with their name, aggregation type, and field.","items":{"oneOf":[{"type":"object","properties":{"aggregation":{"description":"The aggregation type of the metric.","enum":["sum"],"example":"sum","type":"string"},"field":{"description":"The field of the metric.","example":"processor.processed","type":"string"},"filter":{"description":"The filter to apply to the metric.","example":"processor.outcome: *","type":"string"},"name":{"description":"The name of the metric. Only valid options are A-Z","example":"A","pattern":"^[A-Z]$","type":"string"}},"required":["name","aggregation","field"]},{"type":"object","properties":{"aggregation":{"description":"The aggregation type of the metric.","enum":["doc_count"],"example":"doc_count","type":"string"},"filter":{"description":"The filter to apply to the metric.","example":"processor.outcome: *","type":"string"},"name":{"description":"The name of the metric. Only valid options are A-Z","example":"A","pattern":"^[A-Z]$","type":"string"}},"required":["name","aggregation"]}]},"type":"array"}},"required":["metrics","equation"]}},"required":["index","timestampField","good","total"]},"type":{"description":"The type of indicator.","example":"sli.metric.custom","type":"string"}},"required":["type","params"],"title":"Custom metric"},"SLOs_indicator_properties_histogram":{"description":"Defines properties for a histogram indicator type","type":"object","properties":{"params":{"description":"An object containing the indicator parameters.","nullable":false,"type":"object","properties":{"dataViewId":{"description":"The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.","example":"03b80ab3-003d-498b-881c-3beedbaf1162","type":"string"},"filter":{"description":"the KQL query to filter the documents with.","example":"field.environment : \"production\" and service.name : \"my-service\"","type":"string"},"good":{"description":"An object defining the \"good\" events\n","type":"object","properties":{"aggregation":{"description":"The type of aggregation to use.","enum":["value_count","range"],"example":"value_count","type":"string"},"field":{"description":"The field use to aggregate the good events.","example":"processor.latency","type":"string"},"filter":{"description":"The filter for good events.","example":"processor.outcome: \"success\"","type":"string"},"from":{"description":"The starting value of the range. Only required for \"range\" aggregations.","example":0,"type":"number"},"to":{"description":"The ending value of the range. Only required for \"range\" aggregations.","example":100,"type":"number"}},"required":["aggregation","field"]},"index":{"description":"The index or index pattern to use","example":"my-service-*","type":"string"},"timestampField":{"description":"The timestamp field used in the source indice.\n","example":"timestamp","type":"string"},"total":{"description":"An object defining the \"total\" events\n","type":"object","properties":{"aggregation":{"description":"The type of aggregation to use.","enum":["value_count","range"],"example":"value_count","type":"string"},"field":{"description":"The field use to aggregate the good events.","example":"processor.latency","type":"string"},"filter":{"description":"The filter for total events.","example":"processor.outcome : *","type":"string"},"from":{"description":"The starting value of the range. Only required for \"range\" aggregations.","example":0,"type":"number"},"to":{"description":"The ending value of the range. Only required for \"range\" aggregations.","example":100,"type":"number"}},"required":["aggregation","field"]}},"required":["index","timestampField","good","total"]},"type":{"description":"The type of indicator.","example":"sli.histogram.custom","type":"string"}},"required":["type","params"],"title":"Histogram indicator"},"SLOs_indicator_properties_timeslice_metric":{"description":"Defines properties for a timeslice metric indicator type","type":"object","properties":{"params":{"description":"An object containing the indicator parameters.","nullable":false,"type":"object","properties":{"dataViewId":{"description":"The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.","example":"03b80ab3-003d-498b-881c-3beedbaf1162","type":"string"},"filter":{"description":"the KQL query to filter the documents with.","example":"field.environment : \"production\" and service.name : \"my-service\"","type":"string"},"index":{"description":"The index or index pattern to use","example":"my-service-*","type":"string"},"metric":{"description":"An object defining the metrics, equation, and threshold to determine if it's a good slice or not\n","type":"object","properties":{"comparator":{"description":"The comparator to use to compare the equation to the threshold.","enum":["GT","GTE","LT","LTE"],"example":"GT","type":"string"},"equation":{"description":"The equation to calculate the metric.","example":"A","type":"string"},"metrics":{"description":"List of metrics with their name, aggregation type, and field.","items":{"anyOf":[{"$ref":"#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field"},{"$ref":"#/components/schemas/SLOs_timeslice_metric_percentile_metric"},{"$ref":"#/components/schemas/SLOs_timeslice_metric_doc_count_metric"}]},"type":"array"},"threshold":{"description":"The threshold used to determine if the metric is a good slice or not.","example":100,"type":"number"}},"required":["metrics","equation","comparator","threshold"]},"timestampField":{"description":"The timestamp field used in the source indice.\n","example":"timestamp","type":"string"}},"required":["index","timestampField","metric"]},"type":{"description":"The type of indicator.","example":"sli.metric.timeslice","type":"string"}},"required":["type","params"],"title":"Timeslice metric"},"SLOs_kql_with_filters":{"description":"Defines properties for a filter","oneOf":[{"description":"the KQL query to filter the documents with.","example":"field.environment : \"production\" and service.name : \"my-service\"","type":"string"},{"type":"object","properties":{"filters":{"items":{"$ref":"#/components/schemas/SLOs_filter"},"type":"array"},"kqlQuery":{"type":"string"}}}],"title":"KQL with filters"},"SLOs_kql_with_filters_good":{"description":"The KQL query used to define the good events.","oneOf":[{"description":"the KQL query to filter the documents with.","example":"request.latency \u003c= 150 and request.status_code : \"2xx\"","type":"string"},{"type":"object","properties":{"filters":{"items":{"$ref":"#/components/schemas/SLOs_filter"},"type":"array"},"kqlQuery":{"type":"string"}}}],"title":"KQL query for good events"},"SLOs_kql_with_filters_total":{"description":"The KQL query used to define all events.","oneOf":[{"description":"the KQL query to filter the documents with.","example":"field.environment : \"production\" and service.name : \"my-service\"","type":"string"},{"type":"object","properties":{"filters":{"items":{"$ref":"#/components/schemas/SLOs_filter"},"type":"array"},"kqlQuery":{"type":"string"}}}],"title":"KQL query for all events"},"SLOs_objective":{"description":"Defines properties for the SLO objective","type":"object","properties":{"target":{"description":"the target objective between 0 and 1 excluded","example":0.99,"exclusiveMaximum":true,"exclusiveMinimum":true,"maximum":100,"minimum":0,"type":"number"},"timesliceTarget":{"description":"the target objective for each slice when using a timeslices budgeting method","example":0.995,"maximum":100,"minimum":0,"type":"number"},"timesliceWindow":{"description":"the duration of each slice when using a timeslices budgeting method, as {duraton}{unit}","example":"5m","type":"string"}},"required":["target"],"title":"Objective"},"SLOs_settings":{"description":"Defines properties for SLO settings.","properties":{"frequency":{"default":"1m","description":"The interval between checks for changes in the source data. The minimum value is 1m and the maximum is 59m. The default value is 1 minute.","example":"5m","type":"string"},"preventInitialBackfill":{"default":false,"description":"Start aggregating data from the time the SLO is created, instead of backfilling data from the beginning of the time window.","example":true,"type":"boolean"},"syncDelay":{"default":"1m","description":"The time delay in minutes between the current time and the latest source data time. Increasing the value will delay any alerting. The default value is 1 minute. The minimum value is 1m and the maximum is 359m. It should always be greater then source index refresh interval.","example":"5m","type":"string"},"syncField":{"description":"The date field that is used to identify new documents in the source. It is strongly recommended to use a field that contains the ingest timestamp. If you use a different field, you might need to set the delay such that it accounts for data transmission delays. When unspecified, we use the indicator timestamp field.","example":"event.ingested","type":"string"}},"title":"Settings","type":"object"},"SLOs_slo_definition_response":{"title":"SLO definition response","type":"object","properties":{"budgetingMethod":{"$ref":"#/components/schemas/SLOs_budgeting_method"},"createdAt":{"description":"The creation date","example":"2023-01-12T10:03:19.000Z","type":"string"},"description":{"description":"The description of the SLO.","example":"My SLO description","type":"string"},"enabled":{"description":"Indicate if the SLO is enabled","example":true,"type":"boolean"},"groupBy":{"$ref":"#/components/schemas/SLOs_group_by"},"id":{"description":"The identifier of the SLO.","example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"},"indicator":{"discriminator":{"mapping":{"sli.apm.transactionDuration":"#/components/schemas/SLOs_indicator_properties_apm_latency","sli.apm.transactionErrorRate":"#/components/schemas/SLOs_indicator_properties_apm_availability","sli.histogram.custom":"#/components/schemas/SLOs_indicator_properties_histogram","sli.kql.custom":"#/components/schemas/SLOs_indicator_properties_custom_kql","sli.metric.custom":"#/components/schemas/SLOs_indicator_properties_custom_metric","sli.metric.timeslice":"#/components/schemas/SLOs_indicator_properties_timeslice_metric"},"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/SLOs_indicator_properties_custom_kql"},{"$ref":"#/components/schemas/SLOs_indicator_properties_apm_availability"},{"$ref":"#/components/schemas/SLOs_indicator_properties_apm_latency"},{"$ref":"#/components/schemas/SLOs_indicator_properties_custom_metric"},{"$ref":"#/components/schemas/SLOs_indicator_properties_histogram"},{"$ref":"#/components/schemas/SLOs_indicator_properties_timeslice_metric"}]},"name":{"description":"The name of the SLO.","example":"My Service SLO","type":"string"},"objective":{"$ref":"#/components/schemas/SLOs_objective"},"revision":{"description":"The SLO revision","example":2,"type":"number"},"settings":{"$ref":"#/components/schemas/SLOs_settings"},"tags":{"description":"List of tags","items":{"type":"string"},"type":"array"},"timeWindow":{"$ref":"#/components/schemas/SLOs_time_window"},"updatedAt":{"description":"The last update date","example":"2023-01-12T10:03:19.000Z","type":"string"},"version":{"description":"The internal SLO version","example":2,"type":"number"}},"required":["id","name","description","indicator","timeWindow","budgetingMethod","objective","settings","revision","enabled","groupBy","tags","createdAt","updatedAt","version"]},"SLOs_slo_with_summary_response":{"title":"SLO response","type":"object","properties":{"budgetingMethod":{"$ref":"#/components/schemas/SLOs_budgeting_method"},"createdAt":{"description":"The creation date","example":"2023-01-12T10:03:19.000Z","type":"string"},"description":{"description":"The description of the SLO.","example":"My SLO description","type":"string"},"enabled":{"description":"Indicate if the SLO is enabled","example":true,"type":"boolean"},"groupBy":{"$ref":"#/components/schemas/SLOs_group_by"},"id":{"description":"The identifier of the SLO.","example":"8853df00-ae2e-11ed-90af-09bb6422b258","type":"string"},"indicator":{"discriminator":{"mapping":{"sli.apm.transactionDuration":"#/components/schemas/SLOs_indicator_properties_apm_latency","sli.apm.transactionErrorRate":"#/components/schemas/SLOs_indicator_properties_apm_availability","sli.histogram.custom":"#/components/schemas/SLOs_indicator_properties_histogram","sli.kql.custom":"#/components/schemas/SLOs_indicator_properties_custom_kql","sli.metric.custom":"#/components/schemas/SLOs_indicator_properties_custom_metric","sli.metric.timeslice":"#/components/schemas/SLOs_indicator_properties_timeslice_metric"},"propertyName":"type"},"oneOf":[{"$ref":"#/components/schemas/SLOs_indicator_properties_custom_kql"},{"$ref":"#/components/schemas/SLOs_indicator_properties_apm_availability"},{"$ref":"#/components/schemas/SLOs_indicator_properties_apm_latency"},{"$ref":"#/components/schemas/SLOs_indicator_properties_custom_metric"},{"$ref":"#/components/schemas/SLOs_indicator_properties_histogram"},{"$ref":"#/components/schemas/SLOs_indicator_properties_timeslice_metric"}]},"instanceId":{"description":"the value derived from the groupBy field, if present, otherwise '*'","example":"host-abcde","type":"string"},"name":{"description":"The name of the SLO.","example":"My Service SLO","type":"string"},"objective":{"$ref":"#/components/schemas/SLOs_objective"},"revision":{"description":"The SLO revision","example":2,"type":"number"},"settings":{"$ref":"#/components/schemas/SLOs_settings"},"summary":{"$ref":"#/components/schemas/SLOs_summary"},"tags":{"description":"List of tags","items":{"type":"string"},"type":"array"},"timeWindow":{"$ref":"#/components/schemas/SLOs_time_window"},"updatedAt":{"description":"The last update date","example":"2023-01-12T10:03:19.000Z","type":"string"},"version":{"description":"The internal SLO version","example":2,"type":"number"}},"required":["id","name","description","indicator","timeWindow","budgetingMethod","objective","settings","revision","summary","enabled","groupBy","instanceId","tags","createdAt","updatedAt","version"]},"SLOs_summary":{"description":"The SLO computed data","properties":{"errorBudget":{"$ref":"#/components/schemas/SLOs_error_budget"},"sliValue":{"example":0.9836,"type":"number"},"status":{"$ref":"#/components/schemas/SLOs_summary_status"}},"required":["status","sliValue","errorBudget"],"title":"Summary","type":"object"},"SLOs_summary_status":{"enum":["NO_DATA","HEALTHY","DEGRADING","VIOLATED"],"example":"HEALTHY","title":"summary status","type":"string"},"SLOs_time_window":{"description":"Defines properties for the SLO time window","type":"object","properties":{"duration":{"description":"the duration formatted as {duration}{unit}. Accepted values for rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w (weekly) or 1M (monthly)","example":"30d","type":"string"},"type":{"description":"Indicates weither the time window is a rolling or a calendar aligned time window.","enum":["rolling","calendarAligned"],"example":"rolling","type":"string"}},"required":["duration","type"],"title":"Time window"},"SLOs_timeslice_metric_basic_metric_with_field":{"type":"object","properties":{"aggregation":{"description":"The aggregation type of the metric.","enum":["sum","avg","min","max","std_deviation","last_value","cardinality"],"example":"sum","type":"string"},"field":{"description":"The field of the metric.","example":"processor.processed","type":"string"},"filter":{"description":"The filter to apply to the metric.","example":"processor.outcome: \"success\"","type":"string"},"name":{"description":"The name of the metric. Only valid options are A-Z","example":"A","pattern":"^[A-Z]$","type":"string"}},"required":["name","aggregation","field"],"title":"Timeslice Metric Basic Metric with Field"},"SLOs_timeslice_metric_doc_count_metric":{"type":"object","properties":{"aggregation":{"description":"The aggregation type of the metric. Only valid option is \"doc_count\"","enum":["doc_count"],"example":"doc_count","type":"string"},"filter":{"description":"The filter to apply to the metric.","example":"processor.outcome: \"success\"","type":"string"},"name":{"description":"The name of the metric. Only valid options are A-Z","example":"A","pattern":"^[A-Z]$","type":"string"}},"required":["name","aggregation"],"title":"Timeslice Metric Doc Count Metric"},"SLOs_timeslice_metric_percentile_metric":{"type":"object","properties":{"aggregation":{"description":"The aggregation type of the metric. Only valid option is \"percentile\"","enum":["percentile"],"example":"percentile","type":"string"},"field":{"description":"The field of the metric.","example":"processor.processed","type":"string"},"filter":{"description":"The filter to apply to the metric.","example":"processor.outcome: \"success\"","type":"string"},"name":{"description":"The name of the metric. Only valid options are A-Z","example":"A","pattern":"^[A-Z]$","type":"string"},"percentile":{"description":"The percentile value.","example":95,"type":"number"}},"required":["name","aggregation","field","percentile"],"title":"Timeslice Metric Percentile Metric"},"SLOs_update_slo_request":{"description":"The update SLO API request body varies depending on the type of indicator, time window and budgeting method. Partial update is handled.\n","properties":{"budgetingMethod":{"$ref":"#/components/schemas/SLOs_budgeting_method"},"description":{"description":"A description for the SLO.","type":"string"},"groupBy":{"$ref":"#/components/schemas/SLOs_group_by"},"indicator":{"oneOf":[{"$ref":"#/components/schemas/SLOs_indicator_properties_custom_kql"},{"$ref":"#/components/schemas/SLOs_indicator_properties_apm_availability"},{"$ref":"#/components/schemas/SLOs_indicator_properties_apm_latency"},{"$ref":"#/components/schemas/SLOs_indicator_properties_custom_metric"},{"$ref":"#/components/schemas/SLOs_indicator_properties_histogram"},{"$ref":"#/components/schemas/SLOs_indicator_properties_timeslice_metric"}]},"name":{"description":"A name for the SLO.","type":"string"},"objective":{"$ref":"#/components/schemas/SLOs_objective"},"settings":{"$ref":"#/components/schemas/SLOs_settings"},"tags":{"description":"List of tags","items":{"type":"string"},"type":"array"},"timeWindow":{"$ref":"#/components/schemas/SLOs_time_window"}},"title":"Update SLO request","type":"object"},"Synthetics_browserMonitorFields":{"allOf":[{"$ref":"#/components/schemas/Synthetics_commonMonitorFields"},{"additionalProperties":true,"type":"object","properties":{"ignore_https_errors":{"default":false,"description":"Ignore HTTPS errors.","type":"boolean"},"inline_script":{"description":"The inline script.","type":"string"},"playwright_options":{"description":"Playwright options.","type":"object"},"screenshots":{"default":"on","description":"The screenshot option.","enum":["on","off","only-on-failure"],"type":"string"},"synthetics_args":{"description":"Synthetics agent CLI arguments.","type":"array"},"type":{"description":"The monitor type.","enum":["browser"],"type":"string"}},"required":["inline_script","type"]}],"title":"Browser monitor fields"},"Synthetics_commonMonitorFields":{"title":"Common monitor fields","type":"object","properties":{"alert":{"description":"The alert configuration. The default is `{ status: { enabled: true }, tls: { enabled: true } }`.\n","type":"object"},"enabled":{"default":true,"description":"Specify whether the monitor is enabled.","type":"boolean"},"locations":{"description":"The location to deploy the monitor.\nMonitors can be deployed in multiple locations so that you can detect differences in availability and response times across those locations.\nTo list available locations you can:\n\n- Run the `elastic-synthetics locations` command with the deployment's Kibana URL.\n- Go to *Synthetics \u003e Management* and click *Create monitor*. Locations will be listed in *Locations*.\n","externalDocs":{"url":"https://github.com/elastic/synthetics/blob/main/src/locations/public-locations.ts"},"items":{"type":"string"},"type":"array"},"name":{"description":"The monitor name.","type":"string"},"namespace":{"default":"default","description":"The namespace field should be lowercase and not contain spaces. The namespace must not include any of the following characters: `*`, `\\`, `/`, `?`, `\"`, `\u003c`, `\u003e`, `|`, whitespace, `,`, `#`, `:`, or `-`.\n","type":"string"},"params":{"description":"The monitor parameters.","type":"string"},"private_locations":{"description":"The private locations to which the monitors will be deployed.\nThese private locations refer to locations hosted and managed by you, whereas `locations` are hosted by Elastic.\nYou can specify a private location using the location's name.\nTo list available private locations you can:\n\n- Run the `elastic-synthetics locations` command with the deployment's Kibana URL.\n- Go to *Synthetics \u003e Settings* and click *Private locationsr*. Private locations will be listed in the table.\n\n\u003e info\n\u003e You can provide `locations` or `private_locations` or both. At least one is required.\n","items":{"type":"string"},"type":"array"},"retest_on_failure":{"default":true,"description":"Turn retesting for when a monitor fails on or off. By default, monitors are automatically retested if the monitor goes from \"up\" to \"down\". If the result of the retest is also \"down\", an error will be created and if configured, an alert sent. The monitor will then resume running according to the defined schedule. Using `retest_on_failure` can reduce noise related to transient problems.\n","type":"boolean"},"schedule":{"description":"The monitor's schedule in minutes. Supported values are `1`, `3`, `5`, `10`, `15`, `30`, `60`, `120`, and `240`. The default value is `3` minutes for HTTP, TCP, and ICMP monitors. The default value is `10` minutes for Browser monitors.\n","type":"number"},"service.name":{"description":"The APM service name.","type":"string"},"tags":{"description":"An array of tags.","items":{"type":"string"},"type":"array"},"timeout":{"default":16,"description":"The monitor timeout in seconds. The monitor will fail if it doesn't complete within this time.\n","type":"number"}},"required":["name"]},"Synthetics_getParameterResponse":{"title":"Get parameter response","type":"object","properties":{"description":{"description":"The description of the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.\n","type":"string"},"id":{"description":"The unique identifier of the parameter.","type":"string"},"key":{"description":"The key of the parameter.","type":"string"},"namespaces":{"description":"The namespaces associated with the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.\n","items":{"type":"string"},"type":"array"},"tags":{"description":"An array of tags associated with the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.\n","items":{"type":"string"},"type":"array"},"value":{"description":"The value associated with the parameter. It will be included in the response if the user has write permissions. \n","type":"string"}},"required":null},"Synthetics_getPrivateLocation":{"additionalProperties":true,"properties":{"agentPolicyId":{"description":"The ID of the agent policy associated with the private location.","type":"string"},"geo":{"description":"Geographic coordinates (WGS84) for the location.","type":"object","properties":{"lat":{"description":"The latitude of the location.","type":"number"},"lon":{"description":"The longitude of the location.","type":"number"}},"required":["lat","lon"]},"id":{"description":"The unique identifier of the private location.","type":"string"},"isInvalid":{"description":"Indicates whether the location is invalid. If `true`, the location is invalid, which means the agent policy associated with the location is deleted.\n","type":"boolean"},"label":{"description":"A label for the private location.","type":"string"},"namespace":{"description":"The namespace of the location, which is the same as the namespace of the agent policy associated with the location.","type":"string"}},"title":"Post a private location","type":"object"},"Synthetics_httpMonitorFields":{"allOf":[{"$ref":"#/components/schemas/Synthetics_commonMonitorFields"},{"additionalproperties":true,"type":"object","properties":{"check":{"description":"The check request settings.","type":"objects","properties":{"request":{"description":"An optional request to send to the remote host.","type":"object","properties":{"body":{"description":"Optional request body content.","type":"string"},"headers":{"description":"A dictionary of additional HTTP headers to send. By default, Synthetics will set the User-Agent header to identify itself.