diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 93f2878e276e2..4a10407b48279 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -71,175 +71,158 @@ servers: kibana_url: default: 'localhost:5601' paths: - /agent_download_sources: + /api/actions: get: - operationId: get-download-sources + deprecated: true + description: Deprecated in 7.13.0. Use the get all connectors API instead. + operationId: legacyGetConnectors responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_download_sources' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent binary download sources + items: + $ref: '#/components/schemas/Connectors_action_response_properties' + type: array + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get all connectors tags: - - Elastic Agent binary download sources + - connectors post: - operationId: post-download-sources + deprecated: true + description: Deprecated in 7.13.0. Use the create connector API instead. + operationId: legacyCreateConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + title: Legacy create connector request properties type: object properties: - host: - type: string - id: + actionTypeId: + description: The connector type identifier. type: string - is_default: - type: boolean + config: + description: >- + The configuration for the connector. Configuration + properties vary depending on the connector type. + type: object name: + description: The display name for the connector. type: string - required: - - name - - host - - is_default + secrets: + description: > + The secrets configuration for the connector. Secrets + configuration properties vary depending on the connector + type. NOTE: Remember these values. You must provide them + each time you update the connector. + type: object + required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent binary download source + $ref: '#/components/responses/Connectors_200_actions' + '401': + $ref: '#/components/responses/Connectors_401' + summary: Create a connector tags: - - Elastic Agent binary download sources - '/agent_download_sources/{sourceId}': + - connectors + '/api/actions/action/{actionId}': delete: - operationId: delete-download-source + deprecated: true + description: > + Deprecated in 7.13.0. Use the delete connector API instead. WARNING: + When you delete a connector, it cannot be recovered. + operationId: legacyDeleteConnector parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent binary download source by ID + '204': + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Delete a connector tags: - - Elastic Agent binary download sources + - connectors get: - operationId: get-one-download-source + deprecated: true + description: Deprecated in 7.13.0. Use the get connector API instead. + operationId: legacyGetConnector + parameters: + - $ref: '#/components/parameters/Connectors_action_id' responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent binary download source by ID + $ref: '#/components/responses/Connectors_200_actions' + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get connector information tags: - - Elastic Agent binary download sources - parameters: - - in: path - name: sourceId - required: true - schema: - type: string + - connectors put: - operationId: update-download-source + deprecated: true + description: Deprecated in 7.13.0. Use the update connector API instead. + operationId: legacyUpdateConnector parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object + description: The properties vary depending on the connector type. properties: - host: - type: string - is_default: - type: boolean + config: + description: >- + The new connector configuration. Configuration properties + vary depending on the connector type. + type: object name: + description: The new name for the connector. type: string - required: - - name - - is_default - - host + secrets: + description: >- + The updated secrets configuration for the connector. Secrets + properties vary depending on the connector type. + type: object + title: Legacy update connector request body properties + type: object + required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent binary download source by ID + $ref: '#/components/responses/Connectors_200_actions' + '404': + $ref: '#/components/responses/Connectors_404' + summary: Update a connector tags: - - Elastic Agent binary download sources - /agent_policies: - get: - description: '' - operationId: agent-policy-list + - connectors + '/api/actions/action/{actionId}/_execute': + post: + deprecated: true + description: Deprecated in 7.13.0. Use the run connector API instead. + operationId: legacyRunConnector parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - description: >- - When set to true, retrieve the related package policies for each - agent policy. - in: query - name: full - schema: - type: boolean - - description: >- - When set to true, do not count how many agents are in the agent - policy, this can improve performance if you are searching over a - large number of agent policies. The "agents" property will always be - 0 if set to true. - in: query - name: noAgentCount - schema: - type: boolean + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + description: The properties vary depending on the connector type. + properties: + params: + description: >- + The parameters of the connector. Parameter properties vary + depending on the connector type. + type: object + required: + - params + title: Legacy run connector request body properties + type: object + required: true responses: '200': content: @@ -247,1947 +230,2040 @@ paths: schema: type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent policies - tags: - - Elastic Agent policies + actionId: + type: string + data: + oneOf: + - additionalProperties: true + description: Information returned from the action. + type: object + - description: An array of information returned from the action. + items: + type: object + type: array + status: + description: The status of the action. + type: string + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Run a connector + tags: + - connectors + /api/actions/connector: post: - operationId: create-agent-policy + description: The connector identifier is randomly generated. + operationId: createConnector parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createEmailConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_email_connector_request + createIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_index_connector_request + createWebhookConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_webhook_connector_request + createXmattersConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_xmatters_connector_request schema: - $ref: '#/components/schemas/Fleet_agent_policy_create_request' + $ref: '#/components/schemas/Connectors_create_connector_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createEmailConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_email_connector_response + createIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_index_connector_response + createWebhookConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_webhook_connector_response + createXmattersConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_xmatters_connector_response schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent policy + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Create a connector with a random ID tags: - - Elastic Agent policies - /agent_policies/_bulk_get: - post: - operationId: bulk-get-agent-policies - parameters: [] - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of agent policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids + - connectors + /api/actions/connector_types: + get: + operationId: getConnectorTypes + parameters: + - description: >- + A filter to limit the retrieved connector types to those that + support a specific feature (such as alerting or cases). + in: query + name: feature_id + schema: + $ref: '#/components/schemas/Connectors_features' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorTypesServerlessResponse: + $ref: >- + #/components/examples/Connectors_get_connector_types_generativeai_response schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get agent policies + description: The properties vary for each connector type. + items: + type: object + properties: + enabled: + description: >- + Indicates whether the connector type is enabled in + Kibana. + example: true + type: boolean + enabled_in_config: + description: >- + Indicates whether the connector type is enabled in the + Kibana configuration file. + example: true + type: boolean + enabled_in_license: + description: >- + Indicates whether the connector is enabled in the + license. + example: true + type: boolean + id: + $ref: '#/components/schemas/Connectors_connector_types' + is_system_action_type: + example: false + type: boolean + minimum_license_required: + description: The license that is required to use the connector type. + example: basic + type: string + name: + description: The name of the connector type. + example: Index + type: string + supported_feature_ids: + description: The features that are supported by the connector type. + example: + - alerting + - cases + - siem + items: + $ref: '#/components/schemas/Connectors_features' + type: array + title: Get connector types response body properties + type: array + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get all connector types tags: - - Elastic Agent policies - '/agent_policies/{agentPolicyId}': + - connectors + '/api/actions/connector/{connectorId}': + delete: + operationId: deleteConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' + responses: + '204': + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' + summary: Delete a connector + tags: + - connectors get: - description: Get one agent policy - operationId: agent-policy-info - parameters: [] + operationId: getConnector + parameters: + - $ref: '#/components/parameters/Connectors_connector_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorResponse: + $ref: '#/components/examples/Connectors_get_connector_response' schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent policy by ID + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' + summary: Get a connector information tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - put: - operationId: update-agent-policy + - connectors + post: + operationId: createConnectorId parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - description: > + A UUID v1 or v4 identifier for the connector. If you omit this + parameter, an identifier is randomly generated. + in: path + name: connectorId + required: true + schema: + example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_index_connector_request schema: - $ref: '#/components/schemas/Fleet_agent_policy_update_request' + $ref: '#/components/schemas/Connectors_create_connector_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_index_connector_response schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent policy by ID + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Create a connector tags: - - Elastic Agent policies - '/agent_policies/{agentPolicyId}/copy': - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - post: - operationId: agent-policy-copy + - connectors + put: + operationId: updateConnector parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_update_index_connector_request schema: - type: object - properties: - description: - type: string - name: - type: string - required: - - name - description: '' + $ref: '#/components/schemas/Connectors_update_connector_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Copy agent policy by ID + $ref: '#/components/responses/Connectors_401' + '401': + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' + summary: Update a connector tags: - - Elastic Agent policies - '/agent_policies/{agentPolicyId}/download': - get: - operationId: agent-policy-download + - connectors + '/api/actions/connector/{connectorId}/_execute': + post: + description: > + You can use this API to test an action that involves interaction with + Kibana services or integrations with third-party systems. You must have + `read` privileges for the **Actions and Connectors** feature in the + **Management** section of the Kibana feature privileges. If you use an + index connector, you must also have `all`, `create`, `index`, or `write` + indices privileges. + operationId: runConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + runCasesWebhookConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_cases_webhook_connector_request + runEmailConnectorRequest: + $ref: '#/components/examples/Connectors_run_email_connector_request' + runIndexConnectorRequest: + $ref: '#/components/examples/Connectors_run_index_connector_request' + runJiraConnectorRequest: + $ref: '#/components/examples/Connectors_run_jira_connector_request' + runPagerDutyConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_pagerduty_connector_request + runServerLogConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_server_log_connector_request + runServiceNowITOMConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_servicenow_itom_connector_request + runSlackConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_slack_api_connector_request + runSwimlaneConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_swimlane_connector_request + schema: + $ref: '#/components/schemas/Connectors_run_connector_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + runCasesWebhookConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_cases_webhook_connector_response + runEmailConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_email_connector_response + runIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_index_connector_response + runJiraConnectorResponse: + $ref: '#/components/examples/Connectors_run_jira_connector_response' + runPagerDutyConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_pagerduty_connector_response + runServerLogConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_server_log_connector_response + runServiceNowITOMConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_servicenow_itom_connector_response + runSlackConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_slack_api_connector_response + runSwimlaneConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_swimlane_connector_response schema: type: object properties: - item: + connector_id: + description: The identifier for the connector. type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Download agent policy by ID + data: + oneOf: + - additionalProperties: true + description: Information returned from the action. + type: object + - description: An array of information returned from the action. + items: + type: object + type: array + status: + description: The status of the action. + enum: + - error + - ok + type: string + required: + - connector_id + - status + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Run a connector tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - '/agent_policies/{agentPolicyId}/full': + - connectors + /api/actions/connectors: get: - operationId: agent-policy-full + operationId: getConnectors responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorsResponse: + $ref: '#/components/examples/Connectors_get_connectors_response' schema: - type: object - properties: - item: - oneOf: - - type: string - - $ref: '#/components/schemas/Fleet_agent_policy_full' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full agent policy by ID + items: + $ref: >- + #/components/schemas/Connectors_connector_response_properties + type: array + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get all connectors tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - /agent_policies/delete: - parameters: [] - post: - operationId: delete-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agentPolicyId: - type: string - force: - description: >- - bypass validation checks that can prevent agent policy - deletion - type: boolean - required: - - agentPolicyId + - connectors + /api/actions/list_action_types: + get: + deprecated: true + description: Deprecated in 7.13.0. Use the get all connector types API instead. + operationId: legacyGetConnectorTypes responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - success: - type: boolean - required: - - id - - success - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent policy by ID + description: The properties vary for each connector type. + items: + type: object + properties: + enabled: + description: >- + Indicates whether the connector type is enabled in + Kibana. + type: boolean + enabledInConfig: + description: >- + Indicates whether the connector type is enabled in the + Kibana `.yml` file. + type: boolean + enabledInLicense: + description: >- + Indicates whether the connector is enabled in the + license. + example: true + type: boolean + id: + description: The unique identifier for the connector type. + type: string + minimumLicenseRequired: + description: The license that is required to use the connector type. + type: string + name: + description: The name of the connector type. + type: string + title: Legacy get connector types response body properties + type: array + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get connector types tags: - - Elastic Agent policies - /agent_status: + - connectors + /api/alerting/_health: get: - operationId: get-agent-status - parameters: - - in: query - name: policyId - required: false - schema: - type: string - - deprecated: true - in: query - name: kuery - required: false - schema: - type: string + description: > + You must have `read` privileges for the **Management > Stack Rules** + feature or for at least one of the **Analytics > Discover**, **Analytics + > Machine Learning**, **Observability**, or **Security** features. + operationId: getAlertingHealth responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getAlertingHealthResponse: + $ref: '#/components/examples/Alerting_get_health_response' schema: type: object properties: - active: - type: integer - all: - type: integer - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - deprecated: true - type: integer - unenrolled: - type: integer - updating: - type: integer - required: - - active - - all - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary - tags: - - Elastic Agent status - /agent_status/data: - get: - operationId: get-agent-data - parameters: - - in: query - name: agentsIds - required: true - schema: - items: - type: string - type: array - responses: - '200': + alerting_framework_health: + description: > + Three substates identify the health of the alerting + framework: `decryption_health`, `execution_health`, and + `read_health`. + type: object + properties: + decryption_health: + description: The timestamp and status of the rule decryption. + type: object + properties: + status: + enum: + - error + - ok + - warn + example: ok + type: string + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time + type: string + execution_health: + description: The timestamp and status of the rule run. + type: object + properties: + status: + enum: + - error + - ok + - warn + example: ok + type: string + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time + type: string + read_health: + description: The timestamp and status of the rule reading events. + type: object + properties: + status: + enum: + - error + - ok + - warn + example: ok + type: string + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time + type: string + has_permanent_encryption_key: + description: >- + If `false`, the encrypted saved object plugin does not + have a permanent encryption key. + example: true + type: boolean + is_sufficiently_secure: + description: 'If `false`, security is enabled but TLS is not.' + example: true + type: boolean + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - additionalProperties: - type: object - properties: - data: - type: boolean - type: object - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get incoming agent data + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Get the alerting framework health tags: - - Elastic Agent status - /agent-status: - get: - deprecated: true - operationId: get-agent-status-deprecated + - alerting + /api/alerting/rule: + post: + description: > + To create a rule, you must have `all` privileges for the appropriate + Kibana features, depending on the `consumer` and `rule_type_id` of the + rule you're creating. For example, you must have privileges for the + **Management > Stack rules** feature, **Analytics > Discover** and + **Machine Learning** features, **Observability** features, or + **Security** features. If the rule has actions, you must also have + `read` privileges for the **Management > Actions and Connectors** + feature. This API supports both key- and token-based authentication. To + use key-based authentication, create an API key in Kibana and use it in + the header of the API call. To use token-based authentication, provide a + username and password; an API key that matches the current privileges of + the user is created automatically. In both cases, the API key is + subsequently used for authorization when the rule runs. + operationId: createRule parameters: - - in: query - name: policyId - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - type: integer - updating: - type: integer - required: - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary - tags: - - Elastic Agent status - /agents: - get: - operationId: get-agents - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_show_inactive' - - $ref: '#/components/parameters/Fleet_show_upgradeable' - - $ref: '#/components/parameters/Fleet_sort_field' - - $ref: '#/components/parameters/Fleet_sort_order' - - $ref: '#/components/parameters/Fleet_with_metrics' - - in: query - name: getStatusSummary - required: false - schema: - type: boolean + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createEsQueryEsqlRuleRequest: + $ref: >- + #/components/examples/Alerting_create_es_query_esql_rule_request + createEsQueryKqlRuleRequest: + $ref: >- + #/components/examples/Alerting_create_es_query_kql_rule_request + createEsQueryRuleRequest: + $ref: '#/components/examples/Alerting_create_es_query_rule_request' + createIndexThresholdRuleRequest: + $ref: >- + #/components/examples/Alerting_create_index_threshold_rule_request + createTrackingContainmentRuleRequest: + $ref: >- + #/components/examples/Alerting_create_tracking_containment_rule_request + schema: + $ref: '#/components/schemas/Alerting_create_rule_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createEsQueryEsqlRuleResponse: + $ref: >- + #/components/examples/Alerting_create_es_query_esql_rule_response + createEsQueryKqlRuleResponse: + $ref: >- + #/components/examples/Alerting_create_es_query_kql_rule_response + createEsQueryRuleResponse: + $ref: '#/components/examples/Alerting_create_es_query_rule_response' + createIndexThresholdRuleResponse: + $ref: >- + #/components/examples/Alerting_create_index_threshold_rule_response + createTrackingContainmentRuleResponse: + $ref: >- + #/components/examples/Alerting_create_tracking_containment_rule_response schema: - $ref: '#/components/schemas/Fleet_get_agents_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents - tags: - - Elastic Agents - post: - operationId: get-agents-by-actions - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionIds: - items: - type: string - type: array - required: - - policy_id - required: true - responses: - '200': + $ref: '#/components/schemas/Alerting_rule_response_properties' + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_agent_get_by_actions' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents by action ids - tags: - - Elastic Agents - '/agents/{agentId}': - delete: - operationId: delete-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent by ID + $ref: '#/components/schemas/Alerting_404_response' + description: Object is not found. + summary: Create a rule with a random identifier tags: - - Elastic Agents + - alerting + /api/alerting/rule_types: get: - operationId: get-agent - parameters: - - $ref: '#/components/parameters/Fleet_with_metrics' + description: > + If you have `read` privileges for one or more Kibana features, the API + response contains information about the appropriate rule types. For + example, there are rule types associated with the **Management > Stack + Rules** feature, **Analytics > Discover** and **Machine Learning** + features, **Observability** features, and **Security** features. To get + rule types associated with the **Stack Monitoring** feature, use the + `monitoring_user` built-in role. + operationId: getRuleTypes responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getRuleTypesResponse: + $ref: '#/components/examples/Alerting_get_rule_types_response' schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent by ID - tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - put: - operationId: update-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - tags: - items: - type: string - type: array - user_provided_metadata: + items: type: object - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent by ID - tags: - - Elastic Agents - '/agents/{agentId}/actions': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: new-agent-action - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - $ref: '#/components/schemas/Fleet_agent_action' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - items: - type: number - type: array - headers: - type: string - statusCode: - type: number - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent action - tags: - - Elastic Agent actions - '/agents/{agentId}/actions/{actionId}/cancel': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - - in: path - name: actionId - required: true - schema: - type: string - post: - operationId: agent-action-cancel - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_action' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Cancel agent action - tags: - - Elastic Agent actions - '/agents/{agentId}/reassign': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: reassign-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - policy_id: - type: string - required: - - policy_id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent - tags: - - Elastic Agents - put: - deprecated: true - operationId: reassign-agent-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - policy_id: - type: string - required: - - policy_id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent - tags: - - Elastic Agents - '/agents/{agentId}/request_diagnostics': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: request-diagnostics-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Request agent diagnostics - tags: - - Elastic Agents - '/agents/{agentId}/unenroll': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: unenroll-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - revoke: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: OK - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: number - description: BAD REQUEST - summary: Unenroll agent - tags: - - Elastic Agents - '/agents/{agentId}/upgrade': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: upgrade-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade agent - tags: - - Elastic Agents - '/agents/{agentId}/uploads': - get: - operationId: list-agent-uploads - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: object - properties: - item: - items: - $ref: '#/components/schemas/Fleet_agent_diagnostics' - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent uploads - tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - /agents/action_status: - get: - operationId: agents-action-status - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - in: query - name: errorSize - schema: - default: 5 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: + properties: + action_groups: + description: > + An explicit list of groups for which the rule type can + schedule actions, each with the action group's unique ID + and human readable name. Rule actions validation uses + this configuration to ensure that groups are valid. + items: + type: object + properties: + id: + type: string + name: + type: string + type: array + action_variables: + description: > + A list of action variables that the rule type makes + available via context and state in action parameter + templates, and a short human readable description. When + you create a rule in Kibana, it uses this information to + prompt you for these variables in action parameter + editors. type: object properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - latestErrors: - description: >- - latest errors that happened when the agents executed - the action + context: items: type: object properties: - agentId: + description: type: string - error: + name: type: string - timestamp: + useWithTripleBracesInTemplates: + type: boolean + type: array + params: + items: + type: object + properties: + description: + type: string + name: type: string type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: string - startTime: - description: start time of action (scheduled actions) - type: string - status: + state: + items: + type: object + properties: + description: + type: string + name: + type: string + type: array + alerts: + description: > + Details for writing alerts as data documents for this + rule type. + type: object + properties: + context: + description: | + The namespace for this rule type. enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED + - ml.anomaly-detection + - observability.apm + - observability.logs + - observability.metrics + - observability.slo + - observability.threshold + - observability.uptime + - security + - stack type: string - type: + dynamic: + description: Indicates whether new fields are added dynamically. enum: - - POLICY_REASSIGN - - UPGRADE - - UNENROLL - - FORCE_UNENROLL - - UPDATE_TAGS - - CANCEL - - REQUEST_DIAGNOSTICS - - SETTINGS - - POLICY_CHANGE - - INPUT_ACTION + - 'false' + - runtime + - strict + - 'true' type: string - version: - description: agent version number (UPGRADE action) + isSpaceAware: + description: > + Indicates whether the alerts are space-aware. If + true, space-specific alert indices are used. + type: boolean + mappings: + type: object + properties: + fieldMap: + additionalProperties: + $ref: >- + #/components/schemas/Alerting_fieldmap_properties + description: > + Mapping information for each field supported in + alerts as data documents for this rule type. For + more information about mapping parameters, refer + to the Elasticsearch documentation. + type: object + secondaryAlias: + description: > + A secondary alias. It is typically used to support + the signals alias for detection rules. type: string - required: - - actionId - - complete - - nbAgentsActioned - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - status - - creationTime - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent action status + shouldWrite: + description: > + Indicates whether the rule should write out alerts + as data. + type: boolean + useEcs: + description: > + Indicates whether to include the ECS component + template for the alerts. + type: boolean + useLegacyAlerts: + default: false + description: > + Indicates whether to include the legacy component + template for the alerts. + type: boolean + authorized_consumers: + description: >- + The list of the plugins IDs that have access to the rule + type. + type: object + properties: + alerts: + type: object + properties: + all: + type: boolean + read: + type: boolean + apm: + type: object + properties: + all: + type: boolean + read: + type: boolean + discover: + type: object + properties: + all: + type: boolean + read: + type: boolean + infrastructure: + type: object + properties: + all: + type: boolean + read: + type: boolean + logs: + type: object + properties: + all: + type: boolean + read: + type: boolean + ml: + type: object + properties: + all: + type: boolean + read: + type: boolean + monitoring: + type: object + properties: + all: + type: boolean + read: + type: boolean + siem: + type: object + properties: + all: + type: boolean + read: + type: boolean + slo: + type: object + properties: + all: + type: boolean + read: + type: boolean + stackAlerts: + type: object + properties: + all: + type: boolean + read: + type: boolean + uptime: + type: object + properties: + all: + type: boolean + read: + type: boolean + category: + description: >- + The rule category, which is used by features such as + category-specific maintenance windows. + enum: + - management + - observability + - securitySolution + type: string + default_action_group_id: + description: The default identifier for the rule type group. + type: string + does_set_recovery_context: + description: >- + Indicates whether the rule passes context variables to + its recovery action. + type: boolean + enabled_in_license: + description: >- + Indicates whether the rule type is enabled or disabled + based on the subscription. + type: boolean + has_alerts_mappings: + description: >- + Indicates whether the rule type has custom mappings for + the alert data. + type: boolean + has_fields_for_a_a_d: + type: boolean + id: + description: The unique identifier for the rule type. + type: string + is_exportable: + description: >- + Indicates whether the rule type is exportable in **Stack + Management > Saved Objects**. + type: boolean + minimum_license_required: + description: The subscriptions required to use the rule type. + example: basic + type: string + name: + description: The descriptive name of the rule type. + type: string + producer: + description: >- + An identifier for the application that produces this + rule type. + example: stackAlerts + type: string + recovery_action_group: + description: >- + An action group to use when an alert goes from an active + state to an inactive one. + type: object + properties: + id: + type: string + name: + type: string + rule_task_timeout: + example: 5m + type: string + type: array + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Get the rule types + tags: + - alerting + '/api/alerting/rule/{ruleId}': + delete: + description: > + To delete a rule, you must have `all` privileges for the appropriate + Kibana features, depending on the `consumer` and `rule_type_id` of the + rule you're deleting. For example, the **Management** > **Stack Rules** + feature, **Analytics** > **Discover** or **Machine Learning** features, + **Observability**, or **Security** features. WARNING: After you delete a + rule, you cannot recover it. If the API key that is used by the rule was + created automatically, it is deleted. + operationId: deleteRule + parameters: + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_rule_id' + responses: + '204': + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_404_response' + description: Object is not found. + summary: Delete a rule tags: - - Elastic Agent actions - /agents/bulk_reassign: - post: - operationId: bulk-reassign-agents + - alerting + get: + description: > + You must have `read` privileges for the appropriate Kibana features, + depending on the `consumer` and `rule_type_id` of the rules you're + seeking. For example, the **Management > Stack Rules** feature, + **Analytics > Discover** and **Machine Learning** features, + **Observability** features, or **Security** features. To get rules + associated with the **Stack Monitoring** feature, use the + `monitoring_user` built-in role. + operationId: getRule parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - policy_id: policy_id - schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - policy_id: - description: new agent policy id - type: string - required: - - policy_id - - agents + - $ref: '#/components/parameters/Alerting_rule_id' responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getRuleResponse: + $ref: '#/components/examples/Alerting_get_rule_response' + schema: + $ref: '#/components/schemas/Alerting_rule_response_properties' + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk reassign agents + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_404_response' + description: Object is not found. + summary: Get rule details tags: - - Elastic Agents - /agents/bulk_request_diagnostics: + - alerting post: - operationId: bulk-request-diagnostics + description: > + This API creates a rule with a specific rule identifier. If you omit the + identifer, it is automatically generated. To create a rule, you must + have `all` privileges for the appropriate Kibana features, depending on + the `consumer` and `rule_type_id` of the rule you're creating. For + example, you must have privileges for the **Management > Stack rules** + feature, **Analytics > Discover** and **Machine Learning** features, + **Observability** features, or **Security** features. If the rule has + actions, you must also have `read` privileges for the **Management > + Actions and Connectors** feature. This API supports both key- and + token-based authentication. To use key-based authentication, create an + API key in Kibana and use it in the header of the API call. To use + token-based authentication, provide a username and password; an API key + that matches the current privileges of the user is created + automatically. In both cases, the API key is subsequently used for + authorization when the rule runs. + operationId: createRuleId parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: > + An UUID v1 or v4 identifier for the rule. If you omit this + parameter, an identifier is randomly generated. + in: path + name: ruleId + required: true + schema: + example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + examples: + createEsQueryEsqlRuleIdRequest: + $ref: >- + #/components/examples/Alerting_create_es_query_esql_rule_request + createEsQueryKqlRuleIdRequest: + $ref: >- + #/components/examples/Alerting_create_es_query_kql_rule_request + createEsQueryRuleIdRequest: + $ref: '#/components/examples/Alerting_create_es_query_rule_request' + createIndexThreholdRuleIdRequest: + $ref: >- + #/components/examples/Alerting_create_index_threshold_rule_request schema: - type: object - properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - required: - - agents + $ref: '#/components/schemas/Alerting_create_rule_request' + required: true responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createEsQueryEsqlRuleIdResponse: + $ref: >- + #/components/examples/Alerting_create_es_query_esql_rule_response + createEsQueryKqlRuleIdResponse: + $ref: >- + #/components/examples/Alerting_create_es_query_kql_rule_response + createEsQueryRuleIdResponse: + $ref: '#/components/examples/Alerting_create_es_query_rule_response' + createIndexThresholdRuleIdResponse: + $ref: >- + #/components/examples/Alerting_create_index_threshold_rule_response + schema: + $ref: '#/components/schemas/Alerting_rule_response_properties' + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk request diagnostics from agents + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_404_response' + description: Object is not found. + summary: Create a rule tags: - - Elastic Agents - /agents/bulk_unenroll: - post: - operationId: bulk-unenroll-agents + - alerting + put: + description: > + To update a rule, you must have `all` privileges for the appropriate + Kibana features, depending on the `consumer` and `rule_type_id` of the + rule you're updating. For example, you must have privileges for the + **Management > Stack rules** feature, **Analytics > Discover** and + **Machine Learning** features, **Observability** features, or + **Security** features. If the rule has actions, you must also have + `read` privileges for the **Management > Actions and Connectors** + feature. This API supports both key- and token-based authentication. To + use key-based authentication, create an API key in Kibana and use it in + the header of the API call. To use token-based authentication, provide a + username and password; an API key that matches the current privileges of + the user is created automatically. In both cases, the API key is + subsequently used for authorization when the rule runs. NOTE: If the API + key has different privileges than the key that created or most recently + updated the rule, the rule behavior might change. Though some properties + are optional, when you update the rule the existing property values are + overwritten with default values. Therefore, it is recommended to + explicitly set all property values. + operationId: updateRule parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_rule_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - force: false - revoke: true + examples: + updateRuleRequest: + $ref: '#/components/examples/Alerting_update_rule_request' schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents + $ref: '#/components/schemas/Alerting_update_rule_request' + required: true responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuleResponse: + $ref: '#/components/examples/Alerting_update_rule_response' + schema: + $ref: '#/components/schemas/Alerting_rule_response_properties' + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk unenroll agents + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_404_response' + description: Object is not found. + summary: Update a rule tags: - - Elastic Agents - /agents/bulk_update_agent_tags: + - alerting + '/api/alerting/rule/{ruleId}/_disable': post: - operationId: bulk-update-agent-tags + description: > + You must have `all` privileges for the appropriate Kibana features, + depending on the `consumer` and `rule_type_id` of the rule. For example, + the **Management > Stack Rules** feature, **Analytics > Discover** and + **Machine Learning** features, **Observability**, and **Security** + features. + operationId: disableRule parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - tagsToAdd: - - newTag - tagsToRemove: - - existingTag - schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: - type: string - type: array - required: - - agents + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_rule_id' responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk update agent tags + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_404_response' + description: Object is not found. + summary: Disable a rule tags: - - Elastic Agents - /agents/bulk_upgrade: + - alerting + '/api/alerting/rule/{ruleId}/_enable': post: - operationId: bulk-upgrade-agents + description: > + To enable a rule, you must have `all` privileges for the appropriate + Kibana features, depending on the `consumer` and `rule_type_id` of the + rule. For example, the **Management > Stack Rules** feature, **Analytics + > Discover** and **Machine Learning** features, **Observability**, and + **Security** features. This API supports both key- and token-based + authentication. To use key-based authentication, create an API key in + Kibana and use it in the header of the API call. To use token-based + authentication, provide a username and password; an API key that matches + the current privileges of the user is created automatically. In both + cases, the API key is subsequently used for authorization when the rule + runs. + operationId: enableRule parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - rollout_duration_seconds: 3600 - source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' - start_time: '2022-08-03T14:00:00.000Z' - version: 8.4.0 - schema: - $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' - required: true + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_rule_id' responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk upgrade agents + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Object is not found. + summary: Enable a rule tags: - - Elastic Agents - '/agents/files/{fileId}': - delete: - operationId: delete-agent-upload-file + - alerting + '/api/alerting/rule/{ruleId}/_mute_all': + post: + description: > + This API snoozes the notifications for the rule indefinitely. The rule + checks continue to occur but alerts will not trigger any actions. You + must have `all` privileges for the appropriate Kibana features, + depending on the `consumer` and `rule_type_id` of the rule. For example, + the **Management > Stack Rules** feature, **Analytics > Discover** and + **Machine Learning** features, **Observability**, and **Security** + features. If the rule has actions, you must also have `read` privileges + for the **Management > Actions and Connectors** feature. + operationId: muteAllAlerts + parameters: + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_rule_id' responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - deleted: - type: boolean - id: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete file uploaded by agent + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Mute all alerts tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - '/agents/files/{fileId}/{fileName}': - get: - operationId: get-agent-upload-file + - alerting + '/api/alerting/rule/{ruleId}/_unmute_all': + post: + description: > + If the rule has its notifications snoozed indefinitely, this API cancels + the snooze. You must have `all` privileges for the appropriate Kibana + features, depending on the `consumer` and `rule_type_id` of the rule. + For example, the **Management > Stack Rules** feature, **Analytics > + Discover** and **Machine Learning** features, **Observability**, and + **Security** features. If the rule