\n","type":"object"},"method":{"description":"The HTTP method to use.","enum":["HEAD","GET","POST","OPTIONS"],"type":"string"}}},"response":{"additionalProperties":true,"description":"The expected response.","type":"object","properties":{"body":{"type":"object"},"headers":{"description":"A dictionary of expected HTTP headers. If the header is not found, the check fails.","type":"object"}}}}},"ipv4":{"default":true,"description":"If `true`, ping using the ipv4 protocol.","type":"boolean"},"ipv6":{"default":true,"description":"If `true`, ping using the ipv6 protocol.","type":"boolean"},"max_redirects":{"default":0,"description":"The maximum number of redirects to follow.","type":"number"},"mode":{"default":"any","description":"The mode of the monitor. If it is `all`, the monitor pings all resolvable IPs for a hostname. If it is `any`, the monitor pings only one IP address for a hostname. If you're using a DNS-load balancer and want to ping every IP address for the specified hostname, you should use `all`.\n","enum":["all","any"],"type":"string"},"password":{"description":"The password for authenticating with the server. The credentials are passed with the request.\n","type":"string"},"proxy_headers":{"description":"Additional headers to send to proxies during CONNECT requests.","type":"object"},"proxy_url":{"description":"The URL of the proxy to use for this monitor.","type":"string"},"response":{"description":"Controls the indexing of the HTTP response body contents to the `http.response.body.contents field`.","type":"object"},"ssl":{"description":"The TLS/SSL connection settings for use with the HTTPS endpoint. If you don't specify settings, the system defaults are used.\n","type":"object"},"type":{"description":"The monitor type.","enum":["http"],"type":"string"},"url":{"description":"The URL to monitor.","type":"string"},"username":{"description":"The username for authenticating with the server. The credentials are passed with the request.\n","type":"string"}},"required":["type","url"]}],"title":"HTTP monitor fields"},"Synthetics_icmpMonitorFields":{"allOf":[{"$ref":"#/components/schemas/Synthetics_commonMonitorFields"},{"additionalProperties":true,"type":"object","properties":{"host":{"description":"The host to ping.","type":"string"},"type":{"description":"The monitor type.","enum":["icmp"],"type":"string"},"wait":{"default":1,"description":"The wait time in seconds.","type":"number"}},"required":["host","type"]}],"title":"ICMP monitor fields"},"Synthetics_parameterRequest":{"title":"Parameter request","type":"object","properties":{"description":{"description":"A description of the parameter.","type":"string"},"key":{"description":"The key of the parameter.","type":"string"},"share_across_spaces":{"description":"Specify whether the parameter should be shared across spaces.","type":"boolean"},"tags":{"description":"An array of tags to categorize the parameter.","items":{"type":"string"},"type":"array"},"value":{"description":"The value associated with the parameter.","type":"string"}},"required":["key","value"]},"Synthetics_postParameterResponse":{"title":"Post parameter response","type":"object","properties":{"description":{"description":"A description of the parameter.","type":"string"},"id":{"description":"The unique identifier for the parameter.","type":"string"},"key":{"description":"The parameter key.","type":"string"},"share_across_spaces":{"description":"Indicates whether the parameter is shared across spaces.","type":"boolean"},"tags":{"description":"An array of tags associated with the parameter.","items":{"type":"string"},"type":"array"},"value":{"description":"The value associated with the parameter.","type":"string"}}},"Synthetics_tcpMonitorFields":{"allOf":[{"$ref":"#/components/schemas/Synthetics_commonMonitorFields"},{"additionalProperties":true,"type":"object","properties":{"host":{"description":"The host to monitor; it can be an IP address or a hostname. The host can include the port using a colon, for example \"example.com:9200\".\n","type":"string"},"proxy_url":{"description":"The URL of the SOCKS5 proxy to use when connecting to the server. The value must be a URL with a scheme of `socks5://`. If the SOCKS5 proxy server requires client authentication, then a username and password can be embedded in the URL. When using a proxy, hostnames are resolved on the proxy server instead of on the client. You can change this behavior by setting the `proxy_use_local_resolver` option.\n","type":"string"},"proxy_use_local_resolver":{"default":false,"description":"Specify that hostnames are resolved locally instead of being resolved on the proxy server. If `false`, name resolution occurs on the proxy server.\n","type":"boolean"},"ssl":{"description":"The TLS/SSL connection settings for use with the HTTPS endpoint. If you don't specify settings, the system defaults are used.\n","type":"object"},"type":{"description":"The monitor type.","enum":["tcp"],"type":"string"}},"required":["host","type"]}],"title":"TCP monitor fields"},"Task_manager_health_APIs_configuration":{"description":"This object summarizes the current configuration of Task Manager. This includes dynamic configurations that change over time, such as `poll_interval` and `max_workers`, which can adjust in reaction to changing load on the system.\n","type":"object"},"Task_manager_health_APIs_health_response":{"title":"Task health response properties","type":"object","properties":{"id":{"type":"string"},"last_update":{"type":"string"},"stats":{"type":"object","properties":{"capacity_estimation":{"description":"This object provides a rough estimate about the sufficiency of its capacity. These are estimates based on historical data and should not be used as predictions.\n","type":"object"},"configuration":{"$ref":"#/components/schemas/Task_manager_health_APIs_configuration"},"runtime":{"description":"This object tracks runtime performance of Task Manager, tracking task drift, worker load, and stats broken down by type, including duration and run results.\n","type":"object"},"workload":{"$ref":"#/components/schemas/Task_manager_health_APIs_workload"}}},"status":{"type":"string"},"timestamp":{"type":"string"}}},"Task_manager_health_APIs_workload":{"description":"This object summarizes the work load across the cluster, including the tasks in the system, their types, and current status.\n","type":"object"},"bedrock_config":{"title":"Connector request properties for an Amazon Bedrock connector","description":"Defines properties for connectors when type is `.bedrock`.","type":"object","required":["apiUrl"],"properties":{"apiUrl":{"type":"string","description":"The Amazon Bedrock request URL."},"defaultModel":{"type":"string","description":"The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.\n","default":"us.anthropic.claude-3-7-sonnet-20250219-v1:0"}}},"crowdstrike_config":{"title":"Connector request config properties for a Crowdstrike connector","required":["url"],"description":"Defines config properties for connectors when type is `.crowdstrike`.","type":"object","properties":{"url":{"description":"The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n","type":"string"}}},"d3security_config":{"title":"Connector request properties for a D3 Security connector","description":"Defines properties for connectors when type is `.d3security`.","type":"object","required":["url"],"properties":{"url":{"type":"string","description":"The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n"}}},"email_config":{"title":"Connector request properties for an email connector","description":"Defines properties for connectors when type is `.email`.","required":["from"],"type":"object","properties":{"clientId":{"description":"The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.\n","type":"string","nullable":true},"from":{"description":"The from address for all emails sent by the connector. It must be specified in `user@host-name` format.\n","type":"string"},"hasAuth":{"description":"Specifies whether a user and password are required inside the secrets configuration.\n","default":true,"type":"boolean"},"host":{"description":"The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.\n","type":"string"},"oauthTokenUrl":{"type":"string","nullable":true},"port":{"description":"The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.\n","type":"integer"},"secure":{"description":"Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored.\n","type":"boolean"},"service":{"description":"The name of the email service.\n","type":"string","enum":["elastic_cloud","exchange_server","gmail","other","outlook365","ses"]},"tenantId":{"description":"The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.\n","type":"string","nullable":true}}},"gemini_config":{"title":"Connector request properties for an Google Gemini connector","description":"Defines properties for connectors when type is `.gemini`.","type":"object","required":["apiUrl","gcpRegion","gcpProjectID"],"properties":{"apiUrl":{"type":"string","description":"The Google Gemini request URL."},"defaultModel":{"type":"string","description":"The generative artificial intelligence model for Google Gemini to use.","default":"gemini-1.5-pro-002"},"gcpRegion":{"type":"string","description":"The GCP region where the Vertex AI endpoint enabled."},"gcpProjectID":{"type":"string","description":"The Google ProjectID that has Vertex AI endpoint enabled."}}},"resilient_config":{"title":"Connector request properties for a IBM Resilient connector","required":["apiUrl","orgId"],"description":"Defines properties for connectors when type is `.resilient`.","type":"object","properties":{"apiUrl":{"description":"The IBM Resilient instance URL.","type":"string"},"orgId":{"description":"The IBM Resilient organization ID.","type":"string"}}},"index_config":{"title":"Connector request properties for an index connector","required":["index"],"description":"Defines properties for connectors when type is `.index`.","type":"object","properties":{"executionTimeField":{"description":"A field that indicates when the document was indexed.","default":null,"type":"string","nullable":true},"index":{"description":"The Elasticsearch index to be written to.","type":"string"},"refresh":{"description":"The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.\n","default":false,"type":"boolean"}}},"jira_config":{"title":"Connector request properties for a Jira connector","required":["apiUrl","projectKey"],"description":"Defines properties for connectors when type is `.jira`.","type":"object","properties":{"apiUrl":{"description":"The Jira instance URL.","type":"string"},"projectKey":{"description":"The Jira project key.","type":"string"}}},"defender_config":{"title":"Connector request properties for a Microsoft Defender for Endpoint connector","required":["apiUrl","projectKey"],"description":"Defines properties for connectors when type is `.microsoft_defender_endpoint`.","type":"object","properties":{"apiUrl":{"type":"string","description":"The URL of the Microsoft Defender for Endpoint API. If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname is added to the allowed hosts.\n"},"clientId":{"type":"string","description":"The application (client) identifier for your app in the Azure portal."},"oAuthScope":{"type":"string","description":"The OAuth scopes or permission sets for the Microsoft Defender for Endpoint API."},"oAuthServerUrl":{"type":"string","description":"The OAuth server URL where authentication is sent and received for the Microsoft Defender for Endpoint API."},"tenantId":{"description":"The tenant identifier for your app in the Azure portal.","type":"string"}}},"genai_azure_config":{"title":"Connector request properties for an OpenAI connector that uses Azure OpenAI","description":"Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`.\n","type":"object","required":["apiProvider","apiUrl"],"properties":{"apiProvider":{"type":"string","description":"The OpenAI API provider.","enum":["Azure OpenAI"]},"apiUrl":{"type":"string","description":"The OpenAI API endpoint."}}},"genai_openai_config":{"title":"Connector request properties for an OpenAI connector","description":"Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`.\n","type":"object","required":["apiProvider","apiUrl"],"properties":{"apiProvider":{"type":"string","description":"The OpenAI API provider.","enum":["OpenAI"]},"apiUrl":{"type":"string","description":"The OpenAI API endpoint."},"defaultModel":{"type":"string","description":"The default model to use for requests."}}},"opsgenie_config":{"title":"Connector request properties for an Opsgenie connector","required":["apiUrl"],"description":"Defines properties for connectors when type is `.opsgenie`.","type":"object","properties":{"apiUrl":{"description":"The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n","type":"string"}}},"pagerduty_config":{"title":"Connector request properties for a PagerDuty connector","description":"Defines properties for connectors when type is `.pagerduty`.","type":"object","properties":{"apiUrl":{"description":"The PagerDuty event URL.","type":"string","nullable":true,"example":"https://events.pagerduty.com/v2/enqueue"}}},"sentinelone_config":{"title":"Connector request properties for a SentinelOne connector","required":["url"],"description":"Defines properties for connectors when type is `.sentinelone`.","type":"object","properties":{"url":{"description":"The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n","type":"string"}}},"servicenow_config":{"title":"Connector request properties for a ServiceNow ITSM connector","required":["apiUrl"],"description":"Defines properties for connectors when type is `.servicenow`.","type":"object","properties":{"apiUrl":{"type":"string","description":"The ServiceNow instance URL."},"clientId":{"description":"The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.\n","type":"string"},"isOAuth":{"description":"The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).\n","default":false,"type":"boolean"},"jwtKeyId":{"description":"The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.\n","type":"string"},"userIdentifierValue":{"description":"The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.\n","type":"string"},"usesTableApi":{"description":"Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow.\n","default":true,"type":"boolean"}}},"servicenow_itom_config":{"title":"Connector request properties for a ServiceNow ITOM connector","required":["apiUrl"],"description":"Defines properties for connectors when type is `.servicenow-itom`.","type":"object","properties":{"apiUrl":{"type":"string","description":"The ServiceNow instance URL."},"clientId":{"description":"The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.\n","type":"string"},"isOAuth":{"description":"The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).\n","default":false,"type":"boolean"},"jwtKeyId":{"description":"The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.\n","type":"string"},"userIdentifierValue":{"description":"The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.\n","type":"string"}}},"slack_api_config":{"title":"Connector request properties for a Slack connector","description":"Defines properties for connectors when type is `.slack_api`.","type":"object","properties":{"allowedChannels":{"type":"array","description":"A list of valid Slack channels.","items":{"type":"object","required":["id","name"],"maxItems":25,"properties":{"id":{"type":"string","description":"The Slack channel ID.","example":"C123ABC456","minLength":1},"name":{"type":"string","description":"The Slack channel name.","minLength":1}}}}}},"swimlane_config":{"title":"Connector request properties for a Swimlane connector","required":["apiUrl","appId","connectorType"],"description":"Defines properties for connectors when type is `.swimlane`.","type":"object","properties":{"apiUrl":{"description":"The Swimlane instance URL.","type":"string"},"appId":{"description":"The Swimlane application ID.","type":"string"},"connectorType":{"description":"The type of connector. Valid values are `all`, `alerts`, and `cases`.","type":"string","enum":["all","alerts","cases"]},"mappings":{"title":"Connector mappings properties for a Swimlane connector","description":"The field mapping.","type":"object","properties":{"alertIdConfig":{"title":"Alert identifier mapping","description":"Mapping for the alert ID.","type":"object","required":["fieldType","id","key","name"],"properties":{"fieldType":{"type":"string","description":"The type of field in Swimlane."},"id":{"type":"string","description":"The identifier for the field in Swimlane."},"key":{"type":"string","description":"The key for the field in Swimlane."},"name":{"type":"string","description":"The name of the field in Swimlane."}}},"caseIdConfig":{"title":"Case identifier mapping","description":"Mapping for the case ID.","type":"object","required":["fieldType","id","key","name"],"properties":{"fieldType":{"type":"string","description":"The type of field in Swimlane."},"id":{"type":"string","description":"The identifier for the field in Swimlane."},"key":{"type":"string","description":"The key for the field in Swimlane."},"name":{"type":"string","description":"The name of the field in Swimlane."}}},"caseNameConfig":{"title":"Case name mapping","description":"Mapping for the case name.","type":"object","required":["fieldType","id","key","name"],"properties":{"fieldType":{"type":"string","description":"The type of field in Swimlane."},"id":{"type":"string","description":"The identifier for the field in Swimlane."},"key":{"type":"string","description":"The key for the field in Swimlane."},"name":{"type":"string","description":"The name of the field in Swimlane."}}},"commentsConfig":{"title":"Case comment mapping","description":"Mapping for the case comments.","type":"object","required":["fieldType","id","key","name"],"properties":{"fieldType":{"type":"string","description":"The type of field in Swimlane."},"id":{"type":"string","description":"The identifier for the field in Swimlane."},"key":{"type":"string","description":"The key for the field in Swimlane."},"name":{"type":"string","description":"The name of the field in Swimlane."}}},"descriptionConfig":{"title":"Case description mapping","description":"Mapping for the case description.","type":"object","required":["fieldType","id","key","name"],"properties":{"fieldType":{"type":"string","description":"The type of field in Swimlane."},"id":{"type":"string","description":"The identifier for the field in Swimlane."},"key":{"type":"string","description":"The key for the field in Swimlane."},"name":{"type":"string","description":"The name of the field in Swimlane."}}},"ruleNameConfig":{"title":"Rule name mapping","description":"Mapping for the name of the alert's rule.","type":"object","required":["fieldType","id","key","name"],"properties":{"fieldType":{"type":"string","description":"The type of field in Swimlane."},"id":{"type":"string","description":"The identifier for the field in Swimlane."},"key":{"type":"string","description":"The key for the field in Swimlane."},"name":{"type":"string","description":"The name of the field in Swimlane."}}},"severityConfig":{"title":"Severity mapping","description":"Mapping for the severity.","type":"object","required":["fieldType","id","key","name"],"properties":{"fieldType":{"type":"string","description":"The type of field in Swimlane."},"id":{"type":"string","description":"The identifier for the field in Swimlane."},"key":{"type":"string","description":"The key for the field in Swimlane."},"name":{"type":"string","description":"The name of the field in Swimlane."}}}}}}},"thehive_config":{"title":"Connector request properties for a TheHive connector","description":"Defines configuration properties for connectors when type is `.thehive`.","type":"object","required":["url"],"properties":{"organisation":{"type":"string","description":"The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key.\n"},"url":{"type":"string","description":"The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n"}}},"tines_config":{"title":"Connector request properties for a Tines connector","description":"Defines properties for connectors when type is `.tines`.","type":"object","required":["url"],"properties":{"url":{"description":"The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts.\n","type":"string"}}},"torq_config":{"title":"Connector request properties for a Torq connector","description":"Defines properties for connectors when type is `.torq`.","type":"object","required":["webhookIntegrationUrl"],"properties":{"webhookIntegrationUrl":{"description":"The endpoint URL of the Elastic Security integration in Torq.","type":"string"}}},"auth_type":{"title":"Authentication type","type":"string","nullable":true,"enum":["webhook-authentication-basic","webhook-authentication-ssl"],"description":"The type of authentication to use: basic, SSL, or none.\n"},"ca":{"title":"Certificate authority","type":"string","description":"A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.\n"},"cert_type":{"title":"Certificate type","type":"string","description":"If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.\n","enum":["ssl-crt-key","ssl-pfx"]},"has_auth":{"title":"Has authentication","type":"boolean","description":"If true, a username and password for login type authentication must be provided.","default":true},"verification_mode":{"title":"Verification mode","type":"string","enum":["certificate","full","none"],"default":"full","description":"Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.\n"},"webhook_config":{"title":"Connector request properties for a Webhook connector","description":"Defines properties for connectors when type is `.webhook`.","type":"object","properties":{"authType":{"$ref":"#/components/schemas/auth_type"},"ca":{"$ref":"#/components/schemas/ca"},"certType":{"$ref":"#/components/schemas/cert_type"},"hasAuth":{"$ref":"#/components/schemas/has_auth"},"headers":{"type":"object","nullable":true,"description":"A set of key-value pairs sent as headers with the request."},"method":{"type":"string","default":"post","enum":["post","put"],"description":"The HTTP request method, either `post` or `put`.\n"},"url":{"type":"string","description":"The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n"},"verificationMode":{"$ref":"#/components/schemas/verification_mode"}}},"cases_webhook_config":{"title":"Connector request properties for Webhook - Case Management connector","required":["createIncidentJson","createIncidentResponseKey","createIncidentUrl","getIncidentResponseExternalTitleKey","getIncidentUrl","updateIncidentJson","updateIncidentUrl","viewIncidentUrl"],"description":"Defines properties for connectors when type is `.cases-webhook`.","type":"object","properties":{"authType":{"$ref":"#/components/schemas/auth_type"},"ca":{"$ref":"#/components/schemas/ca"},"certType":{"$ref":"#/components/schemas/cert_type"},"createCommentJson":{"type":"string","description":"A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.\n","example":"{\"body\": {{{case.comment}}}}"},"createCommentMethod":{"type":"string","description":"The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`.\n","default":"put","enum":["patch","post","put"]},"createCommentUrl":{"type":"string","description":"The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts.\n","example":"https://example.com/issue/{{{external.system.id}}}/comment"},"createIncidentJson":{"type":"string","description":"A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.\n","example":"{\"fields\": {\"summary\": {{{case.title}}},\"description\": {{{case.description}}},\"labels\": {{{case.tags}}}}}"},"createIncidentMethod":{"type":"string","description":"The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`.\n","enum":["patch","post","put"],"default":"post"},"createIncidentResponseKey":{"type":"string","description":"The JSON key in the create external case response that contains the case ID."},"createIncidentUrl":{"type":"string","description":"The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n"},"getIncidentResponseExternalTitleKey":{"type":"string","description":"The JSON key in get external case response that contains the case title."},"getIncidentUrl":{"type":"string","description":"The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.\n","example":"https://example.com/issue/{{{external.system.id}}}"},"hasAuth":{"$ref":"#/components/schemas/has_auth"},"headers":{"type":"string","description":"A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.\n"},"updateIncidentJson":{"type":"string","description":"The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.\n","example":"{\"fields\": {\"summary\": {{{case.title}}},\"description\": {{{case.description}}},\"labels\": {{{case.tags}}}}}"},"updateIncidentMethod":{"type":"string","description":"The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`.\n","default":"put","enum":["patch","post","put"]},"updateIncidentUrl":{"type":"string","description":"The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n","example":"https://example.com/issue/{{{external.system.ID}}}"},"verificationMode":{"$ref":"#/components/schemas/verification_mode"},"viewIncidentUrl":{"type":"string","description":"The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.\n","example":"https://testing-jira.atlassian.net/browse/{{{external.system.title}}}"}}},"xmatters_config":{"title":"Connector request properties for an xMatters connector","description":"Defines properties for connectors when type is `.xmatters`.","type":"object","properties":{"configUrl":{"description":"The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`.\n","type":"string","nullable":true},"usesBasic":{"description":"Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`).","type":"boolean","default":true}}},"bedrock_secrets":{"title":"Connector secrets properties for an Amazon Bedrock connector","description":"Defines secrets for connectors when type is `.bedrock`.","type":"object","required":["accessKey","secret"],"properties":{"accessKey":{"type":"string","description":"The AWS access key for authentication."},"secret":{"type":"string","description":"The AWS secret for authentication."}}},"crowdstrike_secrets":{"title":"Connector secrets properties for a Crowdstrike connector","description":"Defines secrets for connectors when type is `.crowdstrike`.","type":"object","required":["clientId","clientSecret"],"properties":{"clientId":{"description":"The CrowdStrike API client identifier.","type":"string"},"clientSecret":{"description":"The CrowdStrike API client secret to authenticate the `clientId`.","type":"string"}}},"d3security_secrets":{"title":"Connector secrets properties for a D3 Security connector","description":"Defines secrets for connectors when type is `.d3security`.","required":["token"],"type":"object","properties":{"token":{"type":"string","description":"The D3 Security token."}}},"email_secrets":{"title":"Connector secrets properties for an email connector","description":"Defines secrets for connectors when type is `.email`.","type":"object","properties":{"clientSecret":{"type":"string","description":"The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required.\n"},"password":{"type":"string","description":"The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.\n"},"user":{"type":"string","description":"The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.\n"}}},"gemini_secrets":{"title":"Connector secrets properties for a Google Gemini connector","description":"Defines secrets for connectors when type is `.gemini`.","type":"object","required":["credentialsJson"],"properties":{"credentialsJson":{"type":"string","description":"The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it."}}},"resilient_secrets":{"title":"Connector secrets properties for IBM Resilient connector","required":["apiKeyId","apiKeySecret"],"description":"Defines secrets for connectors when type is `.resilient`.","type":"object","properties":{"apiKeyId":{"type":"string","description":"The authentication key ID for HTTP Basic authentication."},"apiKeySecret":{"type":"string","description":"The authentication key secret for HTTP Basic authentication."}}},"jira_secrets":{"title":"Connector secrets properties for a Jira connector","required":["apiToken","email"],"description":"Defines secrets for connectors when type is `.jira`.","type":"object","properties":{"apiToken":{"description":"The Jira API authentication token for HTTP basic authentication.","type":"string"},"email":{"description":"The account email for HTTP Basic authentication.","type":"string"}}},"teams_secrets":{"title":"Connector secrets properties for a Microsoft Teams connector","description":"Defines secrets for connectors when type is `.teams`.","type":"object","required":["webhookUrl"],"properties":{"webhookUrl":{"type":"string","description":"The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.\n"}}},"genai_secrets":{"title":"Connector secrets properties for an OpenAI connector","description":"Defines secrets for connectors when type is `.gen-ai`.","type":"object","properties":{"apiKey":{"type":"string","description":"The OpenAI API key."}}},"opsgenie_secrets":{"title":"Connector secrets properties for an Opsgenie connector","required":["apiKey"],"description":"Defines secrets for connectors when type is `.opsgenie`.","type":"object","properties":{"apiKey":{"description":"The Opsgenie API authentication key for HTTP Basic authentication.","type":"string"}}},"pagerduty_secrets":{"title":"Connector secrets properties for a PagerDuty connector","description":"Defines secrets for connectors when type is `.pagerduty`.","type":"object","required":["routingKey"],"properties":{"routingKey":{"description":"A 32 character PagerDuty Integration Key for an integration on a service.\n","type":"string"}}},"sentinelone_secrets":{"title":"Connector secrets properties for a SentinelOne connector","description":"Defines secrets for connectors when type is `.sentinelone`.","type":"object","required":["token"],"properties":{"token":{"description":"The A SentinelOne API token.","type":"string"}}},"servicenow_secrets":{"title":"Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors","description":"Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`.","type":"object","properties":{"clientSecret":{"type":"string","description":"The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`."},"password":{"type":"string","description":"The password for HTTP basic authentication. This property is required when `isOAuth` is `false`."},"privateKey":{"type":"string","description":"The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`."},"privateKeyPassword":{"type":"string","description":"The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key."},"username":{"type":"string","description":"The username for HTTP basic authentication. This property is required when `isOAuth` is `false`."}}},"slack_api_secrets":{"title":"Connector secrets properties for a Web API Slack connector","description":"Defines secrets for connectors when type is `.slack`.","required":["token"],"type":"object","properties":{"token":{"type":"string","description":"Slack bot user OAuth token."}}},"swimlane_secrets":{"title":"Connector secrets properties for a Swimlane connector","description":"Defines secrets for connectors when type is `.swimlane`.","type":"object","properties":{"apiToken":{"description":"Swimlane API authentication token.","type":"string"}}},"thehive_secrets":{"title":"Connector secrets properties for a TheHive connector","description":"Defines secrets for connectors when type is `.thehive`.","required":["apiKey"],"type":"object","properties":{"apiKey":{"type":"string","description":"The API key for authentication in TheHive."}}},"tines_secrets":{"title":"Connector secrets properties for a Tines connector","description":"Defines secrets for connectors when type is `.tines`.","type":"object","required":["email","token"],"properties":{"email":{"description":"The email used to sign in to Tines.","type":"string"},"token":{"description":"The Tines API token.","type":"string"}}},"torq_secrets":{"title":"Connector secrets properties for a Torq connector","description":"Defines secrets for connectors when type is `.torq`.","type":"object","required":["token"],"properties":{"token":{"description":"The secret of the webhook authentication header.","type":"string"}}},"crt":{"title":"Certificate","type":"string","description":"If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file."},"key":{"title":"Certificate key","type":"string","description":"If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file."},"pfx":{"title":"Personal information exchange","type":"string","description":"If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file."},"webhook_secrets":{"title":"Connector secrets properties for a Webhook connector","description":"Defines secrets for connectors when type is `.webhook`.","type":"object","properties":{"crt":{"$ref":"#/components/schemas/crt"},"key":{"$ref":"#/components/schemas/key"},"pfx":{"$ref":"#/components/schemas/pfx"},"password":{"type":"string","description":"The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.\n"},"user":{"type":"string","description":"The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.\n"}}},"cases_webhook_secrets":{"title":"Connector secrets properties for Webhook - Case Management connector","type":"object","properties":{"crt":{"$ref":"#/components/schemas/crt"},"key":{"$ref":"#/components/schemas/key"},"pfx":{"$ref":"#/components/schemas/pfx"},"password":{"type":"string","description":"The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required.\n"},"user":{"type":"string","description":"The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.\n"}}},"xmatters_secrets":{"title":"Connector secrets properties for an xMatters connector","description":"Defines secrets for connectors when type is `.xmatters`.","type":"object","properties":{"password":{"description":"A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.\n","type":"string"},"secretsUrl":{"description":"The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`.\n","type":"string"},"user":{"description":"A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.\n","type":"string"}}},"defender_secrets":{"title":"Connector secrets properties for a Microsoft Defender for Endpoint connector","required":["clientSecret"],"description":"Defines secrets for connectors when type is `..microsoft_defender_endpoint`.","type":"object","properties":{"clientSecret":{"description":"The client secret for your app in the Azure portal.","type":"string"}}},"run_acknowledge_resolve_pagerduty":{"title":"PagerDuty connector parameters","description":"Test an action that acknowledges or resolves a PagerDuty alert.","type":"object","required":["dedupKey","eventAction"],"properties":{"dedupKey":{"description":"The deduplication key for the PagerDuty alert.","type":"string","maxLength":255},"eventAction":{"description":"The type of event.","type":"string","enum":["acknowledge","resolve"]}}},"run_documents":{"title":"Index connector parameters","description":"Test an action that indexes a document into Elasticsearch.","type":"object","required":["documents"],"properties":{"documents":{"type":"array","description":"The documents in JSON format for index connectors.","items":{"type":"object","additionalProperties":true}}}},"run_message_email":{"title":"Email connector parameters","description":"Test an action that sends an email message. There must be at least one recipient in `to`, `cc`, or `bcc`.\n","type":"object","required":["message","subject",{"anyOf":["to","cc","bcc"]}],"properties":{"bcc":{"type":"array","items":{"type":"string"},"description":"A list of \"blind carbon copy\" email addresses. Addresses can be specified in `user@host-name` format or in name `\u003cuser@host-name\u003e` format\n"},"cc":{"type":"array","items":{"type":"string"},"description":"A list of \"carbon copy\" email addresses. Addresses can be specified in `user@host-name` format or in name `\u003cuser@host-name\u003e` format \n"},"message":{"type":"string","description":"The email message text. Markdown format is supported."},"subject":{"type":"string","description":"The subject line of the email."},"to":{"type":"array","description":"A list of email addresses. Addresses can be specified in `user@host-name` format or in name `\u003cuser@host-name\u003e` format.\n","items":{"type":"string"}}}},"run_message_serverlog":{"title":"Server log connector parameters","description":"Test an action that writes an entry to the Kibana server log.","type":"object","required":["message"],"properties":{"level":{"type":"string","description":"The log level of the message for server log connectors.","enum":["debug","error","fatal","info","trace","warn"],"default":"info"},"message":{"type":"string","description":"The message for server log connectors."}}},"run_message_slack":{"title":"Slack connector parameters","description":"Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack`.\n","type":"object","required":["message"],"properties":{"message":{"type":"string","description":"The Slack message text, which cannot contain Markdown, images, or other advanced formatting."}}},"run_trigger_pagerduty":{"title":"PagerDuty connector parameters","description":"Test an action that triggers a PagerDuty alert.","type":"object","required":["eventAction"],"properties":{"class":{"description":"The class or type of the event.","type":"string","example":"cpu load"},"component":{"description":"The component of the source machine that is responsible for the event.","type":"string","example":"eth0"},"customDetails":{"description":"Additional details to add to the event.","type":"object"},"dedupKey":{"description":"All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution.\n","type":"string","maxLength":255},"eventAction":{"description":"The type of event.","type":"string","enum":["trigger"]},"group":{"description":"The logical grouping of components of a service.","type":"string","example":"app-stack"},"links":{"description":"A list of links to add to the event.","type":"array","items":{"type":"object","properties":{"href":{"description":"The URL for the link.","type":"string"},"text":{"description":"A plain text description of the purpose of the link.","type":"string"}}}},"severity":{"description":"The severity of the event on the affected system.","type":"string","enum":["critical","error","info","warning"],"default":"info"},"source":{"description":"The affected system, such as a hostname or fully qualified domain name. Defaults to the Kibana saved object id of the action.\n","type":"string"},"summary":{"description":"A summery of the event.","type":"string","maxLength":1024},"timestamp":{"description":"An ISO-8601 timestamp that indicates when the event was detected or generated.","type":"string","format":"date-time"}}},"run_addevent":{"title":"The addEvent subaction","type":"object","required":["subAction"],"description":"The `addEvent` subaction for ServiceNow ITOM connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["addEvent"]},"subActionParams":{"type":"object","description":"The set of configuration properties for the action.","properties":{"additional_info":{"type":"string","description":"Additional information about the event."},"description":{"type":"string","description":"The details about the event."},"event_class":{"type":"string","description":"A specific instance of the source."},"message_key":{"type":"string","description":"All actions sharing this key are associated with the same ServiceNow alert. The default value is `\u003crule ID\u003e:\u003calert instance ID\u003e`."},"metric_name":{"type":"string","description":"The name of the metric."},"node":{"type":"string","description":"The host that the event was triggered for."},"resource":{"type":"string","description":"The name of the resource."},"severity":{"type":"string","description":"The severity of the event."},"source":{"type":"string","description":"The name of the event source type."},"time_of_event":{"type":"string","description":"The time of the event."},"type":{"type":"string","description":"The type of event."}}}}},"run_closealert":{"title":"The closeAlert subaction","type":"object","required":["subAction","subActionParams"],"description":"The `closeAlert` subaction for Opsgenie connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["closeAlert"]},"subActionParams":{"type":"object","required":["alias"],"properties":{"alias":{"type":"string","description":"The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert."},"note":{"type":"string","description":"Additional information for the alert."},"source":{"type":"string","description":"The display name for the source of the alert."},"user":{"type":"string","description":"The display name for the owner."}}}}},"run_closeincident":{"title":"The closeIncident subaction","type":"object","required":["subAction","subActionParams"],"description":"The `closeIncident` subaction for ServiceNow ITSM connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["closeIncident"]},"subActionParams":{"type":"object","required":["incident"],"properties":{"incident":{"type":"object","anyOf":[{"required":["correlation_id"]},{"required":["externalId"]}],"properties":{"correlation_id":{"type":"string","nullable":true,"description":"An identifier that is assigned to the incident when it is created by the connector. NOTE: If you use the default value and the rule generates multiple alerts that use the same alert IDs, the latest open incident for this correlation ID is closed unless you specify the external ID.\n","maxLength":100,"default":"{{rule.id}}:{{alert.id}}"},"externalId":{"type":"string","nullable":true,"description":"The unique identifier (`incidentId`) for the incident in ServiceNow."}}}}}}},"run_createalert":{"title":"The createAlert subaction","type":"object","required":["subAction","subActionParams"],"description":"The `createAlert` subaction for Opsgenie and TheHive connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["createAlert"]},"subActionParams":{"type":"object","properties":{"actions":{"type":"array","description":"The custom actions available to the alert in Opsgenie connectors.","items":{"type":"string"}},"alias":{"type":"string","description":"The unique identifier used for alert deduplication in Opsgenie."},"description":{"type":"string","description":"A description that provides detailed information about the alert."},"details":{"type":"object","description":"The custom properties of the alert in Opsgenie connectors.","additionalProperties":true,"example":{"key1":"value1","key2":"value2"}},"entity":{"type":"string","description":"The domain of the alert in Opsgenie connectors. For example, the application or server name."},"message":{"type":"string","description":"The alert message in Opsgenie connectors."},"note":{"type":"string","description":"Additional information for the alert in Opsgenie connectors."},"priority":{"type":"string","description":"The priority level for the alert in Opsgenie connectors.","enum":["P1","P2","P3","P4","P5"]},"responders":{"type":"array","description":"The entities to receive notifications about the alert in Opsgenie connectors. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required.\n","items":{"type":"object","properties":{"id":{"type":"string","description":"The identifier for the entity."},"name":{"type":"string","description":"The name of the entity."},"type":{"type":"string","description":"The type of responders, in this case `escalation`.","enum":["escalation","schedule","team","user"]},"username":{"type":"string","description":"A valid email address for the user."}}}},"severity":{"type":"integer","minimum":1,"maximum":4,"description":"The severity of the incident for TheHive connectors. The value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium).\n"},"source":{"type":"string","description":"The display name for the source of the alert in Opsgenie and TheHive connectors."},"sourceRef":{"type":"string","description":"A source reference for the alert in TheHive connectors."},"tags":{"type":"array","description":"The tags for the alert in Opsgenie and TheHive connectors.","items":{"type":"string"}},"title":{"type":"string","description":"A title for the incident for TheHive connectors. It is used for searching the contents of the knowledge base.\n"},"tlp":{"type":"integer","minimum":0,"maximum":4,"default":2,"description":"The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red).\n"},"type":{"type":"string","description":"The type of alert in TheHive connectors."},"user":{"type":"string","description":"The display name for the owner."},"visibleTo":{"type":"array","description":"The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.","items":{"type":"object","required":["type"],"properties":{"id":{"type":"string","description":"The identifier for the entity."},"name":{"type":"string","description":"The name of the entity."},"type":{"type":"string","description":"Valid values are `team` and `user`.","enum":["team","user"]},"username":{"type":"string","description":"The user name. This property is required only when the `type` is `user`."}}}}}}}},"run_fieldsbyissuetype":{"title":"The fieldsByIssueType subaction","type":"object","required":["subAction","subActionParams"],"description":"The `fieldsByIssueType` subaction for Jira connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["fieldsByIssueType"]},"subActionParams":{"type":"object","required":["id"],"properties":{"id":{"type":"string","description":"The Jira issue type identifier.","example":10024}}}}},"run_getagentdetails":{"title":"The getAgentDetails subaction","type":"object","required":["subAction","subActionParams"],"description":"The `getAgentDetails` subaction for CrowdStrike connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["getAgentDetails"]},"subActionParams":{"type":"object","description":"The set of configuration properties for the action.","required":["ids"],"properties":{"ids":{"type":"array","description":"An array of CrowdStrike agent identifiers.","items":{"type":"string"}}}}}},"run_getagents":{"title":"The getAgents subaction","type":"object","required":["subAction"],"description":"The `getAgents` subaction for SentinelOne connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["getAgents"]}}},"run_getchoices":{"title":"The getChoices subaction","type":"object","required":["subAction","subActionParams"],"description":"The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["getChoices"]},"subActionParams":{"type":"object","description":"The set of configuration properties for the action.","required":["fields"],"properties":{"fields":{"type":"array","description":"An array of fields.","items":{"type":"string"}}}}}},"run_getfields":{"title":"The getFields subaction","type":"object","required":["subAction"],"description":"The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["getFields"]}}},"run_getincident":{"title":"The getIncident subaction","type":"object","description":"The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.","required":["subAction","subActionParams"],"properties":{"subAction":{"type":"string","description":"The action to test.","enum":["getIncident"]},"subActionParams":{"type":"object","required":["externalId"],"properties":{"externalId":{"type":"string","description":"The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.","example":71778}}}}},"run_issue":{"title":"The issue subaction","type":"object","required":["subAction"],"description":"The `issue` subaction for Jira connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["issue"]},"subActionParams":{"type":"object","required":["id"],"properties":{"id":{"type":"string","description":"The Jira issue identifier.","example":71778}}}}},"run_issues":{"title":"The issues subaction","type":"object","required":["subAction","subActionParams"],"description":"The `issues` subaction for Jira connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["issues"]},"subActionParams":{"type":"object","required":["title"],"properties":{"title":{"type":"string","description":"The title of the Jira issue."}}}}},"run_issuetypes":{"title":"The issueTypes subaction","type":"object","required":["subAction"],"description":"The `issueTypes` subaction for Jira connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["issueTypes"]}}},"run_postmessage":{"title":"The postMessage subaction","type":"object","description":"Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack_api`.\n","required":["subAction","subActionParams"],"properties":{"subAction":{"type":"string","description":"The action to test.","enum":["postMessage"]},"subActionParams":{"type":"object","description":"The set of configuration properties for the action.","properties":{"channelIds":{"type":"array","maxItems":1,"description":"The Slack channel identifier, which must be one of the `allowedChannels` in the connector configuration.\n","items":{"type":"string"}},"channels":{"type":"array","deprecated":true,"description":"The name of a channel that your Slack app has access to.\n","maxItems":1,"items":{"type":"string"}},"text":{"type":"string","description":"The Slack message text. If it is a Slack webhook connector, the text cannot contain Markdown, images, or other advanced formatting. If it is a Slack web API connector, it can contain either plain text or block kit messages.\n","minLength":1}}}}},"run_pushtoservice":{"title":"The pushToService subaction","type":"object","required":["subAction","subActionParams"],"description":"The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors.","properties":{"subAction":{"type":"string","description":"The action to test.","enum":["pushToService"]},"subActionParams":{"type":"object","description":"The set of configuration properties for the action.","properties":{"comments":{"type":"array","description":"Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, or TheHive.","items":{"type":"object","properties":{"comment":{"type":"string","description":"A comment related to the incident. For example, describe how to troubleshoot the issue."},"commentId":{"type":"integer","description":"A unique identifier for the comment."}}}},"incident":{"type":"object","description":"Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, Swimlane, or TheHive incident.","properties":{"additional_fields":{"type":"string","nullable":true,"maxLength":20,"description":"Additional fields for ServiceNow ITSM and ServiveNow SecOps connectors. The fields must exist in the Elastic ServiceNow application and must be specified in JSON format.\n"},"alertId":{"type":"string","description":"The alert identifier for Swimlane connectors."},"caseId":{"type":"string","description":"The case identifier for the incident for Swimlane connectors."},"caseName":{"type":"string","description":"The case name for the incident for Swimlane connectors."},"category":{"type":"string","description":"The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors."},"correlation_display":{"type":"string","description":"A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors."},"correlation_id":{"type":"string","description":"The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.\n"},"description":{"type":"string","description":"The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors."},"dest_ip":{"description":"A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.\n","oneOf":[{"type":"string"},{"type":"array","items":{"type":"string"}}]},"externalId":{"type":"string","description":"The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.\n"},"id":{"type":"string","description":"The external case identifier for Webhook - Case Management connectors."},"impact":{"type":"string","description":"The impact of the incident for ServiceNow ITSM connectors."},"issueType":{"type":"integer","description":"The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`."},"labels":{"type":"array","items":{"type":"string"},"description":"The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.\n"},"malware_hash":{"description":"A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.","oneOf":[{"type":"string"},{"type":"array","items":{"type":"string"}}]},"malware_url":{"type":"string","description":"A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.","oneOf":[{"type":"string"},{"type":"array","items":{"type":"string"}}]},"otherFields":{"type":"object","additionalProperties":true,"maxProperties":20,"description":"Custom field identifiers and their values for Jira connectors.\n"},"parent":{"type":"string","description":"The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues."},"priority":{"type":"string","description":"The priority of the incident in Jira and ServiceNow SecOps connectors."},"ruleName":{"type":"string","description":"The rule name for Swimlane connectors."},"severity":{"type":"integer","description":"The severity of the incident for ServiceNow ITSM, Swimlane, and TheHive connectors. In TheHive connectors, the severity value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium).\n"},"short_description":{"type":"string","description":"A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.\n"},"source_ip":{"description":"A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.","oneOf":[{"type":"string"},{"type":"array","items":{"type":"string"}}]},"status":{"type":"string","description":"The status of the incident for Webhook - Case Management connectors."},"subcategory":{"type":"string","description":"The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors."},"summary":{"type":"string","description":"A summary of the incident for Jira connectors."},"tags":{"type":"array","items":{"type":"string"},"description":"A list of tags for TheHive and Webhook - Case Management connectors."},"title":{"type":"string","description":"A title for the incident for Jira, TheHive, and Webhook - Case Management connectors. It is used for searching the contents of the knowledge base.\n"},"tlp":{"type":"integer","minimum":0,"maximum":4,"default":2,"description":"The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red).\n"},"urgency":{"type":"string","description":"The urgency of the incident for ServiceNow ITSM connectors."}}}}}}},"run_validchannelid":{"title":"The validChannelId subaction","type":"object","description":"Retrieves information about a valid Slack channel identifier. It is applicable only when the connector type is `.slack_api`.\n","required":["subAction","subActionParams"],"properties":{"subAction":{"type":"string","description":"The action to test.","enum":["validChannelId"]},"subActionParams":{"type":"object","required":["channelId"],"properties":{"channelId":{"type":"string","description":"The Slack channel identifier.","example":"C123ABC456"}}}}},"params_property_apm_anomaly":{"required":["windowSize","windowUnit","environment","anomalySeverityType"],"properties":{"serviceName":{"type":"string","description":"Filter the rule to apply to a specific service name."},"transactionType":{"type":"string","description":"Filter the rule to apply to a specific transaction type."},"windowSize":{"type":"number","example":6,"description":"The size of the time window (in `windowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.\n"},"windowUnit":{"type":"string","description":"The type of units for the time window. For example: minutes, hours, or days.\n","enum":["m","h","d"]},"environment":{"type":"string","description":"Filter the rule to apply to a specific environment."},"anomalySeverityType":{"type":"string","description":"The severity of anomalies that will generate alerts: critical, major, minor, or warning.\n","enum":["critical","major","minor","warning"]}}},"params_property_apm_error_count":{"required":["windowSize","windowUnit","threshold","environment"],"properties":{"serviceName":{"type":"string","description":"Filter the errors coming from your application to apply the rule to a specific service."},"windowSize":{"type":"number","description":"The time frame in which the errors must occur (in `windowUnit` units). Generally it should be a value higher than the rule check interval to avoid gaps in detection.\n","example":6},"windowUnit":{"type":"string","description":"The type of units for the time window: minutes, hours, or days.\n","enum":["m","h","d"]},"environment":{"type":"string","description":"Filter the errors coming from your application to apply the rule to a specific environment."},"threshold":{"type":"number","description":"The error count threshold."},"groupBy":{"type":"array","default":["service.name","service.environment"],"uniqueItems":true,"items":{"type":"string","enum":["service.name","service.environment","transaction.name","error.grouping_key"]},"description":"Perform a composite aggregation against the selected fields. When any of these groups match the selected rule conditions, an alert is triggered per group.\n"},"errorGroupingKey":{"type":"string","description":"Filter the errors coming from your application to apply the rule to a specific error grouping key, which is a hash of the stack trace and other properties.\n"}}},"params_property_apm_transaction_duration":{"required":["windowSize","windowUnit","threshold","environment","aggregationType"],"properties":{"serviceName":{"type":"string","description":"Filter the rule to apply to a specific service."},"transactionType":{"type":"string","description":"Filter the rule to apply to a specific transaction type."},"transactionName":{"type":"string","description":"Filter the rule to apply to a specific transaction name."},"windowSize":{"type":"number","description":"The size of the time window (in `windowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.\n","example":6},"windowUnit":{"type":"string","description":"The type of units for the time window. For example: minutes, hours, or days.\n","enum":["m","h","d"]},"environment":{"type":"string","description":"Filter the rule to apply to a specific environment."},"threshold":{"type":"number","description":"The latency threshold value."},"groupBy":{"type":"array","default":["service.name","service.environment","transaction.type"],"uniqueItems":true,"items":{"type":"string","enum":["service.name","service.environment","transaction.type","transaction.name"]},"description":"Perform a composite aggregation against the selected fields. When any of these groups match the selected rule conditions, an alert is triggered per group.\n"},"aggregationType":{"type":"string","enum":["avg","95th","99th"],"description":"The type of aggregation to perform."}}},"params_property_apm_transaction_error_rate":{"required":["windowSize","windowUnit","threshold","environment"],"properties":{"serviceName":{"type":"string","description":"The service name from APM"},"transactionType":{"type":"string","description":"The transaction type from APM"},"transactionName":{"type":"string","description":"The transaction name from APM"},"windowSize":{"type":"number","description":"The window size","example":6},"windowUnit":{"type":"string","description":"The window size unit","enum":["m","h","d"]},"environment":{"type":"string","description":"The environment from APM"},"threshold":{"type":"number","description":"The error rate threshold value"},"groupBy":{"type":"array","default":["service.name","service.environment","transaction.type"],"uniqueItems":true,"items":{"type":"string","enum":["service.name","service.environment","transaction.type","transaction.name"]}}}},"aggfield":{"description":"The name of the numeric field that is used in the aggregation. This property is required when `aggType` is `avg`, `max`, `min` or `sum`.\n","type":"string"},"aggtype":{"description":"The type of aggregation to perform.","type":"string","enum":["avg","count","max","min","sum"],"default":"count"},"excludehitsfrompreviousrun":{"description":"Indicates whether to exclude matches from previous runs. If `true`, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified.\n","type":"boolean"},"groupby":{"description":"Indicates whether the aggregation is applied over all documents (`all`) or split into groups (`top`) using a grouping field (`termField`). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to `termSize` number of groups) are checked.\n","type":"string","enum":["all","top"],"default":"all"},"size":{"description":"The number of documents to pass to the configured actions when the threshold condition is met.\n","type":"integer"},"termfield":{"description":"The names of up to four fields that are used for grouping the aggregation. This property is required when `groupBy` is `top`.\n","oneOf":[{"type":"string"},{"type":"array","items":{"type":"string"},"maxItems":4}]},"termsize":{"description":"This property is required when `groupBy` is `top`. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields.\n","type":"integer"},"threshold":{"description":"The threshold value that is used with the `thresholdComparator`. If the `thresholdComparator` is `between` or `notBetween`, you must specify the boundary values.\n","type":"array","items":{"type":"integer","example":4000}},"thresholdcomparator":{"description":"The comparison function for the threshold. For example, \"is above\", \"is above or equals\", \"is below\", \"is below or equals\", \"is between\", and \"is not between\".","type":"string","enum":["\u003e","\u003e=","\u003c","\u003c=","between","notBetween"],"example":"\u003e"},"timefield":{"description":"The field that is used to calculate the time window.","type":"string"},"timewindowsize":{"description":"The size of the time window (in `timeWindowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.\n","type":"integer","example":5},"timewindowunit":{"description":"The type of units for the time window: seconds, minutes, hours, or days.\n","type":"string","enum":["s","m","h","d"],"example":"m"},"params_es_query_dsl_rule":{"title":"Elasticsearch DSL query rule params","description":"An Elasticsearch query rule can run a query defined in Elasticsearch Query DSL and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.\n","type":"object","required":["esQuery","index","threshold","thresholdComparator","timeField","timeWindowSize","timeWindowUnit"],"properties":{"aggField":{"$ref":"#/components/schemas/aggfield"},"aggType":{"$ref":"#/components/schemas/aggtype"},"esQuery":{"description":"The query definition, which uses Elasticsearch Query DSL.","type":"string"},"excludeHitsFromPreviousRun":{"$ref":"#/components/schemas/excludehitsfrompreviousrun"},"groupBy":{"$ref":"#/components/schemas/groupby"},"index":{"description":"The indices to query.","oneOf":[{"type":"array","items":{"type":"string"}},{"type":"string"}]},"searchType":{"description":"The type of query, in this case a query that uses Elasticsearch Query DSL.","type":"string","enum":["esQuery"],"default":"esQuery","example":"esQuery"},"size":{"$ref":"#/components/schemas/size"},"termField":{"$ref":"#/components/schemas/termfield"},"termSize":{"$ref":"#/components/schemas/termsize"},"threshold":{"$ref":"#/components/schemas/threshold"},"thresholdComparator":{"$ref":"#/components/schemas/thresholdcomparator"},"timeField":{"$ref":"#/components/schemas/timefield"},"timeWindowSize":{"$ref":"#/components/schemas/timewindowsize"},"timeWindowUnit":{"$ref":"#/components/schemas/timewindowunit"}}},"params_es_query_esql_rule":{"title":"Elasticsearch ES|QL query rule params","description":"An Elasticsearch query rule can run an ES|QL query and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.\n","type":"object","required":["esqlQuery","searchType","size","threshold","thresholdComparator","timeWindowSize","timeWindowUnit"],"properties":{"aggField":{"$ref":"#/components/schemas/aggfield"},"aggType":{"$ref":"#/components/schemas/aggtype"},"esqlQuery":{"type":"object","required":["esql"],"properties":{"esql":{"description":"The query definition, which uses Elasticsearch Query Language.","type":"string"}}},"excludeHitsFromPreviousRun":{"$ref":"#/components/schemas/excludehitsfrompreviousrun"},"groupBy":{"$ref":"#/components/schemas/groupby"},"searchType":{"description":"The type of query, in this case a query that uses Elasticsearch Query Language (ES|QL).","type":"string","enum":["esqlQuery"],"example":"esqlQuery"},"size":{"type":"integer","description":"When `searchType` is `esqlQuery`, this property is required but it does not affect the rule behavior.\n","example":0},"termSize":{"$ref":"#/components/schemas/termsize"},"threshold":{"type":"array","items":{"type":"integer","minimum":0,"maximum":0},"description":"The threshold value that is used with the `thresholdComparator`. When `searchType` is `esqlQuery`, this property is required and must be set to zero.\n"},"thresholdComparator":{"type":"string","description":"The comparison function for the threshold. When `searchType` is `esqlQuery`, this property is required and must be set to \"\u003e\". Since the `threshold` value must be `0`, the result is that an alert occurs whenever the query returns results.\n","enum":["\u003e"],"example":"\u003e"},"timeField":{"$ref":"#/components/schemas/timefield"},"timeWindowSize":{"$ref":"#/components/schemas/timewindowsize"},"timeWindowUnit":{"$ref":"#/components/schemas/timewindowunit"}}},"filter":{"type":"object","description":"A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.","properties":{"meta":{"type":"object","properties":{"alias":{"type":"string","nullable":true},"controlledBy":{"type":"string"},"disabled":{"type":"boolean"},"field":{"type":"string"},"group":{"type":"string"},"index":{"type":"string"},"isMultiIndex":{"type":"boolean"},"key":{"type":"string"},"negate":{"type":"boolean"},"params":{"type":"object"},"type":{"type":"string"},"value":{"type":"string"}}},"query":{"type":"object"},"$state":{"type":"object"}}},"params_es_query_kql_rule":{"title":"Elasticsearch KQL query rule params","description":"An Elasticsearch query rule can run a query defined in KQL or Lucene and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.\n","type":"object","required":["searchType","size","threshold","thresholdComparator","timeWindowSize","timeWindowUnit"],"properties":{"aggField":{"$ref":"#/components/schemas/aggfield"},"aggType":{"$ref":"#/components/schemas/aggtype"},"excludeHitsFromPreviousRun":{"$ref":"#/components/schemas/excludehitsfrompreviousrun"},"groupBy":{"$ref":"#/components/schemas/groupby"},"searchConfiguration":{"description":"The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch.","type":"object","properties":{"filter":{"type":"array","items":{"$ref":"#/components/schemas/filter"}},"index":{"description":"The indices to query.","oneOf":[{"type":"string"},{"type":"array","items":{"type":"string"}}]},"query":{"type":"object","properties":{"language":{"type":"string","example":"kuery"},"query":{"type":"string"}}}}},"searchType":{"description":"The type of query, in this case a text-based query that uses KQL or Lucene.","type":"string","enum":["searchSource"],"example":"searchSource"},"size":{"$ref":"#/components/schemas/size"},"termField":{"$ref":"#/components/schemas/termfield"},"termSize":{"$ref":"#/components/schemas/termsize"},"threshold":{"$ref":"#/components/schemas/threshold"},"thresholdComparator":{"$ref":"#/components/schemas/thresholdcomparator"},"timeField":{"$ref":"#/components/schemas/timefield"},"timeWindowSize":{"$ref":"#/components/schemas/timewindowsize"},"timeWindowUnit":{"$ref":"#/components/schemas/timewindowunit"}}},"params_index_threshold_rule":{"title":"Index threshold rule params","description":"An index threshold rule runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met. These parameters are appropriate when `rule_type_id` is `.index-threshold`.","type":"object","required":["index","threshold","thresholdComparator","timeField","timeWindowSize","timeWindowUnit"],"properties":{"aggField":{"$ref":"#/components/schemas/aggfield"},"aggType":{"$ref":"#/components/schemas/aggtype"},"filterKuery":{"description":"A KQL expression thats limits the scope of alerts.","type":"string"},"groupBy":{"$ref":"#/components/schemas/groupby"},"index":{"description":"The indices to query.","type":"array","items":{"type":"string"}},"termField":{"$ref":"#/components/schemas/termfield"},"termSize":{"$ref":"#/components/schemas/termsize"},"threshold":{"$ref":"#/components/schemas/threshold"},"thresholdComparator":{"$ref":"#/components/schemas/thresholdcomparator"},"timeField":{"$ref":"#/components/schemas/timefield"},"timeWindowSize":{"$ref":"#/components/schemas/timewindowsize"},"timeWindowUnit":{"$ref":"#/components/schemas/timewindowunit"}}},"params_property_infra_inventory":{"properties":{"criteria":{"type":"array","items":{"type":"object","properties":{"metric":{"type":"string","enum":["count","cpu","diskLatency","load","memory","memoryTotal","tx","rx","logRate","diskIOReadBytes","diskIOWriteBytes","s3TotalRequests","s3NumberOfObjects","s3BucketSize","s3DownloadBytes","s3UploadBytes","rdsConnections","rdsQueriesExecuted","rdsActiveTransactions","rdsLatency","sqsMessagesVisible","sqsMessagesDelayed","sqsMessagesSent","sqsMessagesEmpty","sqsOldestMessage","custom"]},"timeSize":{"type":"number"},"timeUnit":{"type":"string","enum":["s","m","h","d"]},"sourceId":{"type":"string"},"threshold":{"type":"array","items":{"type":"number"}},"comparator":{"type":"string","enum":["\u003c","\u003c=","\u003e","\u003e=","between","outside"]},"customMetric":{"type":"object","properties":{"type":{"type":"string","enum":["custom"]},"field":{"type":"string"},"aggregation":{"type":"string","enum":["avg","max","min","rate"]},"id":{"type":"string"},"label":{"type":"string"}}},"warningThreshold":{"type":"array","items":{"type":"number"}},"warningComparator":{"type":"string","enum":["\u003c","\u003c=","\u003e","\u003e=","between","outside"]}}}},"filterQuery":{"type":"string"},"filterQueryText":{"type":"string"},"nodeType":{"type":"string","enum":["host","pod","container","awsEC2","awsS3","awsSQS","awsRDS"]},"sourceId":{"type":"string"},"alertOnNoData":{"type":"boolean"}}},"params_property_log_threshold":{"oneOf":[{"title":"Count","type":"object","required":["count","timeSize","timeUnit","logView"],"properties":{"criteria":{"type":"array","items":{"type":"object","properties":{"field":{"type":"string","example":"my.field"},"comparator":{"type":"string","enum":["more than","more than or equals","less than","less than or equals","equals","does not equal","matches","does not match","matches phrase","does not match phrase"]},"value":{"oneOf":[{"type":"number","example":42},{"type":"string","example":"value"}]}}}},"count":{"type":"object","properties":{"comparator":{"type":"string","enum":["more than","more than or equals","less than","less than or equals","equals","does not equal","matches","does not match","matches phrase","does not match phrase"]},"value":{"type":"number","example":100}}},"timeSize":{"type":"number","example":6},"timeUnit":{"type":"string","enum":["s","m","h","d"]},"logView":{"type":"object","properties":{"logViewId":{"type":"string"},"type":{"type":"string","enum":["log-view-reference"],"example":"log-view-reference"}}},"groupBy":{"type":"array","items":{"type":"string"}}}},{"title":"Ratio","type":"object","required":["count","timeSize","timeUnit","logView"],"properties":{"criteria":{"type":"array","items":{"minItems":2,"maxItems":2,"type":"array","items":{"type":"object","properties":{"field":{"type":"string","example":"my.field"},"comparator":{"type":"string","enum":["more than","more than or equals","less than","less than or equals","equals","does not equal","matches","does not match","matches phrase","does not match phrase"]},"value":{"oneOf":[{"type":"number","example":42},{"type":"string","example":"value"}]}}}}},"count":{"type":"object","properties":{"comparator":{"type":"string","enum":["more than","more than or equals","less than","less than or equals","equals","does not equal","matches","does not match","matches phrase","does not match phrase"]},"value":{"type":"number","example":100}}},"timeSize":{"type":"number","example":6},"timeUnit":{"type":"string","enum":["s","m","h","d"]},"logView":{"type":"object","properties":{"logViewId":{"type":"string"},"type":{"type":"string","enum":["log-view-reference"],"example":"log-view-reference"}}},"groupBy":{"type":"array","items":{"type":"string"}}}}]},"params_property_infra_metric_threshold":{"properties":{"criteria":{"type":"array","items":{"oneOf":[{"title":"non count criterion","type":"object","properties":{"threshold":{"type":"array","items":{"type":"number"},"description":"The threshold value that is used with the `comparator`. If the `comparator` is `between`, you must specify the boundary values.\n"},"comparator":{"type":"string","enum":["\u003c","\u003c=","\u003e","\u003e=","between","outside"],"description":"The comparison function for the threshold. For example, \"is above\", \"is above or equals\", \"is below\", \"is below or equals\", \"is between\", and \"outside\".\n"},"timeUnit":{"type":"string","enum":["s","m","h","d"],"description":"The type of units for the time window: seconds, minutes, hours, or days.\n"},"timeSize":{"type":"number","description":"The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.\n"},"warningThreshold":{"type":"array","items":{"type":"number"},"description":"The threshold value that is used with the `warningComparator`. If the `warningComparator` is `between`, you must specify the boundary values.\n"},"warningComparator":{"type":"string","enum":["\u003c","\u003c=","\u003e","\u003e=","between","outside"]},"metric":{"type":"string"},"aggType":{"type":"string","enum":["avg","max","min","cardinality","rate","count","sum","p95","p99","custom"]}}},{"title":"count criterion","type":"object","properties":{"threshold":{"type":"array","items":{"type":"number"}},"comparator":{"type":"string","enum":["\u003c","\u003c=","\u003e","\u003e=","between","outside"]},"timeUnit":{"type":"string","enum":["s","m","h","d"],"description":"The type of units for the time window: seconds, minutes, hours, or days.\n"},"timeSize":{"type":"number","description":"The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.\n"},"warningThreshold":{"type":"array","items":{"type":"number"}},"warningComparator":{"type":"string","enum":["\u003c","\u003c=","\u003e","\u003e=","between","outside"]},"aggType":{"type":"string","enum":["count"]}}},{"title":"custom criterion","type":"object","properties":{"threshold":{"type":"array","items":{"type":"number"}},"comparator":{"type":"string","enum":["\u003c","\u003c=","\u003e","\u003e=","between","outside"]},"timeUnit":{"type":"string","enum":["s","m","h","d"],"description":"The type of units for the time window: seconds, minutes, hours, or days.\n"},"timeSize":{"type":"number","description":"The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.\n"},"warningThreshold":{"type":"array","items":{"type":"number"}},"warningComparator":{"type":"string","enum":["\u003c","\u003c=","\u003e","\u003e=","between","outside"]},"aggType":{"type":"string","enum":["custom"]},"customMetric":{"type":"array","items":{"oneOf":[{"type":"object","properties":{"name":{"type":"string"},"aggType":{"type":"string","enum":["avg","sum","max","min","cardinality"],"description":"An aggregation to gather data for the rule. For example, find the average, highest or lowest value of a numeric field. Or use a cardinality aggregation to find the approximate number of unique values in a field. \n"},"field":{"type":"string"}}},{"type":"object","properties":{"name":{"type":"string"},"aggType":{"type":"string","enum":["count"]},"filter":{"type":"string"}}}]}},"equation":{"type":"string"},"label":{"type":"string"}}}]}},"groupBy":{"oneOf":[{"type":"string"},{"type":"array","items":{"type":"string"}}],"description":"Create an alert for every unique value of the specified fields. For example, you can create a rule per host or every mount point of each host.\nIMPORTANT: If you include the same field in both the `filterQuery` and `groupBy`, you might receive fewer results than you expect. For example, if you filter by `cloud.region: us-east`, grouping by `cloud.region` will have no effect because the filter query can match only one region.\n"},"filterQuery":{"type":"string","description":"A query that limits the scope of the rule. The rule evaluates only metric data that matches the query.\n"},"sourceId":{"type":"string"},"alertOnNoData":{"type":"boolean","description":"If true, an alert occurs if the metrics do not report any data over the expected period or if the query fails."},"alertOnGroupDisappear":{"type":"boolean","description":"If true, an alert occurs if a group that previously reported metrics does not report them again over the expected time period. This check is not recommended for dynamically scaling infrastructures that might rapidly start and stop nodes automatically.\n"}}},"params_property_slo_burn_rate":{"properties":{"sloId":{"description":"The SLO identifier used by the rule","type":"string","example":"8853df00-ae2e-11ed-90af-09bb6422b258"},"burnRateThreshold":{"description":"The burn rate threshold used to trigger the alert","type":"number","example":14.4},"maxBurnRateThreshold":{"description":"The maximum burn rate threshold value defined by the SLO error budget","type":"number","example":168},"longWindow":{"description":"The duration of the long window used to compute the burn rate","type":"object","properties":{"value":{"description":"The duration value","type":"number","example":6},"unit":{"description":"The duration unit","type":"string","example":"h"}}},"shortWindow":{"description":"The duration of the short window used to compute the burn rate","type":"object","properties":{"value":{"description":"The duration value","type":"number","example":30},"unit":{"description":"The duration unit","type":"string","example":"m"}}}}},"params_property_synthetics_uptime_tls":{"properties":{"search":{"type":"string"},"certExpirationThreshold":{"type":"number"},"certAgeThreshold":{"type":"number"}}},"params_property_synthetics_monitor_status":{"required":["numTimes","shouldCheckStatus","shouldCheckAvailability"],"properties":{"availability":{"type":"object","properties":{"range":{"type":"number"},"rangeUnit":{"type":"string"},"threshold":{"type":"string"}}},"filters":{"oneOf":[{"type":"string"},{"type":"object","deprecated":true,"properties":{"monitor.type":{"type":"array","items":{"type":"string"}},"observer.geo.name":{"type":"array","items":{"type":"string"}},"tags":{"type":"array","items":{"type":"string"}},"url.port":{"type":"array","items":{"type":"string"}}}}]},"locations":{"deprecated":true,"type":"array","items":{"type":"string"}},"numTimes":{"type":"number"},"search":{"type":"string"},"shouldCheckStatus":{"type":"boolean"},"shouldCheckAvailability":{"type":"boolean"},"timerangeCount":{"type":"number"},"timerangeUnit":{"type":"string"},"timerange":{"deprecated":true,"type":"object","properties":{"from":{"type":"string"},"to":{"type":"string"}}},"version":{"type":"number"},"isAutoGenerated":{"type":"boolean"}}}},"securitySchemes":{"apiKeyAuth":{"description":"These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: `Authorization: ApiKey base64AccessApiKey`\n","in":"header","name":"Authorization","type":"apiKey"},"basicAuth":{"scheme":"basic","type":"http"}}},"x-topics":[{"title":"Kibana spaces","content":"Spaces enable you to organize your dashboards and other saved objects into meaningful categories.\nYou can use the default space or create your own spaces.\n\nTo run APIs in non-default spaces, you must add `s/{space_id}/` to the path.\nFor example:\n\n```\ncurl -X GET \"http://localhost:5601/s/marketing/api/data_views\"\n```\n\nIf you use the Kibana console to send API requests, it automatically adds the appropriate space identifier.\n\nTo learn more, check out [Spaces](https://www.elastic.co/docs/deploy-manage/manage-spaces).\n"}]} \ No newline at end of file diff --git a/src/Elastic.ApiExplorer/OpenApiGenerator.cs b/src/Elastic.ApiExplorer/OpenApiGenerator.cs index 595430bee..13c07bd9e 100644 --- a/src/Elastic.ApiExplorer/OpenApiGenerator.cs +++ b/src/Elastic.ApiExplorer/OpenApiGenerator.cs @@ -10,6 +10,7 @@ using Elastic.Documentation.Site.FileProviders; using Elastic.Documentation.Site.Navigation; using Microsoft.Extensions.Logging; +using Microsoft.OpenApi.Any; using Microsoft.OpenApi.Models; namespace Elastic.ApiExplorer; @@ -26,6 +27,70 @@ public static LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocu var rootNavigation = new LandingNavigationItem(url); var rootItems = new List(); + + var grouped = openApiDocument.Paths + .Select(p => + { + var op = p.Value.Operations.First(); + var extensions = op.Value.Extensions; + var ns = (extensions?.TryGetValue("x-namespace", out var n) ?? false) && n is OpenApiAny anyNs + ? anyNs.Node.GetValue() + : null; + var api = (extensions?.TryGetValue("x-api-name", out var a) ?? false) && a is OpenApiAny anyApi + ? anyApi.Node.GetValue() + : null; + var tag = op.Value.Tags?.FirstOrDefault()?.Reference.Id; + if (tag is not null) + { + } + var classification = openApiDocument.Info.Description == "Elasticsearch Request & Response Specification" ? ClassifyElasticsearchTag(tag ?? "global") : string.Empty; + + return new + { + Classification = classification, + Namespace = ns, + Api = api, + Tag = tag, + Path = p + }; + }) + .GroupBy(g => g.Classification) + .ToArray(); + + var aggregatedPaths = new Dictionary>>>(); + + foreach (var group in grouped) + { + var cl = group.Key; + if (!aggregatedPaths.ContainsKey(cl)) + aggregatedPaths[cl] = []; + + foreach (var tagGroup in group.GroupBy(g => g.Tag)) + { + var tag = tagGroup.Key ?? "global"; + if (!aggregatedPaths[cl].ContainsKey(tag)) + aggregatedPaths[cl][tag] = []; + + foreach (var endpoint in tagGroup) + { + var api = endpoint.Namespace is null ? endpoint.Api ?? "global" : $"{endpoint.Namespace}.{endpoint.Api}"; + if (!aggregatedPaths[cl][tag].ContainsKey(api)) + aggregatedPaths[cl][tag][api] = []; + + var apiEndpoint = new ApiEndpoint(endpoint.Path.Key, endpoint.Path.Value); + aggregatedPaths[cl][tag][api].Add(apiEndpoint); + } + } + } + + foreach (var group in aggregatedPaths) + { + + + } + + + // default routine foreach (var path in openApiDocument.Paths) { var endpointUrl = $"{url}/{path.Key.Trim('/').Replace('/', '-').Replace("{", "").Replace("}", "")}"; @@ -96,6 +161,70 @@ IFileInfo OutputFile(INavigationItem currentNavigation) return fileInfo; } } -} - + private static string ClassifyElasticsearchTag(string tag) + { +#pragma warning disable IDE0066 + switch (tag) +#pragma warning restore IDE0066 + { + case "sql": + case "eql": + case "esql": + case "search": + case "document": + return "common"; + + case "autoscaling": + case "ccr": + case "indices": + case "data stream": + case "ilm": + case "slm": + case "cluster": + case "rollup": + case "searchable_snapshots": + case "shutdown": + case "snapshot": + case "script": + case "search_application": + case "connector": + return "management"; + + case "cat": + case "license": + case "info": + case "tasks": + case "xpack": + case "health_report": + case "features": + case "migration": + case "watcher": + return "info"; + + + case "ml trained model": + case "ml anomaly": + case "ml data frame": + case "ml": + case "inference": + case "text_structure": + case "query_rules": + case "analytics": + case "graph": + return "ai/ml"; + + case "ingest": + case "enrich": + case "transform": + case "fleet": + case "logstash": + case "synonyms": + return "ingest"; + + case "security": + return "security"; + } + return "unknown"; + } +} diff --git a/src/Elastic.ApiExplorer/OpenApiReader.cs b/src/Elastic.ApiExplorer/OpenApiReader.cs index 88482c389..64f749a10 100644 --- a/src/Elastic.ApiExplorer/OpenApiReader.cs +++ b/src/Elastic.ApiExplorer/OpenApiReader.cs @@ -23,4 +23,5 @@ public static class OpenApiReader var openApiDocument = await OpenApiDocument.LoadAsync(fs, settings: settings); return openApiDocument.Document; } + } diff --git a/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs b/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs index 3e632c165..dd9579c8a 100644 --- a/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs +++ b/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs @@ -6,6 +6,7 @@ using Elastic.Documentation.Configuration; using Elastic.Documentation.Diagnostics; using FluentAssertions; +using Microsoft.Extensions.Logging.Abstractions; namespace Elastic.ApiExplorer.Tests; @@ -25,4 +26,19 @@ public async Task Reads() x.Should().NotBeNull(); x.BaseUri.Should().NotBeNull(); } + + [Fact] + public async Task Navigation() + { + var collector = new DiagnosticsCollector([]); + var context = new BuildContext(collector, new FileSystem()); + var generator = new OpenApiGenerator(context, NullLoggerFactory.Instance); + context.Configuration.OpenApiSpecification.Should().NotBeNull(); + + var openApiDocument = await OpenApiReader.Create(context.Configuration.OpenApiSpecification); + openApiDocument.Should().NotBeNull(); + var navigation = OpenApiGenerator.CreateNavigation(openApiDocument); + + navigation.Should().NotBeNull(); + } } From 239017cac1f269904a7edd59d1a3a42374aee13f Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Mon, 16 Jun 2025 11:08:52 +0200 Subject: [PATCH 02/12] stage --- .../Endpoints/ApiEndpoint.cs | 2 +- .../Landing/LandingNavigationItem.cs | 4 +- src/Elastic.ApiExplorer/OpenApiGenerator.cs | 114 ++++++++++++------ 3 files changed, 80 insertions(+), 40 deletions(-) diff --git a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs index 2c72f93d4..1971e6d99 100644 --- a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs +++ b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs @@ -40,7 +40,7 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, public class EndpointNavigationItem : INodeNavigationItem { - public EndpointNavigationItem(int depth, string url, ApiEndpoint apiEndpoint, LandingNavigationItem parent, LandingNavigationItem root) + public EndpointNavigationItem(int depth, string url, ApiEndpoint apiEndpoint, ApiGroupingNavigationItem parent, LandingNavigationItem root) { Parent = parent; Depth = depth; diff --git a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs index f472b58eb..350b5533c 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs @@ -27,7 +27,7 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, } } -public class LandingNavigationItem : INodeNavigationItem +public class LandingNavigationItem : INodeNavigationItem { public INodeNavigationItem NavigationRoot { get; } public string Id { get; } @@ -35,7 +35,7 @@ public class LandingNavigationItem : INodeNavigationItem? Parent { get; set; } public int NavigationIndex { get; set; } - public IReadOnlyCollection NavigationItems { get; set; } = []; + public IReadOnlyCollection NavigationItems { get; set; } = []; public string Url { get; } public bool Hidden => false; diff --git a/src/Elastic.ApiExplorer/OpenApiGenerator.cs b/src/Elastic.ApiExplorer/OpenApiGenerator.cs index 13c07bd9e..40c35c263 100644 --- a/src/Elastic.ApiExplorer/OpenApiGenerator.cs +++ b/src/Elastic.ApiExplorer/OpenApiGenerator.cs @@ -12,9 +12,44 @@ using Microsoft.Extensions.Logging; using Microsoft.OpenApi.Any; using Microsoft.OpenApi.Models; +using Microsoft.OpenApi.Models.Interfaces; namespace Elastic.ApiExplorer; +public class ApiGroupingNavigationItem : INodeNavigationItem +{ + public ApiGroupingNavigationItem(int depth, INodeNavigationItem parentGroup, LandingNavigationItem rootNavigation) + { + Parent = parentGroup; + Depth = depth; + NavigationRoot = rootNavigation; + Id = NavigationRoot.Id; + + Index = apiEndpoint; + //TODO + NavigationTitle = apiEndpoint.OpenApiPath.Summary; + } + + public string Id { get; } + public int Depth { get; } + public ApiEndpoint Index { get; } + public string Url => NavigationItems.First().Url; + public string NavigationTitle { get; } + public bool Hidden => false; + + public IReadOnlyCollection NavigationItems { get; set; } = []; + + public INodeNavigationItem NavigationRoot { get; } + + public INodeNavigationItem? Parent { get; set; } + + public int NavigationIndex { get; set; } +} + +public record ApiClassification(string Name, string Description, ApiTag[] Tags); +public record ApiTag(string Name, string Description); +public record ApiEndpoint(string Route, IOpenApiPathItem OpenApiPath); + public class OpenApiGenerator(BuildContext context, ILoggerFactory logger) { private readonly ILogger _logger = logger.CreateLogger(); @@ -25,8 +60,6 @@ public static LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocu { var url = "/api"; var rootNavigation = new LandingNavigationItem(url); - var rootItems = new List(); - var grouped = openApiDocument.Paths .Select(p => @@ -57,59 +90,66 @@ public static LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocu .GroupBy(g => g.Classification) .ToArray(); - var aggregatedPaths = new Dictionary>>>(); + var classifications = new List(); + foreach (var group in grouped) + { + var tags = new List(); + foreach (var tagGroup in group.GroupBy(g => g.Tag)) + { + var tag = new ApiTag(tagGroup.Key ?? "global", ""); + tags.Add(tag); + } + + var classification = new ApiClassification(group.Key, "", tags.ToArray()); + classifications.Add(classification); + } + + var rootItems = new List(); foreach (var group in grouped) { var cl = group.Key; - if (!aggregatedPaths.ContainsKey(cl)) - aggregatedPaths[cl] = []; + var categoryItem = new ApiGroupingNavigationItem(1, rootNavigation, rootNavigation); + var tagItems = new List(); foreach (var tagGroup in group.GroupBy(g => g.Tag)) { var tag = tagGroup.Key ?? "global"; - if (!aggregatedPaths[cl].ContainsKey(tag)) - aggregatedPaths[cl][tag] = []; + var tagNavigationItem = new ApiGroupingNavigationItem(1, categoryItem, rootNavigation); + + var endpointItems = new List(); foreach (var endpoint in tagGroup) { var api = endpoint.Namespace is null ? endpoint.Api ?? "global" : $"{endpoint.Namespace}.{endpoint.Api}"; - if (!aggregatedPaths[cl][tag].ContainsKey(api)) - aggregatedPaths[cl][tag][api] = []; + + var path = endpoint.Path; + var endpointUrl = $"{url}/{path.Key.Trim('/').Replace('/', '-').Replace("{", "").Replace("}", "")}"; var apiEndpoint = new ApiEndpoint(endpoint.Path.Key, endpoint.Path.Value); - aggregatedPaths[cl][tag][api].Add(apiEndpoint); + var operationItems = new List(); + var endpointNavigationItem = new EndpointNavigationItem(1, endpointUrl, apiEndpoint, tagNavigationItem, rootNavigation); + if (endpoint.Path.Value.Operations.Count > 1) + { + foreach (var operation in endpoint.Path.Value.Operations) + { + var operationUrl = $"{endpointUrl}/{operation.Key.ToString().ToLowerInvariant()}"; + var apiOperation = new ApiOperation(operation.Key, operation.Value); + var navigation = new OperationNavigationItem(2, operationUrl, apiOperation, endpointNavigationItem, rootNavigation); + operationItems.Add(navigation); + } + endpointNavigationItem.NavigationItems = operationItems; + } + endpointItems.Add(endpointNavigationItem); } + tagNavigationItem.NavigationItems = endpointItems; + tagItems.Add(tagNavigationItem); } + categoryItem.NavigationItems = tagItems; + rootItems.Add(categoryItem); } - - foreach (var group in aggregatedPaths) - { - - - } - - - // default routine - foreach (var path in openApiDocument.Paths) - { - var endpointUrl = $"{url}/{path.Key.Trim('/').Replace('/', '-').Replace("{", "").Replace("}", "")}"; - var apiEndpoint = new ApiEndpoint(path.Key, path.Value); - var endpointNavigationItem = new EndpointNavigationItem(1, endpointUrl, apiEndpoint, rootNavigation, rootNavigation); - var endpointNavigationItems = new List(); - foreach (var operation in path.Value.Operations) - { - var operationUrl = $"{endpointUrl}/{operation.Key.ToString().ToLowerInvariant()}"; - var apiOperation = new ApiOperation(operation.Key, operation.Value); - var navigation = new OperationNavigationItem(2, operationUrl, apiOperation, endpointNavigationItem, rootNavigation); - endpointNavigationItems.Add(navigation); - } - - endpointNavigationItem.NavigationItems = endpointNavigationItems; - rootItems.Add(endpointNavigationItem); - } - rootNavigation.NavigationItems = rootItems; + return rootNavigation; } From 7b5c86d89a13591950fc2f356ad3f1036d067424 Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Tue, 17 Jun 2025 14:05:12 +0200 Subject: [PATCH 03/12] Allow for dynamic grouping over classification > tag > endpoint > operation, each collapsing if there is only one child --- docs/_docset.yml | 5 +- .../Endpoints/ApiEndpoint.cs | 31 --- .../Landing/LandingNavigationItem.cs | 127 ++++++++++++- .../Landing/LandingView.cshtml | 2 +- src/Elastic.ApiExplorer/OpenApiGenerator.cs | 178 ++++++++++-------- .../Operations/OperationNavigationItem.cs | 30 --- .../Navigation/_TocTreeNav.cshtml | 2 +- 7 files changed, 226 insertions(+), 149 deletions(-) diff --git a/docs/_docset.yml b/docs/_docset.yml index 5ead4f70a..1d102f175 100644 --- a/docs/_docset.yml +++ b/docs/_docset.yml @@ -17,8 +17,9 @@ subs: features: primary-nav: false -api: kibana-openapi.json - +#api: kibana-openapi.json +api: elasticsearch-openapi.json + toc: - file: index.md - hidden: 404.md diff --git a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs index 1971e6d99..03d8ea129 100644 --- a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs +++ b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs @@ -37,34 +37,3 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, await slice.RenderAsync(stream, cancellationToken: ctx); } } - -public class EndpointNavigationItem : INodeNavigationItem -{ - public EndpointNavigationItem(int depth, string url, ApiEndpoint apiEndpoint, ApiGroupingNavigationItem parent, LandingNavigationItem root) - { - Parent = parent; - Depth = depth; - NavigationRoot = root; - Id = NavigationRoot.Id; - - Index = apiEndpoint; - Url = url; - //TODO - NavigationTitle = apiEndpoint.OpenApiPath.Summary; - } - - public string Id { get; } - public int Depth { get; } - public ApiEndpoint Index { get; } - public string Url { get; } - public string NavigationTitle { get; } - public bool Hidden => false; - - public IReadOnlyCollection NavigationItems { get; set; } = []; - - public INodeNavigationItem NavigationRoot { get; } - - public INodeNavigationItem? Parent { get; set; } - - public int NavigationIndex { get; set; } -} diff --git a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs index 350b5533c..adb9009ea 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs @@ -3,14 +3,14 @@ // See the LICENSE file in the project root for more information using System.IO.Abstractions; -using Elastic.ApiExplorer.Endpoints; +using Elastic.ApiExplorer.Operations; using Elastic.Documentation.Extensions; using Elastic.Documentation.Site.Navigation; using RazorSlices; namespace Elastic.ApiExplorer.Landing; -public class ApiLanding : INavigationModel, IPageRenderer +public class ApiLanding : IApiGroupingModel, IPageRenderer { public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, Cancel ctx = default) { @@ -27,22 +27,21 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, } } -public class LandingNavigationItem : INodeNavigationItem +public class LandingNavigationItem : IApiGroupingNavigationItem { public INodeNavigationItem NavigationRoot { get; } public string Id { get; } public int Depth { get; } public ApiLanding Index { get; } + public IReadOnlyCollection NavigationItems { get; set; } = []; public INodeNavigationItem? Parent { get; set; } public int NavigationIndex { get; set; } - public IReadOnlyCollection NavigationItems { get; set; } = []; public string Url { get; } public bool Hidden => false; //TODO public string NavigationTitle { get; } = "API Documentation"; - public LandingNavigationItem(string url) { Depth = 0; @@ -55,3 +54,121 @@ public LandingNavigationItem(string url) Index = landing; } } + +public interface IApiGroupingNavigationItem : INodeNavigationItem + where TGroupingModel : IApiGroupingModel + where TNavigationItem : INavigationItem; + +public abstract class ApiGroupingNavigationItem( + TGroupingModel groupingModel, + LandingNavigationItem rootNavigation, + INodeNavigationItem parent) + : IApiGroupingNavigationItem + where TGroupingModel : IApiGroupingModel + where TNavigationItem : INavigationItem +{ + /// + public string Url => NavigationItems.First().Url; + + /// + public abstract string NavigationTitle { get; } + + /// + public INodeNavigationItem NavigationRoot { get; } = rootNavigation; + + /// + public INodeNavigationItem? Parent { get; set; } = parent; + + /// + public bool Hidden => false; + /// + public int NavigationIndex { get; set; } + + /// + public int Depth => 0; + + /// + public abstract string Id { get; } + /// + public TGroupingModel Index { get; } = groupingModel; + + /// + public IReadOnlyCollection NavigationItems { get; set; } = []; +} + +public class ClassificationNavigationItem(ApiClassification classification, LandingNavigationItem rootNavigation, LandingNavigationItem parent) + : ApiGroupingNavigationItem(classification, rootNavigation, parent) +{ + /// + public override string NavigationTitle { get; } = classification.Name; + + /// + public override string Id { get; } = ShortId.Create(classification.Name); +} + +public class TagNavigationItem(ApiTag tag, LandingNavigationItem rootNavigation, INodeNavigationItem parent) + : ApiGroupingNavigationItem(tag, rootNavigation, parent) +{ + /// + public override string NavigationTitle { get; } = tag.Name; + + /// + public override string Id { get; } = ShortId.Create(tag.Name); +} + +public interface IEndpointOrOperationNavigationItem : INavigationItem; + +public class EndpointNavigationItem(ApiEndpoint endpoint, LandingNavigationItem rootNavigation, INodeNavigationItem parent) + : IApiGroupingNavigationItem, IEndpointOrOperationNavigationItem +{ + /// + public string Url => "TODO ENDPOINT URL"; + + /// + public string NavigationTitle { get; } = endpoint.Route; + + /// + public INodeNavigationItem NavigationRoot { get; } = rootNavigation; + + /// + public INodeNavigationItem? Parent { get; set; } = parent; + + /// + public bool Hidden => false; + + /// + public int NavigationIndex { get; set; } + + /// + public int Depth => 0; + + /// + public string Id { get; } = ShortId.Create(endpoint.Route); + + /// + public ApiEndpoint Index { get; } = endpoint; + + /// + public IReadOnlyCollection NavigationItems { get; set; } = []; +} +public class OperationNavigationItem( + ApiOperation apiOperation, + LandingNavigationItem root, + IApiGroupingNavigationItem parent) + : ILeafNavigationItem, IEndpointOrOperationNavigationItem +{ + public INodeNavigationItem NavigationRoot { get; } = root; + //TODO enum to string + public string Id { get; } = ShortId.Create(apiOperation.Operation.OperationId ?? apiOperation.OperationType.ToString()); + public int Depth { get; } = 1; + public ApiOperation Model { get; } = apiOperation; + public string Url { get; } = "TODO OPERATION URL"; + public bool Hidden => false; + + public string NavigationTitle { get; } = $"{apiOperation.OperationType.ToString().ToLowerInvariant()} {apiOperation.Operation.OperationId}"; + + public INodeNavigationItem? Parent { get; set; } = parent; + + public int NavigationIndex { get; set; } + +} diff --git a/src/Elastic.ApiExplorer/Landing/LandingView.cshtml b/src/Elastic.ApiExplorer/Landing/LandingView.cshtml index ccfd2d7f2..a740fc116 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingView.cshtml +++ b/src/Elastic.ApiExplorer/Landing/LandingView.cshtml @@ -23,5 +23,5 @@