has actions, you must also have + `read` privileges for the **Management > Actions and Connectors** + feature. + operationId: unmuteAllAlerts + parameters: + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_rule_id' responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - items: - type: object - properties: - body: {} - headers: {} - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get file uploaded by agent + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Unmute all alerts tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string - /agents/setup: - get: - operationId: get-agents-setup-status + - alerting + '/api/alerting/rule/{ruleId}/_update_api_key': + post: + description: >- + The new API key has the credentials of the user that submits the + request. + operationId: updateRuleAPIKey + parameters: + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_rule_id' responses: '200': + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_status_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent setup info + $ref: '#/components/schemas/Alerting_400_response' + description: Bad request + summary: Update the API key for a rule tags: - - Elastic Agents + - alerting + '/api/alerting/rule/{ruleId}/alert/{alertId}/_mute': post: - operationId: setup-agents + description: > + You must have `all` privileges for the appropriate Kibana features, + depending on the `consumer` and `rule_type_id` of the rule. For example, + the **Management > Stack Rules** feature, **Analytics > Discover** and + **Machine Learning** features, **Observability**, and **Security** + features. If the rule has actions, you must also have `read` privileges + for the **Management > Actions and Connectors** feature. + operationId: muteAlert parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - admin_password: - type: string - admin_username: - type: string - required: - - admin_username - - admin_password + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_alert_id' + - $ref: '#/components/parameters/Alerting_rule_id' responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Initiate agent setup + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Mute an alert tags: - - Elastic Agents - /agents/tags: - get: - operationId: get-agent-tags + - alerting + '/api/alerting/rule/{ruleId}/alert/{alertId}/_unmute': + post: + description: > + You must have `all` privileges for the appropriate Kibana features, + depending on the `consumer` and `rule_type_id` of the rule. For example, + the **Management > Stack Rules** feature, **Analytics > Discover** and + **Machine Learning** features, **Observability**, and **Security** + features. If the rule has actions, you must also have `read` privileges + for the **Management > Actions and Connectors** feature. + operationId: unmuteAlert + parameters: + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_alert_id' + - $ref: '#/components/parameters/Alerting_rule_id' responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_agent_tags_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent tags + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Unmute an alert tags: - - Elastic Agents - /api/actions: + - alerting + /api/alerting/rules/_find: get: - deprecated: true - description: Deprecated in 7.13.0. Use the get all connectors API instead. - operationId: legacyGetConnectors + description: > + You must have `read` privileges for the appropriate Kibana features, + depending on the `consumer` and `rule_type_id` of the rules you're + seeking. For example, you must have privileges for the **Management > + Stack rules** feature, **Analytics > Discover** and **Machine Learning** + features, **Observability** features, or **Security** features. To find + rules associated with the **Stack Monitoring** feature, use the + `monitoring_user` built-in role. + operationId: findRules + parameters: + - description: The default operator to use for the simple_query_string. + example: OR + in: query + name: default_search_operator + schema: + default: OR + type: string + - description: The fields to return in the `attributes` key of the response. + in: query + name: fields + schema: + items: + type: string + type: array + - description: > + A KQL string that you filter with an attribute from your saved + object. It should look like `savedObjectType.attributes.title: + "myTitle"`. However, if you used a direct attribute of a saved + object, such as `updatedAt`, you must define your filter, for + example, `savedObjectType.updatedAt > 2018-12-22`. + in: query + name: filter + schema: + type: string + - description: >- + Filters the rules that have a relation with the reference objects + with a specific type and identifier. + in: query + name: has_reference + schema: + type: object + properties: + id: + type: string + type: + type: string + - description: The page number to return. + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: The number of rules to return per page. + example: 20 + in: query + name: per_page + schema: + default: 20 + type: integer + - description: >- + An Elasticsearch simple_query_string query that filters the objects + in the response. + in: query + name: search + schema: + example: threshold +-test* + type: string + - description: The fields to perform the simple_query_string parsed query against. + in: query + name: search_fields + schema: + oneOf: + - example: name + type: string + - items: + type: string + type: array + - description: > + Determines which field is used to sort the results. The field must + exist in the `attributes` key of the response. + in: query + name: sort_field + schema: + type: string + - description: Determines the sort order. + example: asc + in: query + name: sort_order + schema: + default: desc + enum: + - asc + - desc + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + findConditionalActionRulesResponse: + $ref: >- + #/components/examples/Alerting_find_rules_response_conditional_action + findRulesResponse: + $ref: '#/components/examples/Alerting_find_rules_response' schema: - items: - $ref: '#/components/schemas/Connectors_action_response_properties' - type: array + type: object + properties: + data: + items: + $ref: '#/components/schemas/Alerting_rule_response_properties' + type: array + page: + type: integer + per_page: + type: integer + total: + type: integer description: Indicates a successful call. '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connectors - tags: - - connectors - post: - deprecated: true - description: Deprecated in 7.13.0. Use the create connector API instead. - operationId: legacyCreateConnector - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - title: Legacy create connector request properties - type: object - properties: - actionTypeId: - description: The connector type identifier. - type: string - config: - description: >- - The configuration for the connector. Configuration - properties vary depending on the connector type. - type: object - name: - description: The display name for the connector. - type: string - secrets: - description: > - The secrets configuration for the connector. Secrets - configuration properties vary depending on the connector - type. NOTE: Remember these values. You must provide them - each time you update the connector. - type: object - required: true - responses: - '200': - $ref: '#/components/responses/Connectors_200_actions' - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector - tags: - - connectors - '/api/actions/action/{actionId}': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Find rule information + tags: + - alerting + '/api/alerts/alert/{alertId}': delete: deprecated: true description: > - Deprecated in 7.13.0. Use the delete connector API instead. WARNING: - When you delete a connector, it cannot be recovered. - operationId: legacyDeleteConnector + Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After + you delete an alert, you cannot recover it. + operationId: legaryDeleteAlert parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: '204': description: Indicates a successful call. '401': - $ref: '#/components/responses/Connectors_401' - summary: Delete a connector + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Delete an alert tags: - - connectors + - alerting get: deprecated: true - description: Deprecated in 7.13.0. Use the get connector API instead. - operationId: legacyGetConnector + description: Deprecated in 7.13.0. Use the get rule API instead. + operationId: legacyGetAlert parameters: - - $ref: '#/components/parameters/Connectors_action_id' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: '200': - $ref: '#/components/responses/Connectors_200_actions' + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_alert_response_properties' + description: Indicates a successful call. '401': - $ref: '#/components/responses/Connectors_401' - summary: Get connector information + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Get an alert by identifier tags: - - connectors - put: + - alerting + post: deprecated: true - description: Deprecated in 7.13.0. Use the update connector API instead. - operationId: legacyUpdateConnector + description: Deprecated in 7.13.0. Use the create rule API instead. + operationId: legacyCreateAlert parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: >- + An UUID v1 or v4 identifier for the alert. If this parameter is + omitted, the identifier is randomly generated. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: The properties vary depending on the connector type. + title: Legacy create alert request properties + type: object properties: - config: + actions: + items: + type: object + properties: + actionTypeId: + description: The identifier for the action type. + type: string + group: + description: > + Grouping actions is recommended for escalations for + different types of alert instances. If you don't need + this functionality, set it to `default`. + type: string + id: + description: The ID of the action saved object. + type: string + params: + description: > + The map to the `params` that the action type will + receive. `params` are handled as Mustache templates + and passed a default set of context. + type: object + required: + - actionTypeId + - group + - id + - params + type: array + alertTypeId: description: >- - The new connector configuration. Configuration properties - vary depending on the connector type. - type: object + The ID of the alert type that you want to call when the + alert is scheduled to run. + type: string + consumer: + description: >- + The name of the application that owns the alert. This name + has to match the Kibana feature name, as that dictates the + required role-based access control privileges. + type: string + enabled: + description: >- + Indicates if you want to run the alert on an interval basis + after it is created. + type: boolean name: - description: The new name for the connector. + description: A name to reference and search. type: string - secrets: + notifyWhen: + description: The condition for throttling the notification. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + params: description: >- - The updated secrets configuration for the connector. Secrets - properties vary depending on the connector type. + The parameters to pass to the alert type executor `params` + value. This will also validate against the alert type params + validator, if defined. type: object - title: Legacy update connector request body properties - type: object + schedule: + description: > + The schedule specifying when this alert should be run. A + schedule is structured such that the key specifies the + format you wish to use and its value specifies the schedule. + type: object + properties: + interval: + description: >- + The interval format specifies the interval in seconds, + minutes, hours or days at which the alert should run. + example: 10s + type: string + tags: + description: A list of keywords to reference and search. + items: + type: string + type: array + throttle: + description: > + How often this alert should fire the same actions. This will + prevent the alert from sending out the same notification + over and over. For example, if an alert with a schedule of 1 + minute stays in a triggered state for 90 minutes, setting a + throttle of `10m` or `1h` will prevent it from sending 90 + notifications during this period. + type: string + required: + - alertTypeId + - consumer + - name + - notifyWhen + - params + - schedule required: true responses: '200': - $ref: '#/components/responses/Connectors_200_actions' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Update a connector + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_alert_response_properties' + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Create an alert tags: - - connectors - '/api/actions/action/{actionId}/_execute': - post: + - alerting + put: deprecated: true - description: Deprecated in 7.13.0. Use the run connector API instead. - operationId: legacyRunConnector + description: Deprecated in 7.13.0. Use the update rule API instead. + operationId: legacyUpdateAlert parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: The properties vary depending on the connector type. + title: Legacy update alert request properties + type: object properties: + actions: + items: + type: object + properties: + actionTypeId: + description: The identifier for the action type. + type: string + group: + description: > + Grouping actions is recommended for escalations for + different types of alert instances. If you don't need + this functionality, set it to `default`. + type: string + id: + description: The ID of the action saved object. + type: string + params: + description: > + The map to the `params` that the action type will + receive. `params` are handled as Mustache templates + and passed a default set of context. + type: object + required: + - actionTypeId + - group + - id + - params + type: array + name: + description: A name to reference and search. + type: string + notifyWhen: + description: The condition for throttling the notification. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string params: - description: >- - The parameters of the connector. Parameter properties vary - depending on the connector type. + description: >- + The parameters to pass to the alert type executor `params` + value. This will also validate against the alert type params + validator, if defined. + type: object + schedule: + description: > + The schedule specifying when this alert should be run. A + schedule is structured such that the key specifies the + format you wish to use and its value specifies the schedule. type: object + properties: + interval: + description: >- + The interval format specifies the interval in seconds, + minutes, hours or days at which the alert should run. + example: 1d + type: string + tags: + description: A list of keywords to reference and search. + items: + type: string + type: array + throttle: + description: > + How often this alert should fire the same actions. This will + prevent the alert from sending out the same notification + over and over. For example, if an alert with a schedule of 1 + minute stays in a triggered state for 90 minutes, setting a + throttle of `10m` or `1h` will prevent it from sending 90 + notifications during this period. + type: string required: + - name + - notifyWhen - params - title: Legacy run connector request body properties - type: object + - schedule required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - data: - oneOf: - - additionalProperties: true - description: Information returned from the action. - type: object - - description: An array of information returned from the action. - items: - type: object - type: array - status: - description: The status of the action. - type: string + $ref: '#/components/schemas/Alerting_alert_response_properties' description: Indicates a successful call. '401': - $ref: '#/components/responses/Connectors_401' - summary: Run a connector + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Update an alert tags: - - connectors - /api/actions/connector: + - alerting + '/api/alerts/alert/{alertId}/_disable': post: - description: The connector identifier is randomly generated. - operationId: createConnector + deprecated: true + description: Deprecated in 7.13.0. Use the disable rule API instead. + operationId: legacyDisableAlert parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_email_connector_request - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request - createWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_request - createXmattersConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_request - schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_email_connector_response - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response - createWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_response - createXmattersConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_response schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector with a random ID + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Disable an alert tags: - - connectors - /api/actions/connector_types: - get: - operationId: getConnectorTypes + - alerting + '/api/alerts/alert/{alertId}/_enable': + post: + deprecated: true + description: Deprecated in 7.13.0. Use the enable rule API instead. + operationId: legacyEnableAlert parameters: - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true schema: - $ref: '#/components/schemas/Connectors_features' + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorTypesServerlessResponse: - $ref: >- - #/components/examples/Connectors_get_connector_types_generativeai_response schema: - description: The properties vary for each connector type. - items: - type: object - properties: - enabled: - description: >- - Indicates whether the connector type is enabled in - Kibana. - example: true - type: boolean - enabled_in_config: - description: >- - Indicates whether the connector type is enabled in the - Kibana configuration file. - example: true - type: boolean - enabled_in_license: - description: >- - Indicates whether the connector is enabled in the - license. - example: true - type: boolean - id: - $ref: '#/components/schemas/Connectors_connector_types' - is_system_action_type: - example: false - type: boolean - minimum_license_required: - description: The license that is required to use the connector type. - example: basic - type: string - name: - description: The name of the connector type. - example: Index - type: string - supported_feature_ids: - description: The features that are supported by the connector type. - example: - - alerting - - cases - - siem - items: - $ref: '#/components/schemas/Connectors_features' - type: array - title: Get connector types response body properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connector types + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Enable an alert tags: - - connectors - '/api/actions/connector/{connectorId}': - delete: - operationId: deleteConnector + - alerting + '/api/alerts/alert/{alertId}/_mute_all': + post: + deprecated: true + description: Deprecated in 7.13.0. Use the mute all alerts API instead. + operationId: legacyMuteAllAlertInstances parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: '204': description: Indicates a successful call. '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Delete a connector + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Mute all alert instances tags: - - connectors - get: - operationId: getConnector + - alerting + '/api/alerts/alert/{alertId}/_unmute_all': + post: + deprecated: true + description: Deprecated in 7.13.0. Use the unmute all alerts API instead. + operationId: legacyUnmuteAllAlertInstances parameters: - - $ref: '#/components/parameters/Connectors_connector_id' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorResponse: - $ref: '#/components/examples/Connectors_get_connector_response' schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Get a connector information + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Unmute all alert instances tags: - - connectors + - alerting + '/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute': post: - operationId: createConnectorId + deprecated: true + description: Deprecated in 7.13.0. Use the mute alert API instead. + operationId: legacyMuteAlertInstance parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - description: > - A UUID v1 or v4 identifier for the connector. If you omit this - parameter, an identifier is randomly generated. + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: An identifier for the alert. in: path - name: connectorId + name: alertId required: true schema: - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string + - description: An identifier for the alert instance. + in: path + name: alertInstanceId + required: true + schema: + example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request - schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Mute an alert instance tags: - - connectors - put: - operationId: updateConnector + - alerting + '/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute': + post: + deprecated: true + description: Deprecated in 7.13.0. Use the unmute alert API instead. + operationId: legacyUnmuteAlertInstance parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_update_index_connector_request - schema: - $ref: '#/components/schemas/Connectors_update_connector_request' - required: true + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: An identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string + - description: An identifier for the alert instance. + in: path + name: alertInstanceId + required: true + schema: + example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 + type: string responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '400': - $ref: '#/components/responses/Connectors_401' - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Update a connector + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Unmute an alert instance tags: - - connectors - '/api/actions/connector/{connectorId}/_execute': - post: + - alerting + /api/alerts/alerts/_find: + get: + deprecated: true description: > - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. You must have - `read` privileges for the **Actions and Connectors** feature in the - **Management** section of the Kibana feature privileges. If you use an - index connector, you must also have `all`, `create`, `index`, or `write` - indices privileges. - operationId: runConnector + Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert + `params` are stored as a flattened field type and analyzed as keywords. + As alerts change