@Model.ApiInfo.Title

@Model.ApiInfo.Description

-

License: @Model.ApiInfo.License.Identifier

+

License: @Model.ApiInfo.License?.Identifier

diff --git a/src/Elastic.ApiExplorer/OpenApiGenerator.cs b/src/Elastic.ApiExplorer/OpenApiGenerator.cs index 40c35c263..f1d8b2a86 100644 --- a/src/Elastic.ApiExplorer/OpenApiGenerator.cs +++ b/src/Elastic.ApiExplorer/OpenApiGenerator.cs @@ -3,7 +3,6 @@ // See the LICENSE file in the project root for more information using System.IO.Abstractions; -using Elastic.ApiExplorer.Endpoints; using Elastic.ApiExplorer.Landing; using Elastic.ApiExplorer.Operations; using Elastic.Documentation.Configuration; @@ -16,39 +15,15 @@ namespace Elastic.ApiExplorer; -public class ApiGroupingNavigationItem : INodeNavigationItem -{ - public ApiGroupingNavigationItem(int depth, INodeNavigationItem parentGroup, LandingNavigationItem rootNavigation) - { - Parent = parentGroup; - Depth = depth; - NavigationRoot = rootNavigation; - Id = NavigationRoot.Id; - - Index = apiEndpoint; - //TODO - NavigationTitle = apiEndpoint.OpenApiPath.Summary; - } +public interface IApiModel : INavigationModel; - public string Id { get; } - public int Depth { get; } - public ApiEndpoint Index { get; } - public string Url => NavigationItems.First().Url; - public string NavigationTitle { get; } - public bool Hidden => false; +public interface IApiGroupingModel : IApiModel; - public IReadOnlyCollection NavigationItems { get; set; } = []; +public record ApiClassification(string Name, string Description, IReadOnlyCollection Tags) : IApiGroupingModel; - public INodeNavigationItem NavigationRoot { get; } - - public INodeNavigationItem? Parent { get; set; } - - public int NavigationIndex { get; set; } -} +public record ApiTag(string Name, string Description, IReadOnlyCollection Endpoints) : IApiGroupingModel; -public record ApiClassification(string Name, string Description, ApiTag[] Tags); -public record ApiTag(string Name, string Description); -public record ApiEndpoint(string Route, IOpenApiPathItem OpenApiPath); +public record ApiEndpoint(string Route, IOpenApiPathItem OpenApiPath, List Operations) : IApiGroupingModel; public class OpenApiGenerator(BuildContext context, ILoggerFactory logger) { @@ -76,7 +51,7 @@ public static LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocu if (tag is not null) { } - var classification = openApiDocument.Info.Description == "Elasticsearch Request & Response Specification" ? ClassifyElasticsearchTag(tag ?? "global") : string.Empty; + var classification = openApiDocument.Info.Title == "Elasticsearch Request & Response Specification" ? ClassifyElasticsearchTag(tag ?? "unknown") : "unknown"; return new { @@ -90,67 +65,112 @@ public static LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocu .GroupBy(g => g.Classification) .ToArray(); + // intermediate grouping of models to create the navigation tree + // this is two-phased because we need to know if an endpoint has one or more operations var classifications = new List(); foreach (var group in grouped) { var tags = new List(); foreach (var tagGroup in group.GroupBy(g => g.Tag)) { - var tag = new ApiTag(tagGroup.Key ?? "global", ""); + var endpoints = new List(); + foreach (var endpoint in tagGroup) + { + var api = endpoint.Namespace is null ? endpoint.Api ?? null : $"{endpoint.Namespace}.{endpoint.Api}"; + var operations = new List(); + foreach (var operation in endpoint.Path.Value.Operations) + { + var apiOperation = new ApiOperation(operation.Key, operation.Value); + operations.Add(apiOperation); + } + var apiEndpoint = new ApiEndpoint(endpoint.Path.Key, endpoint.Path.Value, operations); + endpoints.Add(apiEndpoint); + } + var tag = new ApiTag(tagGroup.Key ?? "unknown", "", endpoints); tags.Add(tag); } - - var classification = new ApiClassification(group.Key, "", tags.ToArray()); + var classification = new ApiClassification(group.Key, "", tags); classifications.Add(classification); } - - var rootItems = new List(); - foreach (var group in grouped) + var topLevelNavigationItems = new List>(); + var hasClassifications = classifications.Count > 1; + foreach (var classification in classifications) { - var cl = group.Key; - - var categoryItem = new ApiGroupingNavigationItem(1, rootNavigation, rootNavigation); - var tagItems = new List(); - foreach (var tagGroup in group.GroupBy(g => g.Tag)) + if (hasClassifications) { - var tag = tagGroup.Key ?? "global"; + var classificationNavigationItem = new ClassificationNavigationItem(classification, rootNavigation, rootNavigation); + var tagNavigationItems = new List>(); + + CreateTagNavigationItems(classification, rootNavigation, classificationNavigationItem, tagNavigationItems); + topLevelNavigationItems.Add(classificationNavigationItem); + // if there is only a single tag item will be added directly to the classificationNavigationItem, otherwise they will be added to the tagNavigationItems + if (classificationNavigationItem.NavigationItems.Count == 0) + classificationNavigationItem.NavigationItems = tagNavigationItems; + } + else + CreateTagNavigationItems(classification, rootNavigation, rootNavigation, topLevelNavigationItems); + } + rootNavigation.NavigationItems = topLevelNavigationItems; + return rootNavigation; + } - var tagNavigationItem = new ApiGroupingNavigationItem(1, categoryItem, rootNavigation); + private static void CreateTagNavigationItems(ApiClassification classification, LandingNavigationItem rootNavigation, + IApiGroupingNavigationItem parent, + List> parentNavigationItems + ) + { + var hasTags = classification.Tags.Count > 1; + foreach (var tag in classification.Tags) + { + var endpointNavigationItems = new List(); + if (hasTags) + { + var tagNavigationItem = new TagNavigationItem(tag, rootNavigation, parent); + CreateEndpointNavigationItems(rootNavigation, tag, tagNavigationItem, endpointNavigationItems); + parentNavigationItems.Add(tagNavigationItem); + tagNavigationItem.NavigationItems = endpointNavigationItems; + } + else + { + CreateEndpointNavigationItems(rootNavigation, tag, parent, endpointNavigationItems); + if (parent is ClassificationNavigationItem classificationNavigationItem) + classificationNavigationItem.NavigationItems = endpointNavigationItems; + else if (parent is LandingNavigationItem landingNavigationItem) + landingNavigationItem.NavigationItems = endpointNavigationItems; + } + } + } - var endpointItems = new List(); - foreach (var endpoint in tagGroup) + private static void CreateEndpointNavigationItems( + LandingNavigationItem rootNavigation, + ApiTag tag, + IApiGroupingNavigationItem parentNavigationItem, + List endpointNavigationItems + ) + { + foreach (var endpoint in tag.Endpoints) + { + if (endpoint.Operations.Count > 1) + { + var endpointNavigationItem = new EndpointNavigationItem(endpoint, rootNavigation, parentNavigationItem); + var operationNavigationItems = new List(); + foreach (var operation in endpoint.Operations) { - var api = endpoint.Namespace is null ? endpoint.Api ?? "global" : $"{endpoint.Namespace}.{endpoint.Api}"; - - var path = endpoint.Path; - var endpointUrl = $"{url}/{path.Key.Trim('/').Replace('/', '-').Replace("{", "").Replace("}", "")}"; - - var apiEndpoint = new ApiEndpoint(endpoint.Path.Key, endpoint.Path.Value); - var operationItems = new List(); - var endpointNavigationItem = new EndpointNavigationItem(1, endpointUrl, apiEndpoint, tagNavigationItem, rootNavigation); - if (endpoint.Path.Value.Operations.Count > 1) - { - foreach (var operation in endpoint.Path.Value.Operations) - { - var operationUrl = $"{endpointUrl}/{operation.Key.ToString().ToLowerInvariant()}"; - var apiOperation = new ApiOperation(operation.Key, operation.Value); - var navigation = new OperationNavigationItem(2, operationUrl, apiOperation, endpointNavigationItem, rootNavigation); - operationItems.Add(navigation); - } - endpointNavigationItem.NavigationItems = operationItems; - } - endpointItems.Add(endpointNavigationItem); + var operationNavigationItem = new OperationNavigationItem(operation, rootNavigation, endpointNavigationItem); + operationNavigationItems.Add(operationNavigationItem); } - tagNavigationItem.NavigationItems = endpointItems; - tagItems.Add(tagNavigationItem); + endpointNavigationItem.NavigationItems = operationNavigationItems; + endpointNavigationItems.Add(endpointNavigationItem); } - categoryItem.NavigationItems = tagItems; - rootItems.Add(categoryItem); - } - rootNavigation.NavigationItems = rootItems; + else + { + var operation = endpoint.Operations.First(); + var operationNavigationItem = new OperationNavigationItem(operation, rootNavigation, parentNavigationItem); + endpointNavigationItems.Add(operationNavigationItem); - return rootNavigation; + } + } } public async Task Generate(Cancel ctx = default) @@ -174,12 +194,12 @@ public async Task Generate(Cancel ctx = default) CurrentNavigation = navigation, }; _ = await Render(navigation.Index, renderContext, ctx); - foreach (var endpoint in navigation.NavigationItems) - { - _ = await Render(endpoint.Index, renderContext, ctx); - foreach (var operation in endpoint.NavigationItems) - _ = await Render(operation.Model, renderContext, ctx); - } + //foreach (var endpoint in navigation.NavigationItems) + //{ + //_ = await Render(endpoint.Index, renderContext, ctx); + //foreach (var operation in endpoint.NavigationItems) + // _ = await Render(operation.Model, renderContext, ctx); + //} } private async Task Render(T page, ApiRenderContext renderContext, Cancel ctx) diff --git a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs index fe021ca1e..ce915ade6 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs @@ -26,33 +26,3 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, await slice.RenderAsync(stream, cancellationToken: ctx); } } - -public class OperationNavigationItem : ILeafNavigationItem -{ - public OperationNavigationItem(int depth, string url, ApiOperation apiOperation, EndpointNavigationItem parent, LandingNavigationItem root) - { - Parent = parent; - Depth = depth; - //Current = group.Current; - NavigationRoot = root; - Id = NavigationRoot.Id; - Model = apiOperation; - Url = url; - //TODO - NavigationTitle = $"{apiOperation.OperationType.ToString().ToLowerInvariant()} {apiOperation.Operation.OperationId}"; - } - - public INodeNavigationItem NavigationRoot { get; } - public string Id { get; } - public int Depth { get; } - public ApiOperation Model { get; } - public string Url { get; } - public bool Hidden => false; - - public string NavigationTitle { get; } - - public INodeNavigationItem? Parent { get; set; } - - public int NavigationIndex { get; set; } - -} diff --git a/src/Elastic.Documentation.Site/Navigation/_TocTreeNav.cshtml b/src/Elastic.Documentation.Site/Navigation/_TocTreeNav.cshtml index e67673c55..18091dd1e 100644 --- a/src/Elastic.Documentation.Site/Navigation/_TocTreeNav.cshtml +++ b/src/Elastic.Documentation.Site/Navigation/_TocTreeNav.cshtml @@ -66,7 +66,7 @@ } } - else if (item is ILeafNavigationItem leaf && Model.SubTree.Url != leaf.Url) + else if (item is ILeafNavigationItem leaf) {
  • Date: Tue, 17 Jun 2025 17:09:24 +0200 Subject: [PATCH 04/12] stage something that works --- docs/_docset.yml | 4 +- .../Endpoints/ApiEndpoint.cs | 3 - .../Landing/LandingNavigationItem.cs | 63 ++++++++++------ src/Elastic.ApiExplorer/OpenApiGenerator.cs | 73 +++++++++++++------ .../Operations/OperationNavigationItem.cs | 2 +- .../Operations/OperationView.cshtml | 4 +- .../Navigation/INavigationHtmlWriter.cs | 2 +- .../Navigation/INavigationItem.cs | 9 ++- .../IsolatedBuildNavigationHtmlWriter.cs | 9 ++- .../Navigation/NavigationViewModel.cs | 5 +- .../Navigation/_TocTree.cshtml | 11 ++- src/Elastic.Markdown/IO/MarkdownFile.cs | 2 +- .../IO/Navigation/DocumentationGroup.cs | 53 ++++++-------- .../Navigation/GlobalNavigationHtmlWriter.cs | 3 +- 14 files changed, 146 insertions(+), 97 deletions(-) diff --git a/docs/_docset.yml b/docs/_docset.yml index 1d102f175..11d9ef496 100644 --- a/docs/_docset.yml +++ b/docs/_docset.yml @@ -17,8 +17,8 @@ subs: features: primary-nav: false -#api: kibana-openapi.json -api: elasticsearch-openapi.json +api: kibana-openapi.json +#api: elasticsearch-openapi.json toc: - file: index.md diff --git a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs index 03d8ea129..3858481f8 100644 --- a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs +++ b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs @@ -3,8 +3,6 @@ // See the LICENSE file in the project root for more information using System.IO.Abstractions; -using Elastic.ApiExplorer.Landing; -using Elastic.ApiExplorer.Operations; using Elastic.Documentation.Site.Navigation; using Microsoft.OpenApi.Models.Interfaces; using RazorSlices; @@ -17,7 +15,6 @@ public ApiEndpoint(string route, IOpenApiPathItem openApiPath) { Route = route; OpenApiPath = openApiPath; - } public string Route { get; } diff --git a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs index adb9009ea..b921e8cf0 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs @@ -10,7 +10,7 @@ namespace Elastic.ApiExplorer.Landing; -public class ApiLanding : IApiGroupingModel, IPageRenderer +public class ApiLanding : IApiGroupingModel { public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, Cancel ctx = default) { @@ -27,9 +27,9 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, } } -public class LandingNavigationItem : IApiGroupingNavigationItem +public class LandingNavigationItem : IApiGroupingNavigationItem, IRootNavigationItem { - public INodeNavigationItem NavigationRoot { get; } + public IRootNavigationItem NavigationRoot { get; } public string Id { get; } public int Depth { get; } public ApiLanding Index { get; } @@ -40,7 +40,7 @@ public class LandingNavigationItem : IApiGroupingNavigationItem
    @{ - var current = Model.TopLevelItems.FirstOrDefault(i => i.Id == Model.Tree.Id); + var currentTopLevelItem = Model.TopLevelItems.FirstOrDefault(i => i.Id == Model.Tree.Id) ?? Model.Tree; } - @if (Model.IsPrimaryNavEnabled && current is { Index: not null }) + @if (Model.IsUsingNavigationDropdown && currentTopLevelItem is { Index: not null }) {
    @@ -12,9 +12,9 @@
    @@ -33,7 +33,6 @@
      @foreach (var item in Model.TopLevelItems) { - if (item.Id == current?.Id) continue;
    • @Model.Title diff --git a/src/Elastic.Markdown/IO/MarkdownFile.cs b/src/Elastic.Markdown/IO/MarkdownFile.cs index fa4b99f29..ec6336a67 100644 --- a/src/Elastic.Markdown/IO/MarkdownFile.cs +++ b/src/Elastic.Markdown/IO/MarkdownFile.cs @@ -63,7 +63,7 @@ DocumentationSet set public IDirectoryInfo ScopeDirectory { get; set; } - public INodeNavigationItem NavigationRoot { get; set; } + public IRootNavigationItem NavigationRoot { get; set; } public Uri NavigationSource { get; set; } diff --git a/src/Elastic.Markdown/IO/Navigation/DocumentationGroup.cs b/src/Elastic.Markdown/IO/Navigation/DocumentationGroup.cs index c5f42fdbc..afbac92bc 100644 --- a/src/Elastic.Markdown/IO/Navigation/DocumentationGroup.cs +++ b/src/Elastic.Markdown/IO/Navigation/DocumentationGroup.cs @@ -16,7 +16,7 @@ namespace Elastic.Markdown.IO.Navigation; public record FileNavigationItem(MarkdownFile Model, DocumentationGroup Group, bool Hidden = false) : ILeafNavigationItem { public INodeNavigationItem? Parent { get; set; } = Group; - public INodeNavigationItem NavigationRoot { get; } = Group.NavigationRoot; + public IRootNavigationItem NavigationRoot { get; } = Group.NavigationRoot; public string Url => Model.Url; public string NavigationTitle => Model.NavigationTitle; public int NavigationIndex { get; set; } @@ -36,24 +36,21 @@ public bool TryGetTableOfContentsTree(Uri source, [NotNullWhen(true)] out TableO NestedTableOfContentsTrees.TryGetValue(source, out tree); } + [DebuggerDisplay("Toc >{Depth} {FolderName} ({NavigationItems.Count} items)")] -public class TableOfContentsTree : DocumentationGroup +public class TableOfContentsTree : DocumentationGroup, IRootNavigationItem { public Uri Source { get; } public TableOfContentsTreeCollector TreeCollector { get; } - public DocumentationSet? DocumentationSet { get; } - - //TODO remove documentation set argument once navigation.yml fully bootstraps. - //See GlobalNavigation.BuildNavigation which has fallback logic that needs to be removed public TableOfContentsTree( Uri source, BuildContext context, NavigationLookups lookups, TableOfContentsTreeCollector treeCollector, ref int fileIndex) - : base(treeCollector, context, lookups, source, ref fileIndex) + : base(".", treeCollector, context, lookups, source, ref fileIndex, 0, null, null) { TreeCollector = treeCollector; NavigationRoot = this; @@ -76,7 +73,7 @@ internal TableOfContentsTree( NavigationLookups lookups, ref int fileIndex, int depth, - DocumentationGroup? toplevelTree, + IRootNavigationItem toplevelTree, DocumentationGroup? parent ) : base(folderName, treeCollector, context, lookups, source, ref fileIndex, depth, toplevelTree, parent) { @@ -86,8 +83,11 @@ internal TableOfContentsTree( TreeCollector.Collect(source, this); } - protected override DocumentationGroup DefaultNavigation => this; + protected override IRootNavigationItem DefaultNavigation => this; + // We rely on IsPrimaryNavEnabled to determine if we should show the dropdown + /// + public bool IsUsingNavigationDropdown => false; } [DebuggerDisplay("Group >{Depth} {FolderName} ({NavigationItems.Count} items)")] @@ -97,7 +97,7 @@ public class DocumentationGroup : INodeNavigationItem NavigationRoot { get; protected init; } + public IRootNavigationItem NavigationRoot { get; protected init; } public Uri NavigationSource { get; set; } @@ -123,20 +123,10 @@ public class DocumentationGroup : INodeNavigationItem this; + private readonly IRootNavigationItem? _root; - protected DocumentationGroup( - TableOfContentsTreeCollector treeCollector, - BuildContext context, - NavigationLookups lookups, - Uri navigationSource, - ref int fileIndex - ) - : this(".", treeCollector, context, lookups, navigationSource, ref fileIndex, depth: 0, toplevelTree: null, parent: null) - { - NavigationSource = navigationSource; - _treeCollector = treeCollector; - } + protected virtual IRootNavigationItem DefaultNavigation => + _root ?? throw new InvalidOperationException("root navigation's model is not of type MarkdownFile"); protected DocumentationGroup(string folderName, TableOfContentsTreeCollector treeCollector, @@ -145,7 +135,7 @@ protected DocumentationGroup(string folderName, Uri navigationSource, ref int fileIndex, int depth, - DocumentationGroup? toplevelTree, + IRootNavigationItem? toplevelTree, DocumentationGroup? parent, MarkdownFile? virtualIndexFile = null ) @@ -158,12 +148,12 @@ protected DocumentationGroup(string folderName, // Virtual calls don't use state, so while ugly not an issue // We'll need to address this more structurally // ReSharper disable VirtualMemberCallInConstructor + _root = toplevelTree; toplevelTree ??= DefaultNavigation; if (parent?.Depth == 0) toplevelTree = DefaultNavigation; // ReSharper enable VirtualMemberCallInConstructor NavigationRoot = toplevelTree; - // ReSharper restore VirtualMemberCallInConstructor Index = ProcessTocItems(context, toplevelTree, lookups, depth, virtualIndexFile, ref fileIndex, out var groups, out var files, out var navigationItems); GroupsInOrder = groups; @@ -175,14 +165,15 @@ protected DocumentationGroup(string folderName, } private MarkdownFile ProcessTocItems(BuildContext context, - DocumentationGroup topLevelGroup, + IRootNavigationItem rootNavigationItem, NavigationLookups lookups, int depth, MarkdownFile? virtualIndexFile, ref int fileIndex, out List groups, out List files, - out List navigationItems) + out List navigationItems + ) { groups = []; navigationItems = []; @@ -225,7 +216,7 @@ void AddToNavigationItems(INavigationItem item, ref int fileIndex) // TODO these have to be refactor to be pure navigational properties md.ScopeDirectory = file.TableOfContentsScope.ScopeDirectory; - md.NavigationRoot = topLevelGroup; + md.NavigationRoot = rootNavigationItem; md.NavigationSource = NavigationSource; foreach (var extension in lookups.EnabledExtensions) @@ -239,7 +230,7 @@ void AddToNavigationItems(INavigationItem item, ref int fileIndex) _treeCollector, context, lookups with { TableOfContents = file.Children, - }, NavigationSource, ref fileIndex, depth + 1, topLevelGroup, this, md); + }, NavigationSource, ref fileIndex, depth + 1, rootNavigationItem, this, md); groups.Add(group); AddToNavigationItems(group, ref fileIndex); indexFile ??= md; @@ -275,7 +266,7 @@ .. documentationFiles var toc = new TableOfContentsTree(tocReference.Source, folder.RelativePath, _treeCollector, context, lookups with { TableOfContents = children - }, ref fileIndex, depth + 1, topLevelGroup, this); + }, ref fileIndex, depth + 1, rootNavigationItem, this); group = toc; AddToNavigationItems(toc, ref fileIndex); @@ -285,7 +276,7 @@ .. documentationFiles group = new DocumentationGroup(folder.RelativePath, _treeCollector, context, lookups with { TableOfContents = children - }, NavigationSource, ref fileIndex, depth + 1, topLevelGroup, this); + }, NavigationSource, ref fileIndex, depth + 1, rootNavigationItem, this); AddToNavigationItems(group, ref fileIndex); } diff --git a/src/tooling/docs-assembler/Navigation/GlobalNavigationHtmlWriter.cs b/src/tooling/docs-assembler/Navigation/GlobalNavigationHtmlWriter.cs index 2963a3309..1825a726c 100644 --- a/src/tooling/docs-assembler/Navigation/GlobalNavigationHtmlWriter.cs +++ b/src/tooling/docs-assembler/Navigation/GlobalNavigationHtmlWriter.cs @@ -44,7 +44,7 @@ private bool TryGetNavigationRoot( return true; } - public async Task RenderNavigation(INodeNavigationItem currentRootNavigation, Uri navigationSource, Cancel ctx = default) + public async Task RenderNavigation(IRootNavigationItem currentRootNavigation, Uri navigationSource, Cancel ctx = default) { if (Phantoms.Contains(navigationSource)) return string.Empty; @@ -82,6 +82,7 @@ private NavigationViewModel CreateNavigationModel(DocumentationGroup group) TitleUrl = group.Index.Url, Tree = group, IsPrimaryNavEnabled = true, + IsUsingNavigationDropdown = true, IsGlobalAssemblyBuild = true, TopLevelItems = topLevelItems }; From 21264668340c9a14d6450d3b549462b93c335283 Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Tue, 17 Jun 2025 22:24:07 +0200 Subject: [PATCH 05/12] better grouping --- docs/_docset.yml | 4 +- .../Landing/LandingNavigationItem.cs | 38 +------- src/Elastic.ApiExplorer/OpenApiGenerator.cs | 95 ++++++++++++++----- .../Operations/OperationNavigationItem.cs | 38 +++++++- .../Operations/OperationView.cshtml | 4 + .../Navigation/_TocTreeNav.cshtml | 40 ++++---- 6 files changed, 139 insertions(+), 80 deletions(-) diff --git a/docs/_docset.yml b/docs/_docset.yml index 11d9ef496..1d102f175 100644 --- a/docs/_docset.yml +++ b/docs/_docset.yml @@ -17,8 +17,8 @@ subs: features: primary-nav: false -api: kibana-openapi.json -#api: elasticsearch-openapi.json +#api: kibana-openapi.json +api: elasticsearch-openapi.json toc: - file: index.md diff --git a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs index b921e8cf0..6f5a494e8 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs @@ -131,7 +131,7 @@ public class EndpointNavigationItem(ApiEndpoint endpoint, IRootNavigationItem NavigationItems.First().Url; /// - public string NavigationTitle { get; } = endpoint.Route; + public string NavigationTitle { get; } = endpoint.Operations.First().ApiName; /// public IRootNavigationItem NavigationRoot { get; } = rootNavigation; @@ -149,7 +149,7 @@ public class EndpointNavigationItem(ApiEndpoint endpoint, IRootNavigationItem 0; /// - public string Id { get; } = ShortId.Create(endpoint.Route); + public string Id { get; } = ShortId.Create(endpoint.Operations.First().ApiName + endpoint.Operations.First().Route); /// public ApiEndpoint Index { get; } = endpoint; @@ -157,37 +157,3 @@ public class EndpointNavigationItem(ApiEndpoint endpoint, IRootNavigationItem public IReadOnlyCollection NavigationItems { get; set; } = []; } -public class OperationNavigationItem : ILeafNavigationItem, IEndpointOrOperationNavigationItem -{ -#pragma warning disable IDE0290 - public OperationNavigationItem( -#pragma warning restore IDE0290 - ApiOperation apiOperation, - IRootNavigationItem root, - IApiGroupingNavigationItem parent - ) - { - NavigationRoot = root; - Id = ShortId.Create(apiOperation.Operation.OperationId ?? apiOperation.OperationType.ToString()); - Model = apiOperation; - NavigationTitle = apiOperation.Operation.Summary ?? $"{apiOperation.OperationType.ToString().ToLowerInvariant()} {apiOperation.Operation.OperationId}"; - Parent = parent; - var moniker = apiOperation.Operation.OperationId ?? apiOperation.Route.Replace("}", "").Replace("{", "").Replace('/', '-'); - Url = $"/api/endpoints/{moniker}"; - } - - public IRootNavigationItem NavigationRoot { get; } - //TODO enum to string - public string Id { get; } - public int Depth { get; } = 1; - public ApiOperation Model { get; } - public string Url { get; } - public bool Hidden => false; - - public string NavigationTitle { get; } - - public INodeNavigationItem? Parent { get; set; } - - public int NavigationIndex { get; set; } - -} diff --git a/src/Elastic.ApiExplorer/OpenApiGenerator.cs b/src/Elastic.ApiExplorer/OpenApiGenerator.cs index ccd8f82be..c6a834296 100644 --- a/src/Elastic.ApiExplorer/OpenApiGenerator.cs +++ b/src/Elastic.ApiExplorer/OpenApiGenerator.cs @@ -31,7 +31,7 @@ public record ApiTag(string Name, string Description, IReadOnlyCollection Task.CompletedTask; } -public record ApiEndpoint(string Route, IOpenApiPathItem OpenApiPath, List Operations, string? Name) : IApiGroupingModel +public record ApiEndpoint(List Operations, string? Name) : IApiGroupingModel { /// public Task RenderAsync(FileSystemStream stream, ApiRenderContext context, CancellationToken ctx = default) => Task.CompletedTask; @@ -48,6 +48,54 @@ public static LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocu var url = "/api"; var rootNavigation = new LandingNavigationItem(url); + var ops = openApiDocument.Paths + .SelectMany(p => p.Value.Operations.Select(op => (Path: p, Operation: op))) + .Select(pair => + { + var op = pair.Operation; + var extensions = op.Value.Extensions; + var ns = (extensions?.TryGetValue("x-namespace", out var n) ?? false) && n is OpenApiAny anyNs + ? anyNs.Node.GetValue() + : null; + var api = (extensions?.TryGetValue("x-api-name", out var a) ?? false) && a is OpenApiAny anyApi + ? anyApi.Node.GetValue() + : null; + var tag = op.Value.Tags?.FirstOrDefault()?.Reference.Id; + var classification = openApiDocument.Info.Title == "Elasticsearch Request & Response Specification" + ? ClassifyElasticsearchTag(tag ?? "unknown") + : "unknown"; + + var apiString = ns is null + ? api ?? op.Value.Summary ?? Guid.NewGuid().ToString("N") : $"{ns}.{api}"; + return new + { + Classification = classification, + Api = apiString, + Tag = tag, + pair.Path, + pair.Operation + }; + }) + .ToArray(); + + var nestedGrouping = + ( + from op in ops + group op by op.Classification + into classificationGroup + from tagGroup in + from op in classificationGroup + group op by op.Tag + into apiGroups + from apiGroup in + from op in apiGroups + group op by op.Api + group apiGroup by apiGroups.Key + group tagGroup by classificationGroup.Key + ).ToArray(); + + + /* var grouped = openApiDocument.Paths .Select(p => { @@ -60,48 +108,48 @@ public static LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocu ? anyApi.Node.GetValue() : null; var tag = op.Value.Tags?.FirstOrDefault()?.Reference.Id; - if (tag is not null) - { - } - var classification = openApiDocument.Info.Title == "Elasticsearch Request & Response Specification" ? ClassifyElasticsearchTag(tag ?? "unknown") : "unknown"; + var classification = openApiDocument.Info.Title == "Elasticsearch Request & Response Specification" + ? ClassifyElasticsearchTag(tag ?? "unknown") + : "unknown"; + var apiString = ns is null ? api ?? Guid.NewGuid().ToString("N") : $"{ns}.{api}"; return new { Classification = classification, - Namespace = ns, - Api = api, + Api = apiString, Tag = tag, Path = p }; }) .GroupBy(g => g.Classification) .ToArray(); + */ // intermediate grouping of models to create the navigation tree // this is two-phased because we need to know if an endpoint has one or more operations var classifications = new List(); - foreach (var group in grouped) + foreach (var classificationGroup in nestedGrouping) { var tags = new List(); - foreach (var tagGroup in group.GroupBy(g => g.Tag)) + foreach (var tagGroup in classificationGroup) { - var endpoints = new List(); - foreach (var endpoint in tagGroup) + var apis = new List(); + foreach (var apiGroup in tagGroup) { - var api = endpoint.Namespace is null ? endpoint.Api ?? null : $"{endpoint.Namespace}.{endpoint.Api}"; var operations = new List(); - foreach (var operation in endpoint.Path.Value.Operations) + foreach (var api in apiGroup) { - var apiOperation = new ApiOperation(operation.Key, operation.Value, endpoint.Path.Key, api); + var operation = api.Operation; + var apiOperation = new ApiOperation(operation.Key, operation.Value, api.Path.Key, api.Path.Value, apiGroup.Key); operations.Add(apiOperation); } - var apiEndpoint = new ApiEndpoint(endpoint.Path.Key, endpoint.Path.Value, operations, api); - endpoints.Add(apiEndpoint); + var apiEndpoint = new ApiEndpoint(operations, apiGroup.Key); + apis.Add(apiEndpoint); } - var tag = new ApiTag(tagGroup.Key ?? "unknown", "", endpoints); + var tag = new ApiTag(tagGroup.Key ?? "unknown", "", apis); tags.Add(tag); } - var classification = new ApiClassification(group.Key, "", tags); + var classification = new ApiClassification(classificationGroup.Key, "", tags); classifications.Add(classification); } @@ -171,7 +219,10 @@ List endpointNavigationItems var operationNavigationItems = new List(); foreach (var operation in endpoint.Operations) { - var operationNavigationItem = new OperationNavigationItem(operation, rootNavigation, endpointNavigationItem); + var operationNavigationItem = new OperationNavigationItem(operation, rootNavigation, endpointNavigationItem) + { + Hidden = true + }; operationNavigationItems.Add(operationNavigationItem); } endpointNavigationItem.NavigationItems = operationNavigationItems; @@ -219,12 +270,12 @@ async Task RenderNavigationItems(INavigationItem currentNavigation) await RenderNavigationItems(child); } +#pragma warning disable IDE0045 else if (currentNavigation is ILeafNavigationItem leaf) +#pragma warning restore IDE0045 _ = await Render(leaf, leaf.Model, renderContext, navigationRenderer, ctx); else - { - - } + throw new Exception($"Unknown navigation item type {currentNavigation.GetType()}"); } } diff --git a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs index 9b13967e9..621453388 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs @@ -3,15 +3,16 @@ // See the LICENSE file in the project root for more information using System.IO.Abstractions; -using Elastic.ApiExplorer.Endpoints; using Elastic.ApiExplorer.Landing; +using Elastic.Documentation.Extensions; using Elastic.Documentation.Site.Navigation; using Microsoft.OpenApi.Models; +using Microsoft.OpenApi.Models.Interfaces; using RazorSlices; namespace Elastic.ApiExplorer.Operations; -public record ApiOperation(OperationType OperationType, OpenApiOperation Operation, string Route, string? ApiName) : IApiModel +public record ApiOperation(OperationType OperationType, OpenApiOperation Operation, string Route, IOpenApiPathItem Path, string ApiName) : IApiModel { public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, Cancel ctx = default) { @@ -26,3 +27,36 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, await slice.RenderAsync(stream, cancellationToken: ctx); } } + +public class OperationNavigationItem : ILeafNavigationItem, IEndpointOrOperationNavigationItem +{ + public OperationNavigationItem( + ApiOperation apiOperation, + IRootNavigationItem root, + IApiGroupingNavigationItem parent + ) + { + NavigationRoot = root; + Model = apiOperation; + NavigationTitle = apiOperation.ApiName; + Parent = parent; + var moniker = apiOperation.Operation.OperationId ?? apiOperation.Route.Replace("}", "").Replace("{", "").Replace('/', '-'); + Url = $"/api/endpoints/{moniker}"; + Id = ShortId.Create(Url); + } + + public IRootNavigationItem NavigationRoot { get; } + //TODO enum to string + public string Id { get; } + public int Depth { get; } = 1; + public ApiOperation Model { get; } + public string Url { get; } + public bool Hidden { get; set; } + + public string NavigationTitle { get; } + + public INodeNavigationItem? Parent { get; set; } + + public int NavigationIndex { get; set; } + +} diff --git a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml index da16898c9..e4af50bc8 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml +++ b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml @@ -20,6 +20,10 @@ StaticFileContentHashProvider = Model.StaticFileContentHashProvider }; } + +@if (Model.CurrentNavigationItem.) + +

      Id: @Model.Operation.Operation.OperationId

      Name: @Model.Operation.ApiName

      diff --git a/src/Elastic.Documentation.Site/Navigation/_TocTreeNav.cshtml b/src/Elastic.Documentation.Site/Navigation/_TocTreeNav.cshtml index 18091dd1e..4c72a92d9 100644 --- a/src/Elastic.Documentation.Site/Navigation/_TocTreeNav.cshtml +++ b/src/Elastic.Documentation.Site/Navigation/_TocTreeNav.cshtml @@ -24,6 +24,7 @@ else if (item is INodeNavigationItem folder) { var g = folder; + var allHidden = folder.NavigationItems.All(n => n.Hidden);
    • @(g.NavigationTitle) - + @if (!allHidden) + { + + }
      @if (g.NavigationItems.Count > 0) { From 2d906f542bd0adf74f5994e6d93c9ffc9e04e353 Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Tue, 17 Jun 2025 22:54:36 +0200 Subject: [PATCH 06/12] list overloads on operationview --- .../Endpoints/IndexViewModel.cs | 2 ++ src/Elastic.ApiExplorer/OpenApiGenerator.cs | 1 + .../Operations/OperationView.cshtml | 18 +++++++++++++++--- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs b/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs index d640003f6..6d7ed0f87 100644 --- a/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs +++ b/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs @@ -2,6 +2,8 @@ // Elasticsearch B.V licenses this file to you under the Apache 2.0 License. // See the LICENSE file in the project root for more information +using Elastic.ApiExplorer.Landing; + namespace Elastic.ApiExplorer.Endpoints; public class IndexViewModel : ApiViewModel diff --git a/src/Elastic.ApiExplorer/OpenApiGenerator.cs b/src/Elastic.ApiExplorer/OpenApiGenerator.cs index c6a834296..e14aa4824 100644 --- a/src/Elastic.ApiExplorer/OpenApiGenerator.cs +++ b/src/Elastic.ApiExplorer/OpenApiGenerator.cs @@ -289,6 +289,7 @@ private async Task Render(INavigationItem current, T page, ApiRend var navigationHtml = await navigationRenderer.RenderNavigation(current.NavigationRoot, new Uri("http://ignored.example"), ctx); renderContext = renderContext with { + CurrentNavigation = current, NavigationHtml = navigationHtml }; await using var stream = _writeFileSystem.FileStream.New(outputFile.FullName, FileMode.OpenOrCreate); diff --git a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml index e4af50bc8..d2b4410ed 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml +++ b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml @@ -1,3 +1,4 @@ +@using Elastic.ApiExplorer.Landing @using Elastic.Documentation.Configuration.Assembler @using Elastic.Documentation.Configuration.Builder @inherits RazorSliceHttpResult @@ -20,9 +21,20 @@ StaticFileContentHashProvider = Model.StaticFileContentHashProvider }; } - -@if (Model.CurrentNavigationItem.) - +@{ + var parent = Model.CurrentNavigationItem.Parent as EndpointNavigationItem; +} +@if (parent is not null && parent.NavigationItems.Count > 0 && parent.NavigationItems.All(n => n.Hidden)) +{ + +}

      Id: @Model.Operation.Operation.OperationId

      From 64f9b31e6f169ea447602f3bf727df148d0dfa57 Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Wed, 18 Jun 2025 14:52:01 +0200 Subject: [PATCH 07/12] start building out api pages --- .../Elastic.ApiExplorer.csproj | 6 ++ .../Operations/OperationView.cshtml | 79 +++++++++++--- src/Elastic.ApiExplorer/_Layout.cshtml | 4 +- .../Assets/api-docs.css | 101 ++++++++++++++++++ .../Assets/styles.css | 4 + .../Elastic.Documentation.Site.csproj | 2 +- .../tailwind.config.js | 1 + src/Elastic.Markdown/Elastic.Markdown.csproj | 1 + .../docs-builder/Http/DocumentationWebHost.cs | 1 + 9 files changed, 182 insertions(+), 17 deletions(-) create mode 100644 src/Elastic.Documentation.Site/Assets/api-docs.css diff --git a/src/Elastic.ApiExplorer/Elastic.ApiExplorer.csproj b/src/Elastic.ApiExplorer/Elastic.ApiExplorer.csproj index 6507bf909..e3268592a 100644 --- a/src/Elastic.ApiExplorer/Elastic.ApiExplorer.csproj +++ b/src/Elastic.ApiExplorer/Elastic.ApiExplorer.csproj @@ -4,6 +4,12 @@ net9.0 enable enable + true + true + true + true + $(InterceptorsPreviewNamespaces);Microsoft.AspNetCore.Http.Generated + true diff --git a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml index d2b4410ed..2657cb6cd 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml +++ b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml @@ -1,6 +1,8 @@ @using Elastic.ApiExplorer.Landing +@using Elastic.ApiExplorer.Operations @using Elastic.Documentation.Configuration.Assembler @using Elastic.Documentation.Configuration.Builder +@using Microsoft.OpenApi.Models @inherits RazorSliceHttpResult @implements IUsesLayout @functions { @@ -23,21 +25,70 @@ } @{ var parent = Model.CurrentNavigationItem.Parent as EndpointNavigationItem; + var self = Model.CurrentNavigationItem as OperationNavigationItem; + var allOperations = + parent is not null && parent.NavigationItems.Count > 0 && parent.NavigationItems.All(n => n.Hidden) + ? parent.NavigationItems + : self is not null + ? [self] + : []; + + var operation = Model.Operation.Operation; } -@if (parent is not null && parent.NavigationItems.Count > 0 && parent.NavigationItems.All(n => n.Hidden)) -{ -
        - @foreach (var overload in parent.NavigationItems) + +
        +
        +

        @operation.Summary

        +

        + @operation.Description +

        +
          + @foreach (var overload in allOperations) + { + var method = overload.Model.OperationType.ToString().ToLowerInvariant(); + var current = overload.Model.Route == Model.Operation.Route && overload.Model.OperationType == Model.Operation.OperationType ? "current" : ""; +
        • + + @method.ToUpperInvariant() + @overload.Model.Route + +
          • + } +
        + @{ + var pathParameters = operation.Parameters?.Where(p => p.In == ParameterLocation.Path).ToArray() ?? []; + } + @if (pathParameters.Length > 0) { -
      • - @overload.Model.OperationType @overload.Model.Route -
        • +

        Path Parameters

        +
        + @foreach (var path in pathParameters) + { +
        @path.Name
        +
        @path.Description
        + } +
        + } + @{ + var queryStringParameters = operation.Parameters?.Where(p => p.In == ParameterLocation.Query).ToArray() ?? []; + } + @if (queryStringParameters.Length > 0) + { +

        Query String Parameters

        +
        + @foreach (var path in queryStringParameters) + { +
        @path.Name
        +
        @path.Description
        + } +
        } -
      -} - -
      -

      Id: @Model.Operation.Operation.OperationId

      -

      Name: @Model.Operation.ApiName

      -

      Url: @Model.Operation.OperationType.ToString() @Model.Operation.Route

      + +
    \ No newline at end of file diff --git a/src/Elastic.ApiExplorer/_Layout.cshtml b/src/Elastic.ApiExplorer/_Layout.cshtml index c653cec6a..11aa06596 100644 --- a/src/Elastic.ApiExplorer/_Layout.cshtml +++ b/src/Elastic.ApiExplorer/_Layout.cshtml @@ -5,8 +5,8 @@ }
    @await RenderPartialAsync(_PagesNav.Create(Model))
    diff --git a/src/Elastic.Documentation.Site/Assets/api-docs.css b/src/Elastic.Documentation.Site/Assets/api-docs.css new file mode 100644 index 000000000..9518a750a --- /dev/null +++ b/src/Elastic.Documentation.Site/Assets/api-docs.css @@ -0,0 +1,101 @@ + +.api-url-listing { + @apply mt-4; + margin-left: 0 !important; + &:has(.api-method-get) { + .api-method { + width: calc(4ch + var(--spacing)); + } + } + &:has(.api-method-put) { + .api-method { + width: calc(4ch + var(--spacing)); + } + } + &:has(.api-method-head) { + .api-method { + width: calc(5ch + var(--spacing)); + } + } + &:has(.api-method-post) { + .api-method { + width: calc(5ch + var(--spacing)); + } + } + &:has(.api-method-delete) { + .api-method { + width: calc(7ch + var(--spacing)); + } + } + + li { + list-style-type: none; + margin-left: 0; + a { + @apply no-underline w-full p-4 pl-4 pr-4 inline-block text-grey-80; + @apply border rounded-sm border-grey-20 bg-grey-10; + } + a.current { + @apply border-grey-30 bg-white p-4 text-grey-120; + font-weight: bold; + } + a:hover { + @apply border-grey-30 bg-white text-grey-120; + font-weight: bold; + } + } + li:only-child { + a.current { + @apply border rounded-sm border-grey-20 bg-white; + } + a.current:hover { + @apply border-grey-20 bg-white; + } + + } + .api-method { + @apply border rounded-sm; + padding-left: var(--spacing); + padding-right: var(--spacing); + font-family: var(--default-mono-font-family, ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace); + font-feature-settings: var(--default-mono-font-feature-settings, normal); + font-variation-settings: var(--default-mono-font-variation-settings, normal); + font-size: 0.8em; + display: inline-block; + font-weight: bold; + } + .api-method-get { + @apply border-blue-elastic-30 bg-blue-elastic-10 text-blue-elastic; + } + .api-method-put { + @apply border-yellow-30 bg-yellow-10 text-yellow-90; + } + .api-method-post { + @apply border-green-30 bg-green-10 text-green-90; + } + .api-method-delete { + @apply border-red-30 bg-red-10 text-red-90; + } + .api-url { + margin-left: calc(var(--spacing) * 2); + display: inline-block; + } + .api-url-list-item + { + @apply mt-4; + } +} +#elastic-api-v3 { + dt a { + @apply no-underline; + code { + @apply p-1 inline-block; + } + } + h1 { + @apply pt-4; + } + h3 { + @apply border-b-grey-20 border-b-1 pb-2; + } +} diff --git a/src/Elastic.Documentation.Site/Assets/styles.css b/src/Elastic.Documentation.Site/Assets/styles.css index 80da74e43..216ed3950 100644 --- a/src/Elastic.Documentation.Site/Assets/styles.css +++ b/src/Elastic.Documentation.Site/Assets/styles.css @@ -16,6 +16,7 @@ @import './modal.css'; @import './archive.css'; @import './markdown/stepper.css'; +@import './api-docs.css'; :root { --outline-size: max(2px, 0.08em); @@ -33,6 +34,9 @@ var(--max-text-width) + (var(--max-sidebar-width) * 2) + calc(var(--content-spacing) * 2) ); + + --max-api-sidebar-width: calc(var(--spacing) * 70); + --max-examples-width: calc(var(--max-api-sidebar-width) * 2); } @media screen and (min-width: 767px) { diff --git a/src/Elastic.Documentation.Site/Elastic.Documentation.Site.csproj b/src/Elastic.Documentation.Site/Elastic.Documentation.Site.csproj index a074a53a3..c8222af4c 100644 --- a/src/Elastic.Documentation.Site/Elastic.Documentation.Site.csproj +++ b/src/Elastic.Documentation.Site/Elastic.Documentation.Site.csproj @@ -9,8 +9,8 @@ true true $(InterceptorsPreviewNamespaces);Microsoft.AspNetCore.Http.Generated - true + true diff --git a/src/Elastic.Documentation.Site/tailwind.config.js b/src/Elastic.Documentation.Site/tailwind.config.js index 31ca1d0ef..e1f888f16 100644 --- a/src/Elastic.Documentation.Site/tailwind.config.js +++ b/src/Elastic.Documentation.Site/tailwind.config.js @@ -2,5 +2,6 @@ module.exports = { content: [ './**/*.{html,js,cshtml}', '../Elastic.Markdown/**/*.{html,js,cshtml}', + '../Elastic.ApiExplorer/**/*.{html,js,cshtml}', ], } diff --git a/src/Elastic.Markdown/Elastic.Markdown.csproj b/src/Elastic.Markdown/Elastic.Markdown.csproj index 5e2a445fa..fff8740b7 100644 --- a/src/Elastic.Markdown/Elastic.Markdown.csproj +++ b/src/Elastic.Markdown/Elastic.Markdown.csproj @@ -12,6 +12,7 @@ true true + true diff --git a/src/tooling/docs-builder/Http/DocumentationWebHost.cs b/src/tooling/docs-builder/Http/DocumentationWebHost.cs index 721f0416b..60f53b9f0 100644 --- a/src/tooling/docs-builder/Http/DocumentationWebHost.cs +++ b/src/tooling/docs-builder/Http/DocumentationWebHost.cs @@ -168,6 +168,7 @@ private async Task ServeApiFile(ReloadableGeneratorState holder, string var info = _writeFileSystem.FileInfo.New(path); if (info.Exists) { + //TODO STREAM var contents = await _writeFileSystem.File.ReadAllTextAsync(info.FullName, ctx); return Results.Content(contents, "text/html"); } From 5c25c06daba69c7af2a5ab3ffa8c0acba3afc492 Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Wed, 18 Jun 2025 16:00:51 +0200 Subject: [PATCH 08/12] Render markdown descriptions --- src/Elastic.ApiExplorer/ApiRenderContext.cs | 2 ++ src/Elastic.ApiExplorer/ApiViewModel.cs | 7 ++++++ .../Endpoints/ApiEndpoint.cs | 3 ++- .../Endpoints/IndexViewModel.cs | 2 +- .../Landing/LandingNavigationItem.cs | 3 ++- src/Elastic.ApiExplorer/OpenApiGenerator.cs | 6 +++-- .../Operations/OperationNavigationItem.cs | 3 ++- .../Operations/OperationView.cshtml | 23 +++++++++++++++---- ...Elastic.Documentation.Configuration.csproj | 1 - .../Assets/api-docs.css | 3 +++ .../IMarkdownStringRenderer.cs | 21 +++++++++++++++++ .../DocumentationGenerator.cs | 2 ++ src/Elastic.Markdown/Slices/HtmlWriter.cs | 10 ++++++++ src/tooling/docs-builder/Cli/Commands.cs | 3 ++- .../Http/ReloadableGeneratorState.cs | 7 +++--- .../Elastic.ApiExplorer.Tests/ReaderTests.cs | 3 ++- 16 files changed, 82 insertions(+), 17 deletions(-) create mode 100644 src/Elastic.Documentation/IMarkdownStringRenderer.cs diff --git a/src/Elastic.ApiExplorer/ApiRenderContext.cs b/src/Elastic.ApiExplorer/ApiRenderContext.cs index 73d37bdd9..0a60880e6 100644 --- a/src/Elastic.ApiExplorer/ApiRenderContext.cs +++ b/src/Elastic.ApiExplorer/ApiRenderContext.cs @@ -2,6 +2,7 @@ // Elasticsearch B.V licenses this file to you under the Apache 2.0 License. // See the LICENSE file in the project root for more information +using Elastic.Documentation; using Elastic.Documentation.Configuration; using Elastic.Documentation.Site.FileProviders; using Elastic.Documentation.Site.Navigation; @@ -18,4 +19,5 @@ StaticFileContentHashProvider StaticFileContentHashProvider { public required string NavigationHtml { get; init; } public required INavigationItem CurrentNavigation { get; init; } + public required IMarkdownStringRenderer MarkdownRenderer { get; init; } } diff --git a/src/Elastic.ApiExplorer/ApiViewModel.cs b/src/Elastic.ApiExplorer/ApiViewModel.cs index 762ae9a75..0fb389517 100644 --- a/src/Elastic.ApiExplorer/ApiViewModel.cs +++ b/src/Elastic.ApiExplorer/ApiViewModel.cs @@ -2,8 +2,10 @@ // Elasticsearch B.V licenses this file to you under the Apache 2.0 License. // See the LICENSE file in the project root for more information +using Elastic.Documentation; using Elastic.Documentation.Site.FileProviders; using Elastic.Documentation.Site.Navigation; +using Microsoft.AspNetCore.Html; namespace Elastic.ApiExplorer; @@ -12,4 +14,9 @@ public abstract class ApiViewModel public required string NavigationHtml { get; init; } public required StaticFileContentHashProvider StaticFileContentHashProvider { get; init; } public required INavigationItem CurrentNavigationItem { get; init; } + public required IMarkdownStringRenderer MarkdownRenderer { get; init; } + + + public HtmlString RenderMarkdown(string? markdown) => + string.IsNullOrEmpty(markdown) ? new(string.Empty) : new(MarkdownRenderer.Render(markdown, null)); } diff --git a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs index 3858481f8..1848b7df6 100644 --- a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs +++ b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs @@ -27,7 +27,8 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, ApiEndpoint = this, StaticFileContentHashProvider = context.StaticFileContentHashProvider, NavigationHtml = context.NavigationHtml, - CurrentNavigationItem = context.CurrentNavigation + CurrentNavigationItem = context.CurrentNavigation, + MarkdownRenderer = context.MarkdownRenderer }; var slice = EndpointView.Create(viewModel); diff --git a/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs b/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs index 6d7ed0f87..ca5bc3864 100644 --- a/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs +++ b/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs @@ -3,11 +3,11 @@ // See the LICENSE file in the project root for more information using Elastic.ApiExplorer.Landing; +using Elastic.Documentation; namespace Elastic.ApiExplorer.Endpoints; public class IndexViewModel : ApiViewModel { public required ApiEndpoint ApiEndpoint { get; init; } - } diff --git a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs index 6f5a494e8..28ed0f6c9 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs @@ -20,7 +20,8 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, StaticFileContentHashProvider = context.StaticFileContentHashProvider, NavigationHtml = context.NavigationHtml, ApiInfo = context.Model.Info, - CurrentNavigationItem = context.CurrentNavigation + CurrentNavigationItem = context.CurrentNavigation, + MarkdownRenderer = context.MarkdownRenderer }; var slice = LandingView.Create(viewModel); await slice.RenderAsync(stream, cancellationToken: ctx); diff --git a/src/Elastic.ApiExplorer/OpenApiGenerator.cs b/src/Elastic.ApiExplorer/OpenApiGenerator.cs index e14aa4824..65607fad3 100644 --- a/src/Elastic.ApiExplorer/OpenApiGenerator.cs +++ b/src/Elastic.ApiExplorer/OpenApiGenerator.cs @@ -5,6 +5,7 @@ using System.IO.Abstractions; using Elastic.ApiExplorer.Landing; using Elastic.ApiExplorer.Operations; +using Elastic.Documentation; using Elastic.Documentation.Configuration; using Elastic.Documentation.Site.FileProviders; using Elastic.Documentation.Site.Navigation; @@ -37,7 +38,7 @@ public record ApiEndpoint(List Operations, string? Name) : IApiGro public Task RenderAsync(FileSystemStream stream, ApiRenderContext context, CancellationToken ctx = default) => Task.CompletedTask; } -public class OpenApiGenerator(BuildContext context, ILoggerFactory logger) +public class OpenApiGenerator(BuildContext context, IMarkdownStringRenderer markdownStringRenderer, ILoggerFactory logger) { private readonly ILogger _logger = logger.CreateLogger(); private readonly IFileSystem _writeFileSystem = context.WriteFileSystem; @@ -256,7 +257,8 @@ public async Task Generate(Cancel ctx = default) var renderContext = new ApiRenderContext(context, openApiDocument, _contentHashProvider) { NavigationHtml = string.Empty, - CurrentNavigation = navigation + CurrentNavigation = navigation, + MarkdownRenderer = markdownStringRenderer }; _ = await Render(navigation, navigation.Index, renderContext, navigationRenderer, ctx); await RenderNavigationItems(navigation); diff --git a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs index 621453388..95296b8ee 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs @@ -21,7 +21,8 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, Operation = this, StaticFileContentHashProvider = context.StaticFileContentHashProvider, NavigationHtml = context.NavigationHtml, - CurrentNavigationItem = context.CurrentNavigation + CurrentNavigationItem = context.CurrentNavigation, + MarkdownRenderer = context.MarkdownRenderer }; var slice = OperationView.Create(viewModel); await slice.RenderAsync(stream, cancellationToken: ctx); diff --git a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml index 2657cb6cd..b2eacff10 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml +++ b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml @@ -44,7 +44,7 @@

    @operation.Summary

    - @operation.Description + @(Model.RenderMarkdown(operation.Description))

      @foreach (var overload in allOperations) @@ -64,12 +64,12 @@ } @if (pathParameters.Length > 0) { -

      Path Parameters

      +

      Path Parameters

      @foreach (var path in pathParameters) {
      @path.Name
      -
      @path.Description
      +
      @Model.RenderMarkdown(path.Description)
      }
      } @@ -78,12 +78,25 @@ } @if (queryStringParameters.Length > 0) { -

      Query String Parameters

      +

      Query String Parameters

      @foreach (var path in queryStringParameters) {
      @path.Name
      -
      @path.Description
      +
      @Model.RenderMarkdown(path.Description)
      + } +
      + } + @if (operation.RequestBody is not null) + { +

      Request Body

      + if (!string.IsNullOrEmpty(operation.RequestBody.Description)) + { +

      @operation.RequestBody.Description

      + } +
      + @foreach (var path in operation.RequestBody.Content) + { }
      } diff --git a/src/Elastic.Documentation.Configuration/Elastic.Documentation.Configuration.csproj b/src/Elastic.Documentation.Configuration/Elastic.Documentation.Configuration.csproj index 2eb80e658..5a54184a9 100644 --- a/src/Elastic.Documentation.Configuration/Elastic.Documentation.Configuration.csproj +++ b/src/Elastic.Documentation.Configuration/Elastic.Documentation.Configuration.csproj @@ -15,6 +15,5 @@ - diff --git a/src/Elastic.Documentation.Site/Assets/api-docs.css b/src/Elastic.Documentation.Site/Assets/api-docs.css index 9518a750a..5389a727b 100644 --- a/src/Elastic.Documentation.Site/Assets/api-docs.css +++ b/src/Elastic.Documentation.Site/Assets/api-docs.css @@ -98,4 +98,7 @@ h3 { @apply border-b-grey-20 border-b-1 pb-2; } + h4 { + @apply border-b-grey-20 border-b-1 pb-2; + } } diff --git a/src/Elastic.Documentation/IMarkdownStringRenderer.cs b/src/Elastic.Documentation/IMarkdownStringRenderer.cs new file mode 100644 index 000000000..20e486d88 --- /dev/null +++ b/src/Elastic.Documentation/IMarkdownStringRenderer.cs @@ -0,0 +1,21 @@ +// Licensed to Elasticsearch B.V under one or more agreements. +// Elasticsearch B.V licenses this file to you under the Apache 2.0 License. +// See the LICENSE file in the project root for more information + +using System.IO.Abstractions; + +namespace Elastic.Documentation; + +public interface IMarkdownStringRenderer +{ + string Render(string markdown, IFileInfo? source); +} +public class NoopMarkdownStringRenderer : IMarkdownStringRenderer +{ + private NoopMarkdownStringRenderer() { } + + public static NoopMarkdownStringRenderer Instance { get; } = new(); + + /// + public string Render(string markdown, IFileInfo? source) => string.Empty; +} diff --git a/src/Elastic.Markdown/DocumentationGenerator.cs b/src/Elastic.Markdown/DocumentationGenerator.cs index e6a33e968..cfbe8354b 100644 --- a/src/Elastic.Markdown/DocumentationGenerator.cs +++ b/src/Elastic.Markdown/DocumentationGenerator.cs @@ -4,6 +4,7 @@ using System.IO.Abstractions; using System.Text.Json; +using Elastic.Documentation; using Elastic.Documentation.Configuration; using Elastic.Documentation.Legacy; using Elastic.Documentation.Links; @@ -49,6 +50,7 @@ public class DocumentationGenerator public DocumentationSet DocumentationSet { get; } public BuildContext Context { get; } public ICrossLinkResolver Resolver { get; } + public IMarkdownStringRenderer MarkdownStringRenderer => HtmlWriter; public DocumentationGenerator( DocumentationSet docSet, diff --git a/src/Elastic.Markdown/Slices/HtmlWriter.cs b/src/Elastic.Markdown/Slices/HtmlWriter.cs index c3b02c3b5..71f058609 100644 --- a/src/Elastic.Markdown/Slices/HtmlWriter.cs +++ b/src/Elastic.Markdown/Slices/HtmlWriter.cs @@ -24,6 +24,7 @@ public class HtmlWriter( ILegacyUrlMapper? legacyUrlMapper = null, IPositionalNavigation? positionalNavigation = null ) + : IMarkdownStringRenderer { private DocumentationSet DocumentationSet { get; } = documentationSet; @@ -34,6 +35,14 @@ public class HtmlWriter( private ILegacyUrlMapper LegacyUrlMapper { get; } = legacyUrlMapper ?? new NoopLegacyUrlMapper(); private IPositionalNavigation PositionalNavigation { get; } = positionalNavigation ?? documentationSet; + /// + public string Render(string markdown, IFileInfo? source) + { + source ??= DocumentationSet.Context.ConfigurationPath; + var parsed = DocumentationSet.MarkdownParser.ParseStringAsync(markdown, source, null); + return MarkdownFile.CreateHtml(parsed); + } + public async Task RenderLayout(MarkdownFile markdown, Cancel ctx = default) { var document = await markdown.ParseFullAsync(ctx); @@ -147,4 +156,5 @@ public async Task WriteAsync(IFileInfo outputFile, MarkdownFil await writeFileSystem.File.WriteAllTextAsync(path, rendered, ctx); return document; } + } diff --git a/src/tooling/docs-builder/Cli/Commands.cs b/src/tooling/docs-builder/Cli/Commands.cs index 15155ddf9..c509d79da 100644 --- a/src/tooling/docs-builder/Cli/Commands.cs +++ b/src/tooling/docs-builder/Cli/Commands.cs @@ -161,7 +161,8 @@ public async Task Generate( var generator = new DocumentationGenerator(set, logger, null, null, null, exporter); _ = await generator.GenerateAll(ctx); - var openApiGenerator = new OpenApiGenerator(context, logger); + + var openApiGenerator = new OpenApiGenerator(context, generator.MarkdownStringRenderer, logger); await openApiGenerator.Generate(ctx); if (runningOnCi) diff --git a/src/tooling/docs-builder/Http/ReloadableGeneratorState.cs b/src/tooling/docs-builder/Http/ReloadableGeneratorState.cs index f40b1f034..971cf6979 100644 --- a/src/tooling/docs-builder/Http/ReloadableGeneratorState.cs +++ b/src/tooling/docs-builder/Http/ReloadableGeneratorState.cs @@ -3,6 +3,7 @@ // See the LICENSE file in the project root for more information using System.IO.Abstractions; using Elastic.ApiExplorer; +using Elastic.Documentation; using Elastic.Documentation.Configuration; using Elastic.Markdown; using Elastic.Markdown.IO; @@ -36,15 +37,15 @@ public async Task ReloadAsync(Cancel ctx) await generator.ResolveDirectoryTree(ctx); _ = Interlocked.Exchange(ref _generator, generator); - await ReloadApiReferences(ctx); + await ReloadApiReferences(generator.MarkdownStringRenderer, ctx); } - private async Task ReloadApiReferences(Cancel ctx) + private async Task ReloadApiReferences(IMarkdownStringRenderer markdownStringRenderer, Cancel ctx) { if (ApiPath.Exists) ApiPath.Delete(true); ApiPath.Create(); - var generator = new OpenApiGenerator(context, logger); + var generator = new OpenApiGenerator(context, markdownStringRenderer, logger); await generator.Generate(ctx); } } diff --git a/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs b/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs index dd9579c8a..afd100c8c 100644 --- a/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs +++ b/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs @@ -3,6 +3,7 @@ // See the LICENSE file in the project root for more information using System.IO.Abstractions; +using Elastic.Documentation; using Elastic.Documentation.Configuration; using Elastic.Documentation.Diagnostics; using FluentAssertions; @@ -32,7 +33,7 @@ public async Task Navigation() { var collector = new DiagnosticsCollector([]); var context = new BuildContext(collector, new FileSystem()); - var generator = new OpenApiGenerator(context, NullLoggerFactory.Instance); + var generator = new OpenApiGenerator(context, NoopMarkdownStringRenderer.Instance, NullLoggerFactory.Instance); context.Configuration.OpenApiSpecification.Should().NotBeNull(); var openApiDocument = await OpenApiReader.Create(context.Configuration.OpenApiSpecification); From 6445661f61c686b09756e7c21ff73e6d6aa8ac7c Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Wed, 18 Jun 2025 16:07:29 +0200 Subject: [PATCH 09/12] ci/lint --- .../Assets/api-docs.css | 41 ++++++++++++------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/src/Elastic.Documentation.Site/Assets/api-docs.css b/src/Elastic.Documentation.Site/Assets/api-docs.css index 5389a727b..15bd423e8 100644 --- a/src/Elastic.Documentation.Site/Assets/api-docs.css +++ b/src/Elastic.Documentation.Site/Assets/api-docs.css @@ -1,4 +1,3 @@ - .api-url-listing { @apply mt-4; margin-left: 0 !important; @@ -32,34 +31,49 @@ list-style-type: none; margin-left: 0; a { - @apply no-underline w-full p-4 pl-4 pr-4 inline-block text-grey-80; - @apply border rounded-sm border-grey-20 bg-grey-10; + @apply text-grey-80 inline-block w-full p-4 pr-4 pl-4 no-underline; + @apply border-grey-20 bg-grey-10 rounded-sm border; } a.current { - @apply border-grey-30 bg-white p-4 text-grey-120; + @apply border-grey-30 text-grey-120 bg-white p-4; font-weight: bold; } a:hover { - @apply border-grey-30 bg-white text-grey-120; + @apply border-grey-30 text-grey-120 bg-white; font-weight: bold; } } li:only-child { a.current { - @apply border rounded-sm border-grey-20 bg-white; + @apply border-grey-20 rounded-sm border bg-white; } a.current:hover { @apply border-grey-20 bg-white; } - } .api-method { - @apply border rounded-sm; + @apply rounded-sm border; padding-left: var(--spacing); padding-right: var(--spacing); - font-family: var(--default-mono-font-family, ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace); - font-feature-settings: var(--default-mono-font-feature-settings, normal); - font-variation-settings: var(--default-mono-font-variation-settings, normal); + font-family: var( + --default-mono-font-family, + ui-monospace, + SFMono-Regular, + Menlo, + Monaco, + Consolas, + 'Liberation Mono', + 'Courier New', + monospace + ); + font-feature-settings: var( + --default-mono-font-feature-settings, + normal + ); + font-variation-settings: var( + --default-mono-font-variation-settings, + normal + ); font-size: 0.8em; display: inline-block; font-weight: bold; @@ -80,8 +94,7 @@ margin-left: calc(var(--spacing) * 2); display: inline-block; } - .api-url-list-item - { + .api-url-list-item { @apply mt-4; } } @@ -89,7 +102,7 @@ dt a { @apply no-underline; code { - @apply p-1 inline-block; + @apply inline-block p-1; } } h1 { From b424f495a857f00812cb7795a42d231ddf8ed9f4 Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Wed, 18 Jun 2025 18:40:24 +0200 Subject: [PATCH 10/12] ensure global layout is seeded uniformly --- src/Elastic.ApiExplorer/ApiViewModel.cs | 35 +++++++++++++++---- .../Endpoints/ApiEndpoint.cs | 10 ++---- .../Endpoints/EndpointView.cshtml | 18 +--------- .../Endpoints/IndexViewModel.cs | 2 +- .../Landing/LandingNavigationItem.cs | 8 ++--- .../Landing/LandingView.cshtml | 18 +--------- .../Landing/LandingViewModel.cs | 2 +- .../Operations/OperationNavigationItem.cs | 8 ++--- .../Operations/OperationView.cshtml | 18 +--------- .../Operations/OperationViewModel.cs | 2 +- src/Elastic.Documentation.Site/_ViewModels.cs | 4 +-- .../Slices/MarkdownLayoutViewModel.cs | 2 +- 12 files changed, 45 insertions(+), 82 deletions(-) diff --git a/src/Elastic.ApiExplorer/ApiViewModel.cs b/src/Elastic.ApiExplorer/ApiViewModel.cs index 0fb389517..4d53d79d9 100644 --- a/src/Elastic.ApiExplorer/ApiViewModel.cs +++ b/src/Elastic.ApiExplorer/ApiViewModel.cs @@ -3,20 +3,43 @@ // See the LICENSE file in the project root for more information using Elastic.Documentation; +using Elastic.Documentation.Configuration; +using Elastic.Documentation.Configuration.Assembler; +using Elastic.Documentation.Configuration.Builder; +using Elastic.Documentation.Site; using Elastic.Documentation.Site.FileProviders; using Elastic.Documentation.Site.Navigation; using Microsoft.AspNetCore.Html; namespace Elastic.ApiExplorer; -public abstract class ApiViewModel +public abstract class ApiViewModel(ApiRenderContext context) { - public required string NavigationHtml { get; init; } - public required StaticFileContentHashProvider StaticFileContentHashProvider { get; init; } - public required INavigationItem CurrentNavigationItem { get; init; } - public required IMarkdownStringRenderer MarkdownRenderer { get; init; } + public string NavigationHtml { get; } = context.NavigationHtml; + public StaticFileContentHashProvider StaticFileContentHashProvider { get; } = context.StaticFileContentHashProvider; + public INavigationItem CurrentNavigationItem { get; } = context.CurrentNavigation; + public IMarkdownStringRenderer MarkdownRenderer { get; } = context.MarkdownRenderer; + public BuildContext BuildContext { get; } = context.BuildContext; public HtmlString RenderMarkdown(string? markdown) => - string.IsNullOrEmpty(markdown) ? new(string.Empty) : new(MarkdownRenderer.Render(markdown, null)); + new(string.IsNullOrEmpty(markdown) ? string.Empty : MarkdownRenderer.Render(markdown, null)); + + + public GlobalLayoutViewModel CreateGlobalLayoutModel() => + new() + { + DocSetName = "Api Explorer", + Description = "", + CurrentNavigationItem = CurrentNavigationItem, + Previous = null, + Next = null, + NavigationHtml = NavigationHtml, + UrlPathPrefix = BuildContext.UrlPathPrefix, + AllowIndexing = BuildContext.AllowIndexing, + CanonicalBaseUrl = BuildContext.CanonicalBaseUrl, + GoogleTagManager = new GoogleTagManagerConfiguration(), + Features = new FeatureFlags([]), + StaticFileContentHashProvider = StaticFileContentHashProvider + }; } diff --git a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs index 1848b7df6..4e918aacc 100644 --- a/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs +++ b/src/Elastic.ApiExplorer/Endpoints/ApiEndpoint.cs @@ -18,18 +18,14 @@ public ApiEndpoint(string route, IOpenApiPathItem openApiPath) } public string Route { get; } + public IOpenApiPathItem OpenApiPath { get; } public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, Cancel ctx = default) { - var viewModel = new IndexViewModel + var viewModel = new IndexViewModel(context) { - ApiEndpoint = this, - StaticFileContentHashProvider = context.StaticFileContentHashProvider, - NavigationHtml = context.NavigationHtml, - CurrentNavigationItem = context.CurrentNavigation, - MarkdownRenderer = context.MarkdownRenderer - + ApiEndpoint = this }; var slice = EndpointView.Create(viewModel); await slice.RenderAsync(stream, cancellationToken: ctx); diff --git a/src/Elastic.ApiExplorer/Endpoints/EndpointView.cshtml b/src/Elastic.ApiExplorer/Endpoints/EndpointView.cshtml index 95bc519ec..84f553781 100644 --- a/src/Elastic.ApiExplorer/Endpoints/EndpointView.cshtml +++ b/src/Elastic.ApiExplorer/Endpoints/EndpointView.cshtml @@ -1,23 +1,7 @@ -@using Elastic.Documentation.Configuration.Assembler -@using Elastic.Documentation.Configuration.Builder @inherits RazorSliceHttpResult @implements IUsesLayout @functions { - public GlobalLayoutViewModel LayoutModel => new() - { - DocSetName = "Api Explorer", - Description = "", - CurrentNavigationItem = Model.CurrentNavigationItem, - Previous = null, - Next = null, - NavigationHtml = Model.NavigationHtml, - UrlPathPrefix = null, - AllowIndexing = false, - CanonicalBaseUrl = null, - GoogleTagManager = new GoogleTagManagerConfiguration(), - Features = new FeatureFlags([]), - StaticFileContentHashProvider = Model.StaticFileContentHashProvider - }; + public GlobalLayoutViewModel LayoutModel => Model.CreateGlobalLayoutModel(); }

      @Model.CurrentNavigationItem.Url

      diff --git a/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs b/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs index ca5bc3864..a09202d23 100644 --- a/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs +++ b/src/Elastic.ApiExplorer/Endpoints/IndexViewModel.cs @@ -7,7 +7,7 @@ namespace Elastic.ApiExplorer.Endpoints; -public class IndexViewModel : ApiViewModel +public class IndexViewModel(ApiRenderContext context) : ApiViewModel(context) { public required ApiEndpoint ApiEndpoint { get; init; } } diff --git a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs index 28ed0f6c9..9ae7d610a 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs @@ -14,14 +14,10 @@ public class ApiLanding : IApiGroupingModel { public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, Cancel ctx = default) { - var viewModel = new LandingViewModel + var viewModel = new LandingViewModel(context) { Landing = this, - StaticFileContentHashProvider = context.StaticFileContentHashProvider, - NavigationHtml = context.NavigationHtml, - ApiInfo = context.Model.Info, - CurrentNavigationItem = context.CurrentNavigation, - MarkdownRenderer = context.MarkdownRenderer + ApiInfo = context.Model.Info }; var slice = LandingView.Create(viewModel); await slice.RenderAsync(stream, cancellationToken: ctx); diff --git a/src/Elastic.ApiExplorer/Landing/LandingView.cshtml b/src/Elastic.ApiExplorer/Landing/LandingView.cshtml index 40c1b65d9..767bf996d 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingView.cshtml +++ b/src/Elastic.ApiExplorer/Landing/LandingView.cshtml @@ -1,23 +1,7 @@ -@using Elastic.Documentation.Configuration.Assembler -@using Elastic.Documentation.Configuration.Builder @inherits RazorSliceHttpResult @implements IUsesLayout @functions { - public GlobalLayoutViewModel LayoutModel => new() - { - DocSetName = "Api Explorer", - Description = "", - CurrentNavigationItem = Model.CurrentNavigationItem, - Previous = null, - Next = null, - NavigationHtml = Model.NavigationHtml, - UrlPathPrefix = null, - AllowIndexing = false, - CanonicalBaseUrl = null, - GoogleTagManager = new GoogleTagManagerConfiguration(), - Features = new FeatureFlags([]), - StaticFileContentHashProvider = Model.StaticFileContentHashProvider - }; + public GlobalLayoutViewModel LayoutModel => Model.CreateGlobalLayoutModel(); }

      @Model.ApiInfo.Title

      diff --git a/src/Elastic.ApiExplorer/Landing/LandingViewModel.cs b/src/Elastic.ApiExplorer/Landing/LandingViewModel.cs index c3950d28f..e4579ce25 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingViewModel.cs +++ b/src/Elastic.ApiExplorer/Landing/LandingViewModel.cs @@ -6,7 +6,7 @@ namespace Elastic.ApiExplorer.Landing; -public class LandingViewModel : ApiViewModel +public class LandingViewModel(ApiRenderContext context) : ApiViewModel(context) { public required ApiLanding Landing { get; init; } public required OpenApiInfo ApiInfo { get; init; } diff --git a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs index 95296b8ee..dfac3c853 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs @@ -16,13 +16,9 @@ public record ApiOperation(OperationType OperationType, OpenApiOperation Operati { public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, Cancel ctx = default) { - var viewModel = new OperationViewModel + var viewModel = new OperationViewModel(context) { - Operation = this, - StaticFileContentHashProvider = context.StaticFileContentHashProvider, - NavigationHtml = context.NavigationHtml, - CurrentNavigationItem = context.CurrentNavigation, - MarkdownRenderer = context.MarkdownRenderer + Operation = this }; var slice = OperationView.Create(viewModel); await slice.RenderAsync(stream, cancellationToken: ctx); diff --git a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml index acf0fe0cb..a6e80d120 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationView.cshtml +++ b/src/Elastic.ApiExplorer/Operations/OperationView.cshtml @@ -1,26 +1,10 @@ @using Elastic.ApiExplorer.Landing @using Elastic.ApiExplorer.Operations -@using Elastic.Documentation.Configuration.Assembler -@using Elastic.Documentation.Configuration.Builder @using Microsoft.OpenApi.Models @inherits RazorSliceHttpResult @implements IUsesLayout @functions { - public GlobalLayoutViewModel LayoutModel => new() - { - DocSetName = "Api Explorer", - Description = "", - CurrentNavigationItem = Model.CurrentNavigationItem, - Previous = null, - Next = null, - NavigationHtml = Model.NavigationHtml, - UrlPathPrefix = null, - AllowIndexing = false, - CanonicalBaseUrl = null, - GoogleTagManager = new GoogleTagManagerConfiguration(), - Features = new FeatureFlags([]), - StaticFileContentHashProvider = Model.StaticFileContentHashProvider - }; + public GlobalLayoutViewModel LayoutModel => Model.CreateGlobalLayoutModel(); } @{ var parent = Model.CurrentNavigationItem.Parent as EndpointNavigationItem; diff --git a/src/Elastic.ApiExplorer/Operations/OperationViewModel.cs b/src/Elastic.ApiExplorer/Operations/OperationViewModel.cs index dd52647f5..21c41e992 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationViewModel.cs +++ b/src/Elastic.ApiExplorer/Operations/OperationViewModel.cs @@ -4,7 +4,7 @@ namespace Elastic.ApiExplorer.Operations; -public class OperationViewModel : ApiViewModel +public class OperationViewModel(ApiRenderContext context) : ApiViewModel(context) { public required ApiOperation Operation { get; init; } diff --git a/src/Elastic.Documentation.Site/_ViewModels.cs b/src/Elastic.Documentation.Site/_ViewModels.cs index 20d7521af..c45d1c54e 100644 --- a/src/Elastic.Documentation.Site/_ViewModels.cs +++ b/src/Elastic.Documentation.Site/_ViewModels.cs @@ -15,7 +15,7 @@ public static class GlobalSections public const string Footer = "footer"; } -public class GlobalLayoutViewModel +public record GlobalLayoutViewModel { public required string DocSetName { get; init; } public string Title { get; set; } = "Elastic Documentation"; @@ -29,7 +29,7 @@ public class GlobalLayoutViewModel public required string? UrlPathPrefix { get; init; } public required Uri? CanonicalBaseUrl { get; init; } public string? CanonicalUrl => CanonicalBaseUrl is not null ? - new Uri(CanonicalBaseUrl, CurrentNavigationItem?.Url).ToString().TrimEnd('/') : null; + new Uri(CanonicalBaseUrl, CurrentNavigationItem.Url).ToString().TrimEnd('/') : null; public required FeatureFlags Features { get; init; } // TODO move to @inject diff --git a/src/Elastic.Markdown/Slices/MarkdownLayoutViewModel.cs b/src/Elastic.Markdown/Slices/MarkdownLayoutViewModel.cs index 493f73f83..9d94d074b 100644 --- a/src/Elastic.Markdown/Slices/MarkdownLayoutViewModel.cs +++ b/src/Elastic.Markdown/Slices/MarkdownLayoutViewModel.cs @@ -8,7 +8,7 @@ namespace Elastic.Markdown.Slices; -public class MarkdownLayoutViewModel : GlobalLayoutViewModel +public record MarkdownLayoutViewModel : GlobalLayoutViewModel { public required string? GithubEditUrl { get; init; } From 665d9da1c3722daf70156df879704857e21d7cfe Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Wed, 18 Jun 2025 18:50:47 +0200 Subject: [PATCH 11/12] ensure links take url path prefix in to account --- src/Elastic.ApiExplorer/OpenApiGenerator.cs | 12 ++++++------ .../Operations/OperationNavigationItem.cs | 3 ++- tests/Elastic.ApiExplorer.Tests/ReaderTests.cs | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/Elastic.ApiExplorer/OpenApiGenerator.cs b/src/Elastic.ApiExplorer/OpenApiGenerator.cs index de37611c8..602fa7a59 100644 --- a/src/Elastic.ApiExplorer/OpenApiGenerator.cs +++ b/src/Elastic.ApiExplorer/OpenApiGenerator.cs @@ -43,9 +43,9 @@ public class OpenApiGenerator(BuildContext context, IMarkdownStringRenderer mark private readonly IFileSystem _writeFileSystem = context.WriteFileSystem; private readonly StaticFileContentHashProvider _contentHashProvider = new(new EmbeddedOrPhysicalFileProvider(context)); - public static LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocument) + public LandingNavigationItem CreateNavigation(OpenApiDocument openApiDocument) { - var url = "/api"; + var url = $"{context.UrlPathPrefix}/api"; var rootNavigation = new LandingNavigationItem(url); var ops = openApiDocument.Paths @@ -175,7 +175,7 @@ group tagGroup by classificationGroup.Key return rootNavigation; } - private static void CreateTagNavigationItems( + private void CreateTagNavigationItems( ApiClassification classification, IRootNavigationItem rootNavigation, IApiGroupingNavigationItem parent, @@ -204,7 +204,7 @@ List> parentNavig } } - private static void CreateEndpointNavigationItems( + private void CreateEndpointNavigationItems( IRootNavigationItem rootNavigation, ApiTag tag, IApiGroupingNavigationItem parentNavigationItem, @@ -219,7 +219,7 @@ List endpointNavigationItems var operationNavigationItems = new List(); foreach (var operation in endpoint.Operations) { - var operationNavigationItem = new OperationNavigationItem(operation, rootNavigation, endpointNavigationItem) + var operationNavigationItem = new OperationNavigationItem(context.UrlPathPrefix, operation, rootNavigation, endpointNavigationItem) { Hidden = true }; @@ -231,7 +231,7 @@ List endpointNavigationItems else { var operation = endpoint.Operations.First(); - var operationNavigationItem = new OperationNavigationItem(operation, rootNavigation, parentNavigationItem); + var operationNavigationItem = new OperationNavigationItem(context.UrlPathPrefix, operation, rootNavigation, parentNavigationItem); endpointNavigationItems.Add(operationNavigationItem); } diff --git a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs index dfac3c853..6e62145f7 100644 --- a/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Operations/OperationNavigationItem.cs @@ -28,6 +28,7 @@ public async Task RenderAsync(FileSystemStream stream, ApiRenderContext context, public class OperationNavigationItem : ILeafNavigationItem, IEndpointOrOperationNavigationItem { public OperationNavigationItem( + string? urlPathPrefix, ApiOperation apiOperation, IRootNavigationItem root, IApiGroupingNavigationItem parent @@ -38,7 +39,7 @@ IApiGroupingNavigationItem parent NavigationTitle = apiOperation.ApiName; Parent = parent; var moniker = apiOperation.Operation.OperationId ?? apiOperation.Route.Replace("}", "").Replace("{", "").Replace('/', '-'); - Url = $"/api/endpoints/{moniker}"; + Url = $"{urlPathPrefix}/api/endpoints/{moniker}"; Id = ShortId.Create(Url); } diff --git a/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs b/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs index afd100c8c..07ade9f28 100644 --- a/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs +++ b/tests/Elastic.ApiExplorer.Tests/ReaderTests.cs @@ -38,7 +38,7 @@ public async Task Navigation() var openApiDocument = await OpenApiReader.Create(context.Configuration.OpenApiSpecification); openApiDocument.Should().NotBeNull(); - var navigation = OpenApiGenerator.CreateNavigation(openApiDocument); + var navigation = generator.CreateNavigation(openApiDocument); navigation.Should().NotBeNull(); } From e7c7c875e2826bc074061dd7b8796f888f492d2f Mon Sep 17 00:00:00 2001 From: Martijn Laarman Date: Wed, 18 Jun 2025 19:00:54 +0200 Subject: [PATCH 12/12] eat urlpath prefix when generating file names --- src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs | 2 +- src/Elastic.ApiExplorer/OpenApiGenerator.cs | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs index 9ae7d610a..28ef25b87 100644 --- a/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs +++ b/src/Elastic.ApiExplorer/Landing/LandingNavigationItem.cs @@ -146,7 +146,7 @@ public class EndpointNavigationItem(ApiEndpoint endpoint, IRootNavigationItem 0; /// - public string Id { get; } = ShortId.Create(endpoint.Operations.First().ApiName + endpoint.Operations.First().Route); + public string Id { get; } = ShortId.Create(nameof(EndpointNavigationItem), endpoint.Operations.First().ApiName, endpoint.Operations.First().Route); /// public ApiEndpoint Index { get; } = endpoint; diff --git a/src/Elastic.ApiExplorer/OpenApiGenerator.cs b/src/Elastic.ApiExplorer/OpenApiGenerator.cs index 602fa7a59..75e9129bc 100644 --- a/src/Elastic.ApiExplorer/OpenApiGenerator.cs +++ b/src/Elastic.ApiExplorer/OpenApiGenerator.cs @@ -3,6 +3,7 @@ // See the LICENSE file in the project root for more information using System.IO.Abstractions; +using System.Text.RegularExpressions; using Elastic.ApiExplorer.Landing; using Elastic.ApiExplorer.Operations; using Elastic.Documentation; @@ -300,7 +301,7 @@ private async Task Render(INavigationItem current, T page, ApiRend IFileInfo OutputFile(INavigationItem currentNavigation) { const string indexHtml = "index.html"; - var fileName = currentNavigation.Url + "/" + indexHtml; + var fileName = Regex.Replace(currentNavigation.Url + "/" + indexHtml, $"^{context.UrlPathPrefix}", string.Empty); var fileInfo = _writeFileSystem.FileInfo.New(Path.Combine(context.DocumentationOutputDirectory.FullName, fileName.Trim('/'))); return fileInfo; }