in Kibana, the results on each page of the response + also change. Use the find API for traditional paginated results, but + avoid using it to export large amounts of data. + operationId: legacyFindAlerts parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - runCasesWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_cases_webhook_connector_request - runEmailConnectorRequest: - $ref: '#/components/examples/Connectors_run_email_connector_request' - runIndexConnectorRequest: - $ref: '#/components/examples/Connectors_run_index_connector_request' - runJiraConnectorRequest: - $ref: '#/components/examples/Connectors_run_jira_connector_request' - runPagerDutyConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_pagerduty_connector_request - runServerLogConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_server_log_connector_request - runServiceNowITOMConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_servicenow_itom_connector_request - runSlackConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_slack_api_connector_request - runSwimlaneConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_swimlane_connector_request - schema: - $ref: '#/components/schemas/Connectors_run_connector_request' - required: true + - description: The default operator to use for the `simple_query_string`. + example: OR + in: query + name: default_search_operator + schema: + default: OR + type: string + - description: The fields to return in the `attributes` key of the response. + in: query + name: fields + schema: + items: + type: string + type: array + - description: > + A KQL string that you filter with an attribute from your saved + object. It should look like `savedObjectType.attributes.title: + "myTitle"`. However, if you used a direct attribute of a saved + object, such as `updatedAt`, you must define your filter, for + example, `savedObjectType.updatedAt > 2018-12-22`. + in: query + name: filter + schema: + type: string + - description: >- + Filters the rules that have a relation with the reference objects + with a specific type and identifier. + in: query + name: has_reference + schema: + type: object + properties: + id: + type: string + type: + type: string + - description: The page number to return. + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: The number of alerts to return per page. + example: 20 + in: query + name: per_page + schema: + default: 20 + type: integer + - description: >- + An Elasticsearch `simple_query_string` query that filters the alerts + in the response. + in: query + name: search + schema: + type: string + - description: >- + The fields to perform the `simple_query_string` parsed query + against. + in: query + name: search_fields + schema: + oneOf: + - type: string + - items: + type: string + type: array + - description: > + Determines which field is used to sort the results. The field must + exist in the `attributes` key of the response. + in: query + name: sort_field + schema: + type: string + - description: Determines the sort order. + example: asc + in: query + name: sort_order + schema: + default: desc + enum: + - asc + - desc + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - runCasesWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_cases_webhook_connector_response - runEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_email_connector_response - runIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_index_connector_response - runJiraConnectorResponse: - $ref: '#/components/examples/Connectors_run_jira_connector_response' - runPagerDutyConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_pagerduty_connector_response - runServerLogConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_server_log_connector_response - runServiceNowITOMConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_servicenow_itom_connector_response - runSlackConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_slack_api_connector_response - runSwimlaneConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_swimlane_connector_response schema: type: object properties: - connector_id: - description: The identifier for the connector. - type: string data: - oneOf: - - additionalProperties: true - description: Information returned from the action. - type: object - - description: An array of information returned from the action. - items: - type: object - type: array - status: - description: The status of the action. - enum: - - error - - ok - type: string - required: - - connector_id - - status + items: + $ref: '#/components/schemas/Alerting_alert_response_properties' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer description: Indicates a successful call. '401': - $ref: '#/components/responses/Connectors_401' - summary: Run a connector - tags: - - connectors - /api/actions/connectors: - get: - operationId: getConnectors - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorsResponse: - $ref: '#/components/examples/Connectors_get_connectors_response' schema: - items: - $ref: >- - #/components/schemas/Connectors_connector_response_properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connectors + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Get a paginated set of alerts tags: - - connectors - /api/actions/list_action_types: + - alerting + /api/alerts/alerts/_health: get: deprecated: true - description: Deprecated in 7.13.0. Use the get all connector types API instead. - operationId: legacyGetConnectorTypes - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - description: The properties vary for each connector type. - items: - type: object - properties: - enabled: - description: >- - Indicates whether the connector type is enabled in - Kibana. - type: boolean - enabledInConfig: - description: >- - Indicates whether the connector type is enabled in the - Kibana `.yml` file. - type: boolean - enabledInLicense: - description: >- - Indicates whether the connector is enabled in the - license. - example: true - type: boolean - id: - description: The unique identifier for the connector type. - type: string - minimumLicenseRequired: - description: The license that is required to use the connector type. - type: string - name: - description: The name of the connector type. - type: string - title: Legacy get connector types response body properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get connector types - tags: - - connectors - /api/alerting/_health: - get: - description: > - You must have `read` privileges for the **Management > Stack Rules** - feature or for at least one of the **Analytics > Discover**, **Analytics - > Machine Learning**, **Observability**, or **Security** features. - operationId: getAlertingHealth + description: Deprecated in 7.13.0. Use the get alerting framework health API instead. + operationId: legacyGetAlertingHealth responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getAlertingHealthResponse: - $ref: '#/components/examples/Alerting_get_health_response' schema: type: object properties: - alerting_framework_health: + alertingFrameworkHealth: description: > Three substates identify the health of the alerting - framework: `decryption_health`, `execution_health`, and - `read_health`. + framework: `decryptionHealth`, `executionHealth`, and + `readHealth`. type: object properties: - decryption_health: - description: The timestamp and status of the rule decryption. + decryptionHealth: + description: The timestamp and status of the alert decryption. type: object properties: status: @@ -2201,8 +2277,8 @@ paths: example: '2023-01-13T01:28:00.280Z' format: date-time type: string - execution_health: - description: The timestamp and status of the rule run. + executionHealth: + description: The timestamp and status of the alert execution. type: object properties: status: @@ -2216,8 +2292,8 @@ paths: example: '2023-01-13T01:28:00.280Z' format: date-time type: string - read_health: - description: The timestamp and status of the rule reading events. + readHealth: + description: The timestamp and status of the alert reading events. type: object properties: status: @@ -2231,13 +2307,13 @@ paths: example: '2023-01-13T01:28:00.280Z' format: date-time type: string - has_permanent_encryption_key: + hasPermanentEncryptionKey: description: >- If `false`, the encrypted saved object plugin does not have a permanent encryption key. example: true type: boolean - is_sufficiently_secure: + isSufficientlySecure: description: 'If `false`, security is enabled but TLS is not.' example: true type: boolean @@ -2251,110 +2327,24 @@ paths: summary: Get the alerting framework health tags: - alerting - /api/alerting/rule: - post: - description: > - To create a rule, you must have `all` privileges for the appropriate - Kibana features, depending on the `consumer` and `rule_type_id` of the - rule you're creating. For example, you must have privileges for the - **Management > Stack rules** feature, **Analytics > Discover** and - **Machine Learning** features, **Observability** features, or - **Security** features. If the rule has actions, you must also have - `read` privileges for the **Management > Actions and Connectors** - feature. This API supports both key- and token-based authentication. To - use key-based authentication, create an API key in Kibana and use it in - the header of the API call. To use token-based authentication, provide a - username and password; an API key that matches the current privileges of - the user is created automatically. In both cases, the API key is - subsequently used for authorization when the rule runs. - operationId: createRule - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createEsQueryEsqlRuleRequest: - $ref: >- - #/components/examples/Alerting_create_es_query_esql_rule_request - createEsQueryKqlRuleRequest: - $ref: >- - #/components/examples/Alerting_create_es_query_kql_rule_request - createEsQueryRuleRequest: - $ref: '#/components/examples/Alerting_create_es_query_rule_request' - createIndexThresholdRuleRequest: - $ref: >- - #/components/examples/Alerting_create_index_threshold_rule_request - createTrackingContainmentRuleRequest: - $ref: >- - #/components/examples/Alerting_create_tracking_containment_rule_request - schema: - $ref: '#/components/schemas/Alerting_create_rule_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createEsQueryEsqlRuleResponse: - $ref: >- - #/components/examples/Alerting_create_es_query_esql_rule_response - createEsQueryKqlRuleResponse: - $ref: >- - #/components/examples/Alerting_create_es_query_kql_rule_response - createEsQueryRuleResponse: - $ref: '#/components/examples/Alerting_create_es_query_rule_response' - createIndexThresholdRuleResponse: - $ref: >- - #/components/examples/Alerting_create_index_threshold_rule_response - createTrackingContainmentRuleResponse: - $ref: >- - #/components/examples/Alerting_create_tracking_containment_rule_response - schema: - $ref: '#/components/schemas/Alerting_rule_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_404_response' - description: Object is not found. - summary: Create a rule with a random identifier - tags: - - alerting - /api/alerting/rule_types: + /api/alerts/alerts/list_alert_types: get: - description: > - If you have `read` privileges for one or more Kibana features, the API - response contains information about the appropriate rule types. For - example, there are rule types associated with the **Management > Stack - Rules** feature, **Analytics > Discover** and **Machine Learning** - features, **Observability** features, and **Security** features. To get - rule types associated with the **Stack Monitoring** feature, use the - `monitoring_user` built-in role. - operationId: getRuleTypes + deprecated: true + description: Deprecated in 7.13.0. Use the get rule types API instead. + operationId: legacyGetAlertTypes responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuleTypesResponse: - $ref: '#/components/examples/Alerting_get_rule_types_response' schema: items: type: object properties: - action_groups: + actionGroups: description: > - An explicit list of groups for which the rule type can + An explicit list of groups for which the alert type can schedule actions, each with the action group's unique ID - and human readable name. Rule actions validation uses + and human readable name. Alert actions validation uses this configuration to ensure that groups are valid. items: type: object @@ -2364,14 +2354,13 @@ paths: name: type: string type: array - action_variables: + actionVariables: description: > - A list of action variables that the rule type makes + A list of action variables that the alert type makes available via context and state in action parameter - templates, and a short human readable description. When - you create a rule in Kibana, it uses this information to - prompt you for these variables in action parameter - editors. + templates, and a short human readable description. The + Alert UI will use this information to prompt users for + these variables in action parameter editors. type: object properties: context: @@ -2382,8 +2371,6 @@ paths: type: string name: type: string - useWithTripleBracesInTemplates: - type: boolean type: array params: items: @@ -2403,219 +2390,49 @@ paths: name: type: string type: array - alerts: - description: > - Details for writing alerts as data documents for this - rule type. - type: object - properties: - context: - description: | - The namespace for this rule type. - enum: - - ml.anomaly-detection - - observability.apm - - observability.logs - - observability.metrics - - observability.slo - - observability.threshold - - observability.uptime - - security - - stack - type: string - dynamic: - description: Indicates whether new fields are added dynamically. - enum: - - 'false' - - runtime - - strict - - 'true' - type: string - isSpaceAware: - description: > - Indicates whether the alerts are space-aware. If - true, space-specific alert indices are used. - type: boolean - mappings: - type: object - properties: - fieldMap: - additionalProperties: - $ref: >- - #/components/schemas/Alerting_fieldmap_properties - description: > - Mapping information for each field supported in - alerts as data documents for this rule type. For - more information about mapping parameters, refer - to the Elasticsearch documentation. - type: object - secondaryAlias: - description: > - A secondary alias. It is typically used to support - the signals alias for detection rules. - type: string - shouldWrite: - description: > - Indicates whether the rule should write out alerts - as data. - type: boolean - useEcs: - description: > - Indicates whether to include the ECS component - template for the alerts. - type: boolean - useLegacyAlerts: - default: false - description: > - Indicates whether to include the legacy component - template for the alerts. - type: boolean - authorized_consumers: + authorizedConsumers: description: >- - The list of the plugins IDs that have access to the rule - type. + The list of the plugins IDs that have access to the + alert type. type: object - properties: - alerts: - type: object - properties: - all: - type: boolean - read: - type: boolean - apm: - type: object - properties: - all: - type: boolean - read: - type: boolean - discover: - type: object - properties: - all: - type: boolean - read: - type: boolean - infrastructure: - type: object - properties: - all: - type: boolean - read: - type: boolean - logs: - type: object - properties: - all: - type: boolean - read: - type: boolean - ml: - type: object - properties: - all: - type: boolean - read: - type: boolean - monitoring: - type: object - properties: - all: - type: boolean - read: - type: boolean - siem: - type: object - properties: - all: - type: boolean - read: - type: boolean - slo: - type: object - properties: - all: - type: boolean - read: - type: boolean - stackAlerts: - type: object - properties: - all: - type: boolean - read: - type: boolean - uptime: - type: object - properties: - all: - type: boolean - read: - type: boolean - category: - description: >- - The rule category, which is used by features such as - category-specific maintenance windows. - enum: - - management - - observability - - securitySolution - type: string - default_action_group_id: - description: The default identifier for the rule type group. + defaultActionGroupId: + description: The default identifier for the alert type group. type: string - does_set_recovery_context: - description: >- - Indicates whether the rule passes context variables to - its recovery action. - type: boolean - enabled_in_license: - description: >- - Indicates whether the rule type is enabled or disabled - based on the subscription. - type: boolean - has_alerts_mappings: + enabledInLicense: description: >- - Indicates whether the rule type has custom mappings for - the alert data. - type: boolean - has_fields_for_a_a_d: + Indicates whether the rule type is enabled based on the + subscription. type: boolean id: - description: The unique identifier for the rule type. + description: The unique identifier for the alert type. type: string - is_exportable: + isExportable: description: >- - Indicates whether the rule type is exportable in **Stack - Management > Saved Objects**. + Indicates whether the alert type is exportable in Saved + Objects Management UI. type: boolean - minimum_license_required: - description: The subscriptions required to use the rule type. - example: basic + minimumLicenseRequired: + description: The subscriptions required to use the alert type. type: string name: - description: The descriptive name of the rule type. + description: The descriptive name of the alert type. type: string producer: description: >- An identifier for the application that produces this - rule type. - example: stackAlerts + alert type. type: string - recovery_action_group: - description: >- - An action group to use when an alert goes from an active - state to an inactive one. + recoveryActionGroup: + description: > + An action group to use when an alert instance goes from + an active state to an inactive one. If it is not + specified, the default recovered action group is used. type: object properties: id: type: string name: type: string - rule_task_timeout: - example: 5m - type: string type: array description: Indicates a successful call. '401': @@ -2624,298 +2441,413 @@ paths: schema: $ref: '#/components/schemas/Alerting_401_response' description: Authorization information is missing or invalid. - summary: Get the rule types - tags: - - alerting - '/api/alerting/rule/{ruleId}': - delete: - description: > - To delete a rule, you must have `all` privileges for the appropriate - Kibana features, depending on the `consumer` and `rule_type_id` of the - rule you're deleting. For example, the **Management** > **Stack Rules** - feature, **Analytics** > **Discover** or **Machine Learning** features, - **Observability**, or **Security** features. WARNING: After you delete a - rule, you cannot recover it. If the API key that is used by the rule was - created automatically, it is deleted. - operationId: deleteRule - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_rule_id' - responses: - '204': - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - '404': + summary: Get the alert types + tags: + - alerting + /api/apm/agent_keys: + post: + description: Create a new agent key for APM. + operationId: createAgentKey + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + privileges: + items: + enum: + - 'event:write' + - 'config_agent:read' + type: string + type: array + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_404_response' - description: Object is not found. - summary: Delete a rule + type: object + properties: + api_key: + type: string + encoded: + type: string + expiration: + format: int64 + type: integer + id: + type: string + name: + type: string + description: Agent key created successfully + summary: Create an APM agent key tags: - - alerting + - APM agent keys + '/api/apm/services/{serviceName}/annotation': + post: + description: Create a new annotation for a specific service. + operationId: createAnnotation + parameters: + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + '@timestamp': + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + version: + type: string + tags: + items: + type: string + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _id: + type: string + _index: + type: string + _source: + type: object + properties: + '@timestamp': + type: string + annotation: + type: string + event: + type: object + properties: + created: + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + name: + type: string + version: + type: string + tags: + items: + type: string + type: array + description: Annotation created successfully + summary: Create a service annotation + tags: + - APM annotations + '/api/apm/services/{serviceName}/annotation/search': get: - description: > - You must have `read` privileges for the appropriate Kibana features, - depending on the `consumer` and `rule_type_id` of the rules you're - seeking. For example, the **Management > Stack Rules** feature, - **Analytics > Discover** and **Machine Learning** features, - **Observability** features, or **Security** features. To get rules - associated with the **Stack Monitoring** feature, use the - `monitoring_user` built-in role. - operationId: getRule + description: Search for annotations related to a specific service. + operationId: getAnnotation parameters: - - $ref: '#/components/parameters/Alerting_rule_id' + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + - description: The environment to filter annotations by + in: query + name: environment + required: false + schema: + type: string + - description: The start date for the search + in: query + name: start + required: false + schema: + type: string + - description: The end date for the search + in: query + name: end + required: false + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuleResponse: - $ref: '#/components/examples/Alerting_get_rule_response' schema: - $ref: '#/components/schemas/Alerting_rule_response_properties' + type: object + properties: + annotations: + items: + type: object + properties: + '@timestamp': + type: number + id: + type: string + text: + type: string + type: + enum: + - version + type: string + type: array + description: Successful response + summary: Search for annotations + tags: + - APM annotations + /api/cases: + delete: + description: > + You must have `read` or `all` privileges and the `delete` sub-feature + privilege for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're deleting. + operationId: deleteCaseDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_ids' + responses: + '204': description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_404_response' - description: Object is not found. - summary: Get rule details + summary: Delete cases tags: - - alerting - post: + - cases + patch: description: > - This API creates a rule with a specific rule identifier. If you omit the - identifer, it is automatically generated. To create a rule, you must - have `all` privileges for the appropriate Kibana features, depending on - the `consumer` and `rule_type_id` of the rule you're creating. For - example, you must have privileges for the **Management > Stack rules** - feature, **Analytics > Discover** and **Machine Learning** features, - **Observability** features, or **Security** features. If the rule has - actions, you must also have `read` privileges for the **Management > - Actions and Connectors** feature. This API supports both key- and - token-based authentication. To use key-based authentication, create an - API key in Kibana and use it in the header of the API call. To use - token-based authentication, provide a username and password; an API key - that matches the current privileges of the user is created - automatically. In both cases, the API key is subsequently used for - authorization when the rule runs. - operationId: createRuleId + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the + Kibana feature privileges, depending on the owner of the case you're + updating. + operationId: updateCaseDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: > - An UUID v1 or v4 identifier for the rule. If you omit this - parameter, an identifier is randomly generated. - in: path - name: ruleId - required: true - schema: - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createEsQueryEsqlRuleIdRequest: - $ref: >- - #/components/examples/Alerting_create_es_query_esql_rule_request - createEsQueryKqlRuleIdRequest: - $ref: >- - #/components/examples/Alerting_create_es_query_kql_rule_request - createEsQueryRuleIdRequest: - $ref: '#/components/examples/Alerting_create_es_query_rule_request' - createIndexThreholdRuleIdRequest: - $ref: >- - #/components/examples/Alerting_create_index_threshold_rule_request + - $ref: '#/components/parameters/Cases_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateCaseRequest: + $ref: '#/components/examples/Cases_update_case_request' schema: - $ref: '#/components/schemas/Alerting_create_rule_request' - required: true + $ref: '#/components/schemas/Cases_update_case_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - createEsQueryEsqlRuleIdResponse: - $ref: >- - #/components/examples/Alerting_create_es_query_esql_rule_response - createEsQueryKqlRuleIdResponse: - $ref: >- - #/components/examples/Alerting_create_es_query_kql_rule_response - createEsQueryRuleIdResponse: - $ref: '#/components/examples/Alerting_create_es_query_rule_response' - createIndexThresholdRuleIdResponse: - $ref: >- - #/components/examples/Alerting_create_index_threshold_rule_response + updateCaseResponse: + $ref: '#/components/examples/Cases_update_case_response' schema: - $ref: '#/components/schemas/Alerting_rule_response_properties' + items: + $ref: '#/components/schemas/Cases_case_response_properties' + type: array description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_404_response' - description: Object is not found. - summary: Create a rule + summary: Update cases tags: - - alerting - put: + - cases + post: description: > - To update a rule, you must have `all` privileges for the appropriate - Kibana features, depending on the `consumer` and `rule_type_id` of the - rule you're updating. For example, you must have privileges for the - **Management > Stack rules** feature, **Analytics > Discover** and - **Machine Learning** features, **Observability** features, or - **Security** features. If the rule has actions, you must also have - `read` privileges for the **Management > Actions and Connectors** - feature. This API supports both key- and token-based authentication. To - use key-based authentication, create an API key in Kibana and use it in - the header of the API call. To use token-based authentication, provide a - username and password; an API key that matches the current privileges of - the user is created automatically. In both cases, the API key is - subsequently used for authorization when the rule runs. NOTE: If the API - key has different privileges than the key that created or most recently - updated the rule, the rule behavior might change. Though some properties - are optional, when you update the rule the existing property values are - overwritten with default values. Therefore, it is recommended to - explicitly set all property values. - operationId: updateRule + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the + Kibana feature privileges, depending on the owner of the case you're + creating. + operationId: createCaseDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_rule_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: examples: - updateRuleRequest: - $ref: '#/components/examples/Alerting_update_rule_request' + createCaseRequest: + $ref: '#/components/examples/Cases_create_case_request' schema: - $ref: '#/components/schemas/Alerting_update_rule_request' + $ref: '#/components/schemas/Cases_create_case_request' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - updateRuleResponse: - $ref: '#/components/examples/Alerting_update_rule_response' + createCaseResponse: + $ref: '#/components/examples/Cases_create_case_response' schema: - $ref: '#/components/schemas/Alerting_rule_response_properties' + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_404_response' - description: Object is not found. - summary: Update a rule + summary: Create a case tags: - - alerting - '/api/alerting/rule/{ruleId}/_disable': - post: + - cases + /api/cases/_find: + get: description: > - You must have `all` privileges for the appropriate Kibana features, - depending on the `consumer` and `rule_type_id` of the rule. For example, - the **Management > Stack Rules** feature, **Analytics > Discover** and - **Machine Learning** features, **Observability**, and **Security** - features. - operationId: disableRule + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + operationId: findCasesDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_rule_id' + - $ref: '#/components/parameters/Cases_assignees' + - $ref: '#/components/parameters/Cases_category' + - $ref: '#/components/parameters/Cases_defaultSearchOperator' + - $ref: '#/components/parameters/Cases_from' + - $ref: '#/components/parameters/Cases_owner' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_reporters' + - $ref: '#/components/parameters/Cases_search' + - $ref: '#/components/parameters/Cases_searchFields' + - $ref: '#/components/parameters/Cases_severity' + - $ref: '#/components/parameters/Cases_sortField' + - $ref: '#/components/parameters/Cases_sort_order' + - $ref: '#/components/parameters/Cases_status' + - $ref: '#/components/parameters/Cases_tags' + - $ref: '#/components/parameters/Cases_to' responses: - '204': - description: Indicates a successful call. - '401': + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + findCaseResponse: + $ref: '#/components/examples/Cases_find_case_response' schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - '404': + type: object + properties: + cases: + items: + $ref: '#/components/schemas/Cases_case_response_properties' + maxItems: 10000 + type: array + count_closed_cases: + type: integer + count_in_progress_cases: + type: integer + count_open_cases: + type: integer + page: + type: integer + per_page: + type: integer + total: + type: integer + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_404_response' - description: Object is not found. - summary: Disable a rule + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Search cases tags: - - alerting - '/api/alerting/rule/{ruleId}/_enable': - post: + - cases + '/api/cases/{caseId}': + get: description: > - To enable a rule, you must have `all` privileges for the appropriate - Kibana features, depending on the `consumer` and `rule_type_id` of the - rule. For example, the **Management > Stack Rules** feature, **Analytics - > Discover** and **Machine Learning** features, **Observability**, and - **Security** features. This API supports both key- and token-based - authentication. To use key-based authentication, create an API key in - Kibana and use it in the header of the API call. To use token-based - authentication, provide a username and password; an API key that matches - the current privileges of the user is created automatically. In both - cases, the API key is subsequently used for authorization when the rule - runs. - operationId: enableRule + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're seeking. + operationId: getCaseDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_rule_id' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_includeComments' responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getDefaultCaseResponse: + $ref: '#/components/examples/Cases_get_case_response' + getDefaultObservabilityCaseReponse: + $ref: '#/components/examples/Cases_get_case_observability_response' + schema: + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - '404': + summary: Get case information + tags: + - cases + '/api/cases/{caseId}/alerts': + get: + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + operationId: getCaseAlertsDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_case_id' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getCaseAlertsResponse: + $ref: '#/components/examples/Cases_get_case_alerts_response' schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Object is not found. - summary: Enable a rule + items: + $ref: '#/components/schemas/Cases_alert_response_properties' + type: array + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get all alerts for a case tags: - - alerting - '/api/alerting/rule/{ruleId}/_mute_all': - post: + - cases + x-technical-preview: true + '/api/cases/{caseId}/comments': + delete: description: > - This API snoozes the notifications for the rule indefinitely. The rule - checks continue to occur but alerts will not trigger any actions. You - must have `all` privileges for the appropriate Kibana features, - depending on the `consumer` and `rule_type_id` of the rule. For example, - the **Management > Stack Rules** feature, **Analytics > Discover** and - **Machine Learning** features, **Observability**, and **Security** - features. If the rule has actions, you must also have `read` privileges - for the **Management > Actions and Connectors** feature. - operationId: muteAllAlerts - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_rule_id' + Deletes all comments and alerts from a case. You must have `all` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're deleting. + operationId: deleteCaseCommentsDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' responses: '204': description: Indicates a successful call. @@ -2923,257 +2855,156 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Mute all alerts + summary: Delete all case comments and alerts tags: - - alerting - '/api/alerting/rule/{ruleId}/_unmute_all': - post: + - cases + get: + deprecated: true description: > - If the rule has its notifications snoozed indefinitely, this API cancels - the snooze. You must have `all` privileges for the appropriate Kibana - features, depending on the `consumer` and `rule_type_id` of the rule. - For example, the **Management > Stack Rules** feature, **Analytics > - Discover** and **Machine Learning** features, **Observability**, and - **Security** features. If the rule has actions, you must also have - `read` privileges for the **Management > Actions and Connectors** - feature. - operationId: unmuteAllAlerts + Deprecated in 8.1.0. This API is deprecated and will be removed in a + future release; instead, use the get case comment API, which requires a + comment identifier in the path. You must have `read` privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases with the comments you're seeking. + operationId: getAllCaseCommentsDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_rule_id' + - $ref: '#/components/parameters/Cases_case_id' responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Unmute all alerts + summary: Get all case comments tags: - - alerting - '/api/alerting/rule/{ruleId}/_update_api_key': - post: - description: >- - The new API key has the credentials of the user that submits the - request. - operationId: updateRuleAPIKey + - cases + patch: + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're updating. + NOTE: You cannot change the comment type or the owner of a comment. + operationId: updateCaseCommentDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_rule_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateCaseCommentRequest: + $ref: '#/components/examples/Cases_update_comment_request' + schema: + $ref: '#/components/schemas/Cases_update_case_comment_request' + required: true responses: '200': - description: Indicates a successful call. - '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateCaseCommentResponse: + $ref: '#/components/examples/Cases_update_comment_response' schema: - $ref: '#/components/schemas/Alerting_400_response' - description: Bad request - summary: Update the API key for a rule - tags: - - alerting - '/api/alerting/rule/{ruleId}/alert/{alertId}/_mute': - post: - description: > - You must have `all` privileges for the appropriate Kibana features, - depending on the `consumer` and `rule_type_id` of the rule. For example, - the **Management > Stack Rules** feature, **Analytics > Discover** and - **Machine Learning** features, **Observability**, and **Security** - features. If the rule has actions, you must also have `read` privileges - for the **Management > Actions and Connectors** feature. - operationId: muteAlert - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_alert_id' - - $ref: '#/components/parameters/Alerting_rule_id' - responses: - '204': + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Mute an alert + summary: Update a case comment or alert tags: - - alerting - '/api/alerting/rule/{ruleId}/alert/{alertId}/_unmute': + - cases post: description: > - You must have `all` privileges for the appropriate Kibana features, - depending on the `consumer` and `rule_type_id` of the rule. For example, - the **Management > Stack Rules** feature, **Analytics > Discover** and - **Machine Learning** features, **Observability**, and **Security** - features. If the rule has actions, you must also have `read` privileges - for the **Management > Actions and Connectors** feature. - operationId: unmuteAlert + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're creating. + NOTE: Each case can have a maximum of 1,000 alerts. + operationId: addCaseCommentDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - $ref: '#/components/parameters/Alerting_alert_id' - - $ref: '#/components/parameters/Alerting_rule_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createCaseCommentRequest: + $ref: '#/components/examples/Cases_add_comment_request' + schema: + $ref: '#/components/schemas/Cases_add_case_comment_request' + required: true responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createCaseCommentResponse: + $ref: '#/components/examples/Cases_add_comment_response' + schema: + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Unmute an alert + summary: Add a case comment or alert tags: - - alerting - /api/alerting/rules/_find: + - cases + '/api/cases/{caseId}/comments/_find': get: description: > - You must have `read` privileges for the appropriate Kibana features, - depending on the `consumer` and `rule_type_id` of the rules you're - seeking. For example, you must have privileges for the **Management > - Stack rules** feature, **Analytics > Discover** and **Machine Learning** - features, **Observability** features, or **Security** features. To find - rules associated with the **Stack Monitoring** feature, use the - `monitoring_user` built-in role. - operationId: findRules + Retrieves a paginated list of comments for a case. You must have `read` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases with the comments you're + seeking. + operationId: findCaseCommentsDefaultSpace parameters: - - description: The default operator to use for the simple_query_string. - example: OR - in: query - name: default_search_operator - schema: - default: OR - type: string - - description: The fields to return in the `attributes` key of the response. - in: query - name: fields - schema: - items: - type: string - type: array - - description: > - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - schema: - type: object - properties: - id: - type: string - type: - type: string - - description: The page number to return. - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: The number of rules to return per page. - example: 20 - in: query - name: per_page - schema: - default: 20 - type: integer - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. - in: query - name: search - schema: - example: threshold +-test* - type: string - - description: The fields to perform the simple_query_string parsed query against. - in: query - name: search_fields - schema: - oneOf: - - example: name - type: string - - items: - type: string - type: array - - description: > - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - schema: - type: string - - description: Determines the sort order. - example: asc - in: query - name: sort_order - schema: - default: desc - enum: - - asc - - desc - type: string + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_sort_order' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - findConditionalActionRulesResponse: - $ref: >- - #/components/examples/Alerting_find_rules_response_conditional_action - findRulesResponse: - $ref: '#/components/examples/Alerting_find_rules_response' schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Alerting_rule_response_properties' - type: array - page: - type: integer - per_page: - type: integer - total: - type: integer + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Find rule information + summary: Find case comments and alerts tags: - - alerting - '/api/alerts/alert/{alertId}': + - cases + '/api/cases/{caseId}/comments/{commentId}': delete: - deprecated: true description: > - Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After - you delete an alert, you cannot recover it. - operationId: legaryDeleteAlert + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're deleting. + operationId: deleteCaseCommentDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_comment_id' responses: '204': description: Indicates a successful call. @@ -3181,551 +3012,897 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Delete an alert + summary: Delete a case comment or alert tags: - - alerting + - cases get: - deprecated: true - description: Deprecated in 7.13.0. Use the get rule API instead. - operationId: legacyGetAlert + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases with the + comments you're seeking. + operationId: getCaseCommentDefaultSpace parameters: - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_comment_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getCaseCommentResponse: + $ref: '#/components/examples/Cases_get_comment_response' schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' + oneOf: + - $ref: >- + #/components/schemas/Cases_alert_comment_response_properties + - $ref: >- + #/components/schemas/Cases_user_comment_response_properties description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Get an alert by identifier + summary: Get a case comment or alert tags: - - alerting + - cases + '/api/cases/{caseId}/connector/{connectorId}/_push': post: - deprecated: true - description: Deprecated in 7.13.0. Use the create rule API instead. - operationId: legacyCreateAlert + description: > + You must have `all` privileges for the **Actions and Connectors** + feature in the **Management** section of the Kibana feature privileges. + You must also have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're pushing. + operationId: pushCaseDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: >- - An UUID v1 or v4 identifier for the alert. If this parameter is - omitted, the identifier is randomly generated. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_connector_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - title: Legacy create alert request properties + nullable: true type: object - properties: - actions: - items: - type: object - properties: - actionTypeId: - description: The identifier for the action type. - type: string - group: - description: > - Grouping actions is recommended for escalations for - different types of alert instances. If you don't need - this functionality, set it to `default`. - type: string - id: - description: The ID of the action saved object. - type: string - params: - description: > - The map to the `params` that the action type will - receive. `params` are handled as Mustache templates - and passed a default set of context. - type: object - required: - - actionTypeId - - group - - id - - params - type: array - alertTypeId: - description: >- - The ID of the alert type that you want to call when the - alert is scheduled to run. - type: string - consumer: - description: >- - The name of the application that owns the alert. This name - has to match the Kibana feature name, as that dictates the - required role-based access control privileges. - type: string - enabled: - description: >- - Indicates if you want to run the alert on an interval basis - after it is created. - type: boolean - name: - description: A name to reference and search. - type: string - notifyWhen: - description: The condition for throttling the notification. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - params: - description: >- - The parameters to pass to the alert type executor `params` - value. This will also validate against the alert type params - validator, if defined. - type: object - schedule: - description: > - The schedule specifying when this alert should be run. A - schedule is structured such that the key specifies the - format you wish to use and its value specifies the schedule. - type: object - properties: - interval: - description: >- - The interval format specifies the interval in seconds, - minutes, hours or days at which the alert should run. - example: 10s - type: string - tags: - description: A list of keywords to reference and search. - items: - type: string - type: array - throttle: - description: > - How often this alert should fire the same actions. This will - prevent the alert from sending out the same notification - over and over. For example, if an alert with a schedule of 1 - minute stays in a triggered state for 90 minutes, setting a - throttle of `10m` or `1h` will prevent it from sending 90 - notifications during this period. - type: string - required: - - alertTypeId - - consumer - - name - - notifyWhen - - params - - schedule - required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + pushCaseResponse: + $ref: '#/components/examples/Cases_push_case_response' + schema: + $ref: '#/components/schemas/Cases_case_response_properties' + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Push a case to an external service + tags: + - cases + '/api/cases/{caseId}/user_actions': + get: + deprecated: true + description: > + Returns all user activity for a case. Deprecated in 8.1.0. This API is + deprecated and will be removed in a future release; use the find user + actions API instead. You must have `read` privileges for the **Cases** + feature in the **Management**, **Observability**, or **Security** + section of the Kibana feature privileges, depending on the owner of the + case you're seeking. + operationId: getCaseActivityDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_case_id' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + $ref: '#/components/schemas/Cases_user_actions_response_properties' + type: array + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case activity + tags: + - cases + '/api/cases/{caseId}/user_actions/_find': + get: + description: > + Retrives a paginated list of user activity for a case. You must have + `read` privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the case you're seeking. + operationId: findCaseActivityDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_sort_order' + - $ref: '#/components/parameters/Cases_user_action_types' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + findCaseActivityResponse: + $ref: '#/components/examples/Cases_find_case_activity_response' schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' + type: object + properties: + page: + type: integer + perPage: + type: integer + total: + type: integer + userActions: + items: + $ref: >- + #/components/schemas/Cases_user_actions_find_response_properties + maxItems: 10000 + type: array description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Create an alert + summary: Find case activity tags: - - alerting - put: - deprecated: true - description: Deprecated in 7.13.0. Use the update rule API instead. - operationId: legacyUpdateAlert + - cases + '/api/cases/alerts/{alertId}': + get: + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + operationId: getCasesByAlertDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - title: Legacy update alert request properties - type: object - properties: - actions: - items: - type: object - properties: - actionTypeId: - description: The identifier for the action type. - type: string - group: - description: > - Grouping actions is recommended for escalations for - different types of alert instances. If you don't need - this functionality, set it to `default`. - type: string - id: - description: The ID of the action saved object. - type: string - params: - description: > - The map to the `params` that the action type will - receive. `params` are handled as Mustache templates - and passed a default set of context. - type: object - required: - - actionTypeId - - group - - id - - params - type: array - name: - description: A name to reference and search. - type: string - notifyWhen: - description: The condition for throttling the notification. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - params: - description: >- - The parameters to pass to the alert type executor `params` - value. This will also validate against the alert type params - validator, if defined. + - $ref: '#/components/parameters/Cases_alert_id' + - $ref: '#/components/parameters/Cases_owner' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + example: + - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 + title: security_case + items: type: object - schedule: - description: > - The schedule specifying when this alert should be run. A - schedule is structured such that the key specifies the - format you wish to use and its value specifies the schedule. + properties: + id: + description: The case identifier. + type: string + title: + description: The case title. + type: string + maxItems: 10000 + type: array + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get cases for an alert + tags: + - cases + x-technical-preview: true + /api/cases/configure: + get: + description: > + Get setting details such as the closure type, custom fields, templatse, + and the default connector for cases. You must have `read` privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where the cases were created. + operationId: getCaseConfigurationDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_owner' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getConfigurationResponse: + $ref: '#/components/examples/Cases_get_case_configuration_response' + schema: + items: type: object properties: - interval: - description: >- - The interval format specifies the interval in seconds, - minutes, hours or days at which the alert should run. - example: 1d + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are + not used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want + a default connector, use `none`. To retrieve + connector IDs, use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + customFields: + description: Custom fields configuration details. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the + `type` is `text`, the default value must be a + string. If the `type` is `toggle`, the default + value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: >- + The custom field label that is displayed in the + case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If + `false`, the custom field can be set to null or + omitted when a case is created or updated. + type: boolean + type: array + error: + example: null + nullable: true type: string - tags: - description: A list of keywords to reference and search. - items: - type: string - type: array - throttle: - description: > - How often this alert should fire the same actions. This will - prevent the alert from sending out the same notification - over and over. For example, if an alert with a schedule of 1 - minute stays in a triggered state for 90 minutes, setting a - throttle of `10m` or `1h` will prevent it from sending 90 - notifications during this period. - type: string - required: - - name - - notifyWhen - - params - - schedule - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: + items: + type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzIwNzMsMV0= + type: string + type: array description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Update an alert + summary: Get case settings tags: - - alerting - '/api/alerts/alert/{alertId}/_disable': + - cases post: - deprecated: true - description: Deprecated in 7.13.0. Use the disable rule API instead. - operationId: legacyDisableAlert + description: > + Case settings include external connection details, custom fields, and + templates. Connectors are used to interface with external systems. You + must create a connector before you can use it in your cases. If you set + a default connector, it is automatically selected when you create cases + in Kibana. If you use the create case API, however, you must still + specify all of the connector details. You must have `all` privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where you are creating cases. + operationId: setCaseConfigurationDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/Cases_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + setCaseConfigRequest: + $ref: '#/components/examples/Cases_set_case_configuration_request' + schema: + $ref: '#/components/schemas/Cases_set_case_configuration_request' responses: - '204': - description: Indicates a successful call. - '401': + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + setCaseConfigResponse: + $ref: '#/components/examples/Cases_set_case_configuration_response' schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Disable an alert - tags: - - alerting - '/api/alerts/alert/{alertId}/_enable': - post: - deprecated: true - description: Deprecated in 7.13.0. Use the enable rule API instead. - operationId: legacyEnableAlert - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '204': + type: object + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector + IDs, use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + customFields: + description: Custom fields configuration details. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` + is `text`, the default value must be a string. If + the `type` is `toggle`, the default value must be + boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: >- + The custom field label that is displayed in the + case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, + the custom field can be set to null or omitted when + a case is created or updated. + type: boolean + type: array + error: + example: null + nullable: true + type: string + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: + items: + type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzIwNzMsMV0= + type: string description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Enable an alert + summary: Add case settings tags: - - alerting - '/api/alerts/alert/{alertId}/_mute_all': - post: - deprecated: true - description: Deprecated in 7.13.0. Use the mute all alerts API instead. - operationId: legacyMuteAllAlertInstances + - cases + '/api/cases/configure/{configurationId}': + patch: + description: > + Updates setting details such as the closure type, custom fields, + templates, and the default connector for cases. Connectors are used to + interface with external systems. You must create a connector before you + can use it in your cases. You must have `all` privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where the case was created. + operationId: updateCaseConfigurationDefaultSpace parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_configuration_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateCaseConfigurationRequest: + $ref: '#/components/examples/Cases_update_case_configuration_request' + schema: + $ref: '#/components/schemas/Cases_update_case_configuration_request' responses: - '204': - description: Indicates a successful call. - '401': + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateCaseConfigurationResponse: + $ref: >- + #/components/examples/Cases_update_case_configuration_response schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Mute all alert instances - tags: - - alerting - '/api/alerts/alert/{alertId}/_unmute_all': - post: - deprecated: true - description: Deprecated in 7.13.0. Use the unmute all alerts API instead. - operationId: legacyUnmuteAllAlertInstances - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '204': + type: object + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector + IDs, use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + customFields: + description: Custom fields configuration details. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` + is `text`, the default value must be a string. If + the `type` is `toggle`, the default value must be + boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: >- + The custom field label that is displayed in the + case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, + the custom field can be set to null or omitted when + a case is created or updated. + type: boolean + type: array + error: + example: null + nullable: true + type: string + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: + items: + type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzIwNzMsMV0= + type: string description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Unmute all alert instances + summary: Update case settings tags: - - alerting - '/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute': - post: - deprecated: true - description: Deprecated in 7.13.0. Use the mute alert API instead. - operationId: legacyMuteAlertInstance - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - - description: An identifier for the alert instance. - in: path - name: alertInstanceId - required: true - schema: - example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 - type: string + - cases + /api/cases/configure/connectors/_find: + get: + description: > + Get information about connectors that are supported for use in cases. + You must have `read` privileges for the **Actions and Connectors** + feature in the **Management** section of the Kibana feature privileges. + operationId: findCaseConnectorsDefaultSpace responses: - '204': - description: Indicates a successful call. - '401': + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + findConnectorResponse: + $ref: '#/components/examples/Cases_find_connector_response' schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Mute an alert instance - tags: - - alerting - '/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute': - post: - deprecated: true - description: Deprecated in 7.13.0. Use the unmute alert API instead. - operationId: legacyUnmuteAlertInstance - parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - - description: An identifier for the alert instance. - in: path - name: alertInstanceId - required: true - schema: - example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 - type: string - responses: - '204': + items: + type: object + properties: + actionTypeId: + $ref: '#/components/schemas/Cases_connector_types' + config: + additionalProperties: true + type: object + properties: + apiUrl: + type: string + projectKey: + type: string + id: + type: string + isDeprecated: + type: boolean + isMissingSecrets: + type: boolean + isPreconfigured: + type: boolean + name: + type: string + referencedByCount: + type: integer + maxItems: 1000 + type: array description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Unmute an alert instance + summary: Get case connectors tags: - - alerting - /api/alerts/alerts/_find: + - cases + /api/cases/reporters: get: - deprecated: true description: > - Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert - `params` are stored as a flattened field type and analyzed as keywords. - As alerts change in Kibana, the results on each page of the response - also change. Use the find API for traditional paginated results, but - avoid using it to export large amounts of data. - operationId: legacyFindAlerts + Returns information about the users who opened cases. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases. The API returns + information about the users as they existed at the time of the case + creation, including their name, full name, and email address. If any of + those details change thereafter or if a user is deleted, the information + returned by this API is unchanged. + operationId: getCaseReportersDefaultSpace parameters: - - description: The default operator to use for the `simple_query_string`. - example: OR - in: query - name: default_search_operator - schema: - default: OR - type: string - - description: The fields to return in the `attributes` key of the response. - in: query - name: fields - schema: - items: - type: string - type: array - - description: > - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - schema: - type: object - properties: - id: - type: string - type: - type: string - - description: The page number to return. - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: The number of alerts to return per page. - example: 20 - in: query - name: per_page - schema: - default: 20 - type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the alerts - in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - items: - type: string - type: array - - description: > - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - schema: - type: string - - description: Determines the sort order. - example: asc - in: query - name: sort_order - schema: - default: desc - enum: - - asc - - desc - type: string + - $ref: '#/components/parameters/Cases_owner' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getReportersResponse: + $ref: '#/components/examples/Cases_get_reporters_response' + schema: + items: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + maxItems: 10000 + type: array + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case creators + tags: + - cases + /api/cases/status: + get: + deprecated: true + description: > + Returns the number of cases that are open, closed, and in progress. + Deprecated in 8.1.0. This API is deprecated and will be removed in a + future release; use the find cases API instead. You must have `read` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + operationId: getCaseStatusDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_owner' responses: '200': content: @@ -3733,246 +3910,220 @@ paths: schema: type: object properties: - data: - items: - $ref: '#/components/schemas/Alerting_alert_response_properties' - type: array - page: + count_closed_cases: type: integer - perPage: + count_in_progress_cases: type: integer - total: + count_open_cases: type: integer description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Get a paginated set of alerts + summary: Get case status summary tags: - - alerting - /api/alerts/alerts/_health: + - cases + /api/cases/tags: get: - deprecated: true - description: Deprecated in 7.13.0. Use the get alerting framework health API instead. - operationId: legacyGetAlertingHealth + description: > + Aggregates and returns a list of case tags. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + operationId: getCaseTagsDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_owner' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getTagsResponse: + $ref: '#/components/examples/Cases_get_tags_response' schema: - type: object - properties: - alertingFrameworkHealth: - description: > - Three substates identify the health of the alerting - framework: `decryptionHealth`, `executionHealth`, and - `readHealth`. - type: object - properties: - decryptionHealth: - description: The timestamp and status of the alert decryption. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - executionHealth: - description: The timestamp and status of the alert execution. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - readHealth: - description: The timestamp and status of the alert reading events. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - hasPermanentEncryptionKey: - description: >- - If `false`, the encrypted saved object plugin does not - have a permanent encryption key. - example: true - type: boolean - isSufficientlySecure: - description: 'If `false`, security is enabled but TLS is not.' - example: true - type: boolean + items: + type: string + maxItems: 10000 + type: array description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Get the alerting framework health + summary: Get case tags tags: - - alerting - /api/alerts/alerts/list_alert_types: + - cases + /api/data_views: get: - deprecated: true - description: Deprecated in 7.13.0. Use the get rule types API instead. - operationId: legacyGetAlertTypes + operationId: getAllDataViewsDefault responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getAllDataViewsResponse: + $ref: '#/components/examples/Data_views_get_data_views_response' schema: - items: - type: object - properties: - actionGroups: - description: > - An explicit list of groups for which the alert type can - schedule actions, each with the action group's unique ID - and human readable name. Alert actions validation uses - this configuration to ensure that groups are valid. - items: - type: object - properties: - id: - type: string - name: - type: string - type: array - actionVariables: - description: > - A list of action variables that the alert type makes - available via context and state in action parameter - templates, and a short human readable description. The - Alert UI will use this information to prompt users for - these variables in action parameter editors. - type: object - properties: - context: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - params: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - state: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - authorizedConsumers: - description: >- - The list of the plugins IDs that have access to the - alert type. - type: object - defaultActionGroupId: - description: The default identifier for the alert type group. - type: string - enabledInLicense: - description: >- - Indicates whether the rule type is enabled based on the - subscription. - type: boolean - id: - description: The unique identifier for the alert type. - type: string - isExportable: - description: >- - Indicates whether the alert type is exportable in Saved - Objects Management UI. - type: boolean - minimumLicenseRequired: - description: The subscriptions required to use the alert type. - type: string - name: - description: The descriptive name of the alert type. - type: string - producer: - description: >- - An identifier for the application that produces this - alert type. - type: string - recoveryActionGroup: - description: > - An action group to use when an alert instance goes from - an active state to an inactive one. If it is not - specified, the default recovered action group is used. + type: object + properties: + data_view: + items: type: object properties: id: type: string name: type: string - type: array + namespaces: + items: + type: string + type: array + title: + type: string + typeMeta: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get all data views + tags: + - data views + /api/data_views/data_view: + post: + operationId: createDataViewDefaultw + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createDataViewRequest: + $ref: '#/components/examples/Data_views_create_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_create_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' description: Indicates a successful call. - '401': + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get the alert types + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create a data view tags: - - alerting - /api/apm/agent_keys: + - data views + '/api/data_views/data_view/{viewId}': + delete: + description: | + WARNING: When you delete a data view, it cannot be recovered. + operationId: deleteDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '204': + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a data view + tags: + - data views + get: + operationId: getDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getDataViewResponse: + $ref: '#/components/examples/Data_views_get_data_view_response' + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a data view + tags: + - data views post: - description: Create a new agent key for APM. - operationId: createAgentKey + operationId: updateDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateDataViewRequest: + $ref: '#/components/examples/Data_views_update_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_update_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a data view + tags: + - data views + '/api/data_views/data_view/{viewId}/fields': + post: + description: > + Update fields presentation metadata such as count, customLabel, + customDescription, and format. + operationId: updateFieldsMetadataDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateFieldsMetadataRequest: + $ref: '#/components/examples/Data_views_update_field_metadata_request' schema: type: object properties: - name: - type: string - privileges: - items: - enum: - - 'event:write' - - 'config_agent:read' - type: string - type: array + fields: + description: The field object. + type: object + required: + - fields required: true responses: '200': @@ -3981,53 +4132,44 @@ paths: schema: type: object properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: - type: string - description: Agent key created successfully - summary: Create an APM agent key + acknowledged: + type: boolean + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update data view fields metadata tags: - - APM agent keys - '/api/apm/services/{serviceName}/annotation': + - data views + '/api/data_views/data_view/{viewId}/runtime_field': post: - description: Create a new annotation for a specific service. - operationId: createAnnotation + operationId: createRuntimeFieldDefault parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: type: object properties: - '@timestamp': - type: string - message: + name: + description: | + The name for a runtime field. type: string - service: + runtimeField: + description: | + The runtime field definition object. type: object - properties: - environment: - type: string - version: - type: string - tags: - items: - type: string - type: array + required: + - name + - runtimeField required: true responses: '200': @@ -4035,71 +4177,42 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - _id: - type: string - _index: - type: string - _source: - type: object - properties: - '@timestamp': - type: string - annotation: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array - description: Annotation created successfully - summary: Create a service annotation + description: Indicates a successful call. + summary: Create a runtime field tags: - - APM annotations - '/api/apm/services/{serviceName}/annotation/search': - get: - description: Search for annotations related to a specific service. - operationId: getAnnotation - parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search - in: query - name: start - required: false - schema: - type: string - - description: The end date for the search - in: query - name: end - required: false + - data views + put: + operationId: createUpdateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: | + The ID of the data view fields you want to update. + in: path + name: viewId + required: true schema: type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true responses: '200': content: @@ -4107,1621 +4220,1732 @@ paths: schema: type: object properties: - annotations: + data_view: + type: object + fields: items: type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string type: array - description: Successful response - summary: Search for annotations + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create or update a runtime field tags: - - APM annotations - /api/cases: + - data views + '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': delete: - description: > - You must have `read` or `all` privileges and the `delete` sub-feature - privilege for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseDefaultSpace + operationId: deleteRuntimeFieldDefault parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_ids' + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' responses: - '204': + '200': description: Indicates a successful call. - '401': + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete cases + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a runtime field from a data view tags: - - cases - patch: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - updating. - operationId: updateCaseDefaultSpace + - data views + get: + operationId: getRuntimeFieldDefault parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseRequest: - $ref: '#/components/examples/Cases_update_case_request' - schema: - $ref: '#/components/schemas/Cases_update_case_request' + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - updateCaseResponse: - $ref: '#/components/examples/Cases_update_case_response' + getRuntimeFieldResponse: + $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: - items: - $ref: '#/components/schemas/Cases_case_response_properties' - type: array + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array description: Indicates a successful call. - '401': + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update cases + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a runtime field tags: - - cases + - data views post: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - creating. - operationId: createCaseDefaultSpace + operationId: updateRuntimeFieldDefault parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: examples: - createCaseRequest: - $ref: '#/components/examples/Cases_create_case_request' + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_update_runtime_field_request' schema: - $ref: '#/components/schemas/Cases_create_case_request' + type: object + properties: + runtimeField: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + required: + - runtimeField required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseResponse: - $ref: '#/components/examples/Cases_create_case_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. - '401': + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Create a case + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a runtime field tags: - - cases - /api/cases/_find: + - data views + /api/data_views/default: get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: findCasesDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_assignees' - - $ref: '#/components/parameters/Cases_category' - - $ref: '#/components/parameters/Cases_defaultSearchOperator' - - $ref: '#/components/parameters/Cases_from' - - $ref: '#/components/parameters/Cases_owner' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_reporters' - - $ref: '#/components/parameters/Cases_search' - - $ref: '#/components/parameters/Cases_searchFields' - - $ref: '#/components/parameters/Cases_severity' - - $ref: '#/components/parameters/Cases_sortField' - - $ref: '#/components/parameters/Cases_sort_order' - - $ref: '#/components/parameters/Cases_status' - - $ref: '#/components/parameters/Cases_tags' - - $ref: '#/components/parameters/Cases_to' + operationId: getDefaultDataViewDefault responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - findCaseResponse: - $ref: '#/components/examples/Cases_find_case_response' + getDefaultDataViewResponse: + $ref: >- + #/components/examples/Data_views_get_default_data_view_response schema: type: object properties: - cases: - items: - $ref: '#/components/schemas/Cases_case_response_properties' - maxItems: 10000 - type: array - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - page: - type: integer - per_page: - type: integer - total: - type: integer + data_view_id: + type: string description: Indicates a successful call. - '401': + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Search cases + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get the default data view tags: - - cases - '/api/cases/{caseId}': - get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. - operationId: getCaseDefaultSpace + - data views + post: + operationId: setDefaultDatailViewDefault parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_includeComments' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + setDefaultDataViewRequest: + $ref: '#/components/examples/Data_views_set_default_data_view_request' + schema: + type: object + properties: + data_view_id: + description: > + The data view identifier. NOTE: The API does not validate + whether it is a valid identifier. Use `null` to unset the + default data view. + nullable: true + type: string + force: + default: false + description: Update an existing default data view identifier. + type: boolean + required: + - data_view_id + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultCaseResponse: - $ref: '#/components/examples/Cases_get_case_response' - getDefaultObservabilityCaseReponse: - $ref: '#/components/examples/Cases_get_case_observability_response' schema: - $ref: '#/components/schemas/Cases_case_response_properties' + type: object + properties: + acknowledged: + type: boolean description: Indicates a successful call. - '401': + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case information + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Set the default data view tags: - - cases - '/api/cases/{caseId}/alerts': - get: + - data views + /api/data_views/swap_references: + post: description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: getCaseAlertsDefaultSpace + Changes saved object references from one data view identifier to + another. WARNING: Misuse can break large numbers of saved objects! + Practicing with a backup is recommended. + operationId: swapDataViewsDefault parameters: - - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + swapDataViewRequest: + $ref: '#/components/examples/Data_views_swap_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getCaseAlertsResponse: - $ref: '#/components/examples/Cases_get_case_alerts_response' schema: - items: - $ref: '#/components/schemas/Cases_alert_response_properties' - type: array + type: object + properties: + deleteStatus: + type: object + properties: + deletePerformed: + type: boolean + remainingRefs: + type: integer + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get all alerts for a case + summary: Swap saved object references tags: - - cases - x-technical-preview: true - '/api/cases/{caseId}/comments': - delete: + - data views + /api/data_views/swap_references/_preview: + post: description: > - Deletes all comments and alerts from a case. You must have `all` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseCommentsDefaultSpace + Preview the impact of swapping saved object references from one data + view identifier to another. + operationId: previewSwapDataViewsDefault parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + previewSwapDataViewRequest: + $ref: >- + #/components/examples/Data_views_preview_swap_data_view_request + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true responses: - '204': - description: Indicates a successful call. - '401': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete all case comments and alerts + type: object + properties: + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Preview a saved object reference swap tags: - - cases - get: - deprecated: true + - data views + /api/encrypted_saved_objects/_rotate_key: + post: description: > - Deprecated in 8.1.0. This API is deprecated and will be removed in a - future release; instead, use the get case comment API, which requires a - comment identifier in the path. You must have `read` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on the - owner of the cases with the comments you're seeking. - operationId: getAllCaseCommentsDefaultSpace + Superuser role required. + + + If a saved object cannot be decrypted using the primary encryption key, + then Kibana will attempt to decrypt it using the specified + decryption-only keys. In most of the cases this overhead is negligible, + but if you're dealing with a large number of saved objects and + experiencing performance issues, you may want to rotate the encryption + key. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: rotateEncryptionKey parameters: - - $ref: '#/components/parameters/Cases_case_id' + - description: > + Specifies a maximum number of saved objects that Kibana can process + in a single batch. Bulk key rotation is an iterative process since + Kibana may not be able to fetch and process all required saved + objects in one go and splits processing into consequent batches. By + default, the batch size is 10000, which is also a maximum allowed + value. + in: query + name: batch_size + required: false + schema: + default: 10000 + type: number + - description: > + Limits encryption key rotation only to the saved objects with the + specified type. By default, Kibana tries to rotate the encryption + key for all saved object types that may contain encrypted + attributes. + in: query + name: type + required: false + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + rotateEncryptionKeyResponse: + $ref: '#/components/examples/Saved_objects_key_rotation_response' schema: - $ref: '#/components/schemas/Cases_case_response_properties' + type: object + properties: + failed: + description: > + Indicates the number of the saved objects that were still + encrypted with one of the old encryption keys that Kibana + failed to re-encrypt with the primary key. + type: number + successful: + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + + + NOTE: In most cases, `total` will be greater than + `successful` even if `failed` is zero. The reason is that + Kibana may not need or may not be able to rotate + encryption keys for all encrypted saved objects. + type: number + total: + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + type: number description: Indicates a successful call. - '401': + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get all case comments + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + '429': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Already in progress. + summary: Rotate a key for encrypted saved objects tags: - - cases - patch: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - NOTE: You cannot change the comment type or the owner of a comment. - operationId: updateCaseCommentDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseCommentRequest: - $ref: '#/components/examples/Cases_update_comment_request' - schema: - $ref: '#/components/schemas/Cases_update_case_comment_request' - required: true + - saved objects + /api/fleet/agent_download_sources: + get: + operationId: get-download-sources responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseCommentResponse: - $ref: '#/components/examples/Cases_update_comment_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update a case comment or alert + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_download_sources' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent binary download sources tags: - - cases + - Elastic Agent binary download sources post: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. - NOTE: Each case can have a maximum of 1,000 alerts. - operationId: addCaseCommentDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' + operationId: post-download-sources requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseCommentRequest: - $ref: '#/components/examples/Cases_add_comment_request' schema: - $ref: '#/components/schemas/Cases_add_case_comment_request' - required: true + type: object + properties: + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string + required: + - name + - host + - is_default responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseCommentResponse: - $ref: '#/components/examples/Cases_add_comment_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Add a case comment or alert + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent binary download source tags: - - cases - '/api/cases/{caseId}/comments/_find': - get: - description: > - Retrieves a paginated list of comments for a case. You must have `read` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases with the comments you're - seeking. - operationId: findCaseCommentsDefaultSpace + - Elastic Agent binary download sources + '/api/fleet/agent_download_sources/{sourceId}': + delete: + operationId: delete-download-source parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_sort_order' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent binary download source by ID + tags: + - Elastic Agent binary download sources + get: + operationId: get-one-download-source + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Find case comments and alerts + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent binary download source by ID tags: - - cases - '/api/cases/{caseId}/comments/{commentId}': - delete: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseCommentDefaultSpace + - Elastic Agent binary download sources + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + put: + operationId: update-download-source parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_comment_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + type: string + is_default: + type: boolean + name: + type: string + required: + - name + - is_default + - host responses: - '204': - description: Indicates a successful call. - '401': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete a case comment or alert + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent binary download source by ID tags: - - cases + - Elastic Agent binary download sources + /api/fleet/agent_policies: get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases with the - comments you're seeking. - operationId: getCaseCommentDefaultSpace + description: '' + operationId: agent-policy-list parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_comment_id' + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - description: >- + When set to true, retrieve the related package policies for each + agent policy. + in: query + name: full + schema: + type: boolean + - description: >- + When set to true, do not count how many agents are in the agent + policy, this can improve performance if you are searching over a + large number of agent policies. The "agents" property will always be + 0 if set to true. + in: query + name: noAgentCount + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getCaseCommentResponse: - $ref: '#/components/examples/Cases_get_comment_response' schema: - oneOf: - - $ref: >- - #/components/schemas/Cases_alert_comment_response_properties - - $ref: >- - #/components/schemas/Cases_user_comment_response_properties - description: Indicates a successful call. - '401': + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent policies + tags: + - Elastic Agent policies + post: + operationId: create-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_create_request' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get a case comment or alert + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent policy tags: - - cases - '/api/cases/{caseId}/connector/{connectorId}/_push': + - Elastic Agent policies + /api/fleet/agent_policies/_bulk_get: post: - description: > - You must have `all` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - You must also have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're pushing. - operationId: pushCaseDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_connector_id' - - $ref: '#/components/parameters/Cases_kbn_xsrf' + operationId: bulk-get-agent-policies + parameters: [] requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - nullable: true type: object + properties: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of agent policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - pushCaseResponse: - $ref: '#/components/examples/Cases_push_case_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Push a case to an external service + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get agent policies tags: - - cases - '/api/cases/{caseId}/user_actions': + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}': get: - deprecated: true - description: > - Returns all user activity for a case. Deprecated in 8.1.0. This API is - deprecated and will be removed in a future release; use the find user - actions API instead. You must have `read` privileges for the **Cases** - feature in the **Management**, **Observability**, or **Security** - section of the Kibana feature privileges, depending on the owner of the - case you're seeking. - operationId: getCaseActivityDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' + description: Get one agent policy + operationId: agent-policy-info + parameters: [] responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - $ref: '#/components/schemas/Cases_user_actions_response_properties' - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case activity + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent policy by ID tags: - - cases - '/api/cases/{caseId}/user_actions/_find': - get: - description: > - Retrives a paginated list of user activity for a case. You must have - `read` privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the case you're seeking. - operationId: findCaseActivityDefaultSpace + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + put: + operationId: update-agent-policy parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_sort_order' - - $ref: '#/components/parameters/Cases_user_action_types' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_update_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - findCaseActivityResponse: - $ref: '#/components/examples/Cases_find_case_activity_response' schema: type: object properties: - page: - type: integer - perPage: - type: integer - total: - type: integer - userActions: - items: - $ref: >- - #/components/schemas/Cases_user_actions_find_response_properties - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent policy by ID + tags: + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}/copy': + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + post: + operationId: agent-policy-copy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + description: + type: string + name: + type: string + required: + - name + description: '' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Find case activity + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Copy agent policy by ID tags: - - cases - '/api/cases/alerts/{alertId}': + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}/download': get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: getCasesByAlertDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_alert_id' - - $ref: '#/components/parameters/Cases_owner' + operationId: agent-policy-download responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - example: - - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 - title: security_case - items: - type: object - properties: - id: - description: The case identifier. - type: string - title: - description: The case title. - type: string - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Download agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + '/api/fleet/agent_policies/{agentPolicyId}/full': + get: + operationId: agent-policy-full + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get cases for an alert + type: object + properties: + item: + oneOf: + - type: string + - $ref: '#/components/schemas/Fleet_agent_policy_full' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full agent policy by ID tags: - - cases - x-technical-preview: true - /api/cases/configure: - get: - description: > - Get setting details such as the closure type, custom fields, templatse, - and the default connector for cases. You must have `read` privileges for - the **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where the cases were created. - operationId: getCaseConfigurationDefaultSpace + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /api/fleet/agent_policies/delete: + parameters: [] + post: + operationId: delete-agent-policy parameters: - - $ref: '#/components/parameters/Cases_owner' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + agentPolicyId: + type: string + force: + description: >- + bypass validation checks that can prevent agent policy + deletion + type: boolean + required: + - agentPolicyId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConfigurationResponse: - $ref: '#/components/examples/Cases_get_case_configuration_response' schema: - items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are - not used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want - a default connector, use `none`. To retrieve - connector IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the - `type` is `text`, the default value must be a - string. If the `type` is `toggle`, the default - value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If - `false`, the custom field can be set to null or - omitted when a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string - type: array - description: Indicates a successful call. - '401': + type: object + properties: + id: + type: string + success: + type: boolean + required: + - id + - success + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent policy by ID + tags: + - Elastic Agent policies + /api/fleet/agent_status: + get: + operationId: get-agent-status + parameters: + - in: query + name: policyId + required: false + schema: + type: string + - deprecated: true + in: query + name: kuery + required: false + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case settings + type: object + properties: + active: + type: integer + all: + type: integer + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + deprecated: true + type: integer + unenrolled: + type: integer + updating: + type: integer + required: + - active + - all + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary tags: - - cases - post: - description: > - Case settings include external connection details, custom fields, and - templates. Connectors are used to interface with external systems. You - must create a connector before you can use it in your cases. If you set - a default connector, it is automatically selected when you create cases - in Kibana. If you use the create case API, however, you must still - specify all of the connector details. You must have `all` privileges for - the **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where you are creating cases. - operationId: setCaseConfigurationDefaultSpace + - Elastic Agent status + /api/fleet/agent_status/data: + get: + operationId: get-agent-data parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - setCaseConfigRequest: - $ref: '#/components/examples/Cases_set_case_configuration_request' - schema: - $ref: '#/components/schemas/Cases_set_case_configuration_request' + - in: query + name: agentsIds + required: true + schema: + items: + type: string + type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - setCaseConfigResponse: - $ref: '#/components/examples/Cases_set_case_configuration_response' schema: type: object properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector - IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` - is `text`, the default value must be a string. If - the `type` is `toggle`, the default value must be - boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, - the custom field can be set to null or omitted when - a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: + items: items: + additionalProperties: + type: object + properties: + data: + type: boolean type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string type: array - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string - description: Indicates a successful call. - '401': + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get incoming agent data + tags: + - Elastic Agent status + /api/fleet/agent-status: + get: + deprecated: true + operationId: get-agent-status-deprecated + parameters: + - in: query + name: policyId + required: false + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Add case settings + type: object + properties: + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + type: integer + updating: + type: integer + required: + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary tags: - - cases - '/api/cases/configure/{configurationId}': - patch: - description: > - Updates setting details such as the closure type, custom fields, - templates, and the default connector for cases. Connectors are used to - interface with external systems. You must create a connector before you - can use it in your cases. You must have `all` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where the case was created. - operationId: updateCaseConfigurationDefaultSpace + - Elastic Agent status + /api/fleet/agents: + get: + operationId: get-agents parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_configuration_id' + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_show_inactive' + - $ref: '#/components/parameters/Fleet_show_upgradeable' + - $ref: '#/components/parameters/Fleet_sort_field' + - $ref: '#/components/parameters/Fleet_sort_order' + - $ref: '#/components/parameters/Fleet_with_metrics' + - in: query + name: getStatusSummary + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agents_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents + tags: + - Elastic Agents + post: + operationId: get-agents-by-actions + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseConfigurationRequest: - $ref: '#/components/examples/Cases_update_case_configuration_request' schema: - $ref: '#/components/schemas/Cases_update_case_configuration_request' + type: object + properties: + actionIds: + items: + type: string + type: array + required: + - policy_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_get_by_actions' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents by action ids + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}': + delete: + operationId: delete-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseConfigurationResponse: - $ref: >- - #/components/examples/Cases_update_case_configuration_response schema: type: object properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector - IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` - is `text`, the default value must be a string. If - the `type` is `toggle`, the default value must be - boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, - the custom field can be set to null or omitted when - a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true + action: + enum: + - deleted type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent by ID + tags: + - Elastic Agents + get: + operationId: get-agent + parameters: + - $ref: '#/components/parameters/Fleet_with_metrics' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent by ID + tags: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + put: + operationId: update-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + tags: + items: type: string - mappings: + type: array + user_provided_metadata: + type: object + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent by ID + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/actions': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: new-agent-action + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + $ref: '#/components/schemas/Fleet_agent_action' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string + type: number type: array - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= + headers: type: string - description: Indicates a successful call. - '401': + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent action + tags: + - Elastic Agent actions + '/api/fleet/agents/{agentId}/actions/{actionId}/cancel': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + - in: path + name: actionId + required: true + schema: + type: string + post: + operationId: agent-action-cancel + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update case settings + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_action' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Cancel agent action tags: - - cases - /api/cases/configure/connectors/_find: - get: - description: > - Get information about connectors that are supported for use in cases. - You must have `read` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - operationId: findCaseConnectorsDefaultSpace + - Elastic Agent actions + '/api/fleet/agents/{agentId}/reassign': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: reassign-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + policy_id: + type: string + required: + - policy_id + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - findConnectorResponse: - $ref: '#/components/examples/Cases_find_connector_response' schema: - items: - type: object - properties: - actionTypeId: - $ref: '#/components/schemas/Cases_connector_types' - config: - additionalProperties: true - type: object - properties: - apiUrl: - type: string - projectKey: - type: string - id: - type: string - isDeprecated: - type: boolean - isMissingSecrets: - type: boolean - isPreconfigured: - type: boolean - name: - type: string - referencedByCount: - type: integer - maxItems: 1000 - type: array - description: Indicates a successful call. - '401': + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent + tags: + - Elastic Agents + put: + deprecated: true + operationId: reassign-agent-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + policy_id: + type: string + required: + - policy_id + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case connectors - tags: - - cases - /api/cases/reporters: - get: - description: > - Returns information about the users who opened cases. You must have read - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases. The API returns - information about the users as they existed at the time of the case - creation, including their name, full name, and email address. If any of - those details change thereafter or if a user is deleted, the information - returned by this API is unchanged. - operationId: getCaseReportersDefaultSpace + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/request_diagnostics': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: request-diagnostics-agent parameters: - - $ref: '#/components/parameters/Cases_owner' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getReportersResponse: - $ref: '#/components/examples/Cases_get_reporters_response' - schema: - items: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case creators + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Request agent diagnostics tags: - - cases - /api/cases/status: - get: - deprecated: true - description: > - Returns the number of cases that are open, closed, and in progress. - Deprecated in 8.1.0. This API is deprecated and will be removed in a - future release; use the find cases API instead. You must have `read` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're seeking. - operationId: getCaseStatusDefaultSpace + - Elastic Agents + '/api/fleet/agents/{agentId}/unenroll': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: unenroll-agent parameters: - - $ref: '#/components/parameters/Cases_owner' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + revoke: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - description: Indicates a successful call. - '401': + description: OK + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case status summary + type: object + properties: + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: number + description: BAD REQUEST + summary: Unenroll agent tags: - - cases - /api/cases/tags: - get: - description: > - Aggregates and returns a list of case tags. You must have read - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're seeking. - operationId: getCaseTagsDefaultSpace + - Elastic Agents + '/api/fleet/agents/{agentId}/upgrade': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: upgrade-agent parameters: - - $ref: '#/components/parameters/Cases_owner' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_upgrade_agent' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getTagsResponse: - $ref: '#/components/examples/Cases_get_tags_response' schema: - items: - type: string - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': + $ref: '#/components/schemas/Fleet_upgrade_agent' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade agent + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/uploads': + get: + operationId: list-agent-uploads + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case tags + type: object + properties: + body: + type: object + properties: + item: + items: + $ref: '#/components/schemas/Fleet_agent_diagnostics' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent uploads tags: - - cases - /api/data_views: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + /api/fleet/agents/action_status: get: - operationId: getAllDataViewsDefault + operationId: agents-action-status + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - in: query + name: errorSize + schema: + default: 5 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' schema: type: object properties: - data_view: + items: items: type: object properties: - id: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + latestErrors: + description: >- + latest errors that happened when the agents executed + the action + items: + type: object + properties: + agentId: + type: string + error: + type: string + timestamp: + type: string + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) type: string - name: + policyId: + description: policy id (POLICY_CHANGE action) type: string - namespaces: - items: - type: string - type: array - title: + revision: + description: new policy revision (POLICY_CHANGE action) type: string - typeMeta: - type: object + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - POLICY_REASSIGN + - UPGRADE + - UNENROLL + - FORCE_UNENROLL + - UPDATE_TAGS + - CANCEL + - REQUEST_DIAGNOSTICS + - SETTINGS + - POLICY_CHANGE + - INPUT_ACTION + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - complete + - nbAgentsActioned + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - status + - creationTime + - type type: array - description: Indicates a successful call. + required: + - items + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views + $ref: '#/components/responses/Fleet_error' + summary: Get agent action status tags: - - data views - /api/data_views/data_view: + - Elastic Agent actions + /api/fleet/agents/bulk_reassign: post: - operationId: createDataViewDefaultw + operationId: bulk-reassign-agents parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + policy_id: policy_id schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' - required: true + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + policy_id: + description: new agent policy id + type: string + required: + - policy_id + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. + type: object + properties: + actionId: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view - tags: - - data views - '/api/data_views/data_view/{viewId}': - delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '204': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view - tags: - - data views - get: - operationId: getDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view + $ref: '#/components/responses/Fleet_error' + summary: Bulk reassign agents tags: - - data views + - Elastic Agents + /api/fleet/agents/bulk_request_diagnostics: post: - operationId: updateDataViewDefault + operationId: bulk-request-diagnostics parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' - required: true + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. + type: object + properties: + actionId: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view + $ref: '#/components/responses/Fleet_error' + summary: Bulk request diagnostics from agents tags: - - data views - '/api/data_views/data_view/{viewId}/fields': + - Elastic Agents + /api/fleet/agents/bulk_unenroll: post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. - operationId: updateFieldsMetadataDefault + operationId: bulk-unenroll-agents parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' + example: + agents: + - agent1 + - agent2 + force: false + revoke: true schema: type: object properties: - fields: - description: The field object. - type: object + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean required: - - fields - required: true + - agents responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk unenroll agents tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field': + - Elastic Agents + /api/fleet/agents/bulk_update_agent_tags: post: - operationId: createRuntimeFieldDefault + operationId: bulk-update-agent-tags parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' + example: + agents: + - agent1 + - agent2 + tagsToAdd: + - newTag + tagsToRemove: + - existingTag schema: type: object properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + tagsToAdd: + items: + type: string + type: array + tagsToRemove: + items: + type: string + type: array required: - - name - - runtimeField - required: true + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. - summary: Create a runtime field + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk update agent tags tags: - - data views - put: - operationId: createUpdateRuntimeFieldDefault + - Elastic Agents + /api/fleet/agents/bulk_upgrade: + post: + operationId: bulk-upgrade-agents parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. - in: path - name: viewId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' + example: + agents: + - agent1 + - agent2 + rollout_duration_seconds: 3600 + source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' + start_time: '2022-08-03T14:00:00.000Z' + version: 8.4.0 schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField + $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' required: true responses: '200': @@ -5730,246 +5954,140 @@ paths: schema: type: object properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. + actionId: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field + $ref: '#/components/responses/Fleet_error' + summary: Bulk upgrade agents tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': + - Elastic Agents + '/api/fleet/agents/files/{fileId}': delete: - operationId: deleteRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view - tags: - - data views - get: - operationId: getRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + operationId: delete-agent-upload-file responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: type: object properties: - data_view: + body: type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field - tags: - - data views - post: - operationId: updateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' - schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField - required: true - responses: - '200': - description: Indicates a successful call. + properties: + deleted: + type: boolean + id: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field + $ref: '#/components/responses/Fleet_error' + summary: Delete file uploaded by agent tags: - - data views - /api/data_views/default: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + '/api/fleet/agents/files/{fileId}/{fileName}': get: - operationId: getDefaultDataViewDefault + operationId: get-agent-upload-file responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response schema: type: object properties: - data_view_id: - type: string - description: Indicates a successful call. + body: + type: object + properties: + items: + type: object + properties: + body: {} + headers: {} + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get file uploaded by agent + tags: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + /api/fleet/agents/setup: + get: + operationId: get-agents-setup-status + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get the default data view + $ref: '#/components/schemas/Fleet_fleet_status_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent setup info tags: - - data views + - Elastic Agents post: - operationId: setDefaultDatailViewDefault + operationId: setup-agents parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' schema: type: object properties: - data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. - nullable: true + admin_password: + type: string + admin_username: type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean required: - - data_view_id - required: true + - admin_username + - admin_password responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Set the default data view + $ref: '#/components/responses/Fleet_error' + summary: Initiate agent setup tags: - - data views - /api/data_views/swap_references: - post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. - operationId: swapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true + - Elastic Agents + /api/fleet/agents/tags: + get: + operationId: get-agent-tags responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Swap saved object references + $ref: '#/components/schemas/Fleet_get_agent_tags_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent tags tags: - - data views - /api/data_views/swap_references/_preview: - post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. - operationId: previewSwapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true + - Elastic Agents + /api/fleet/data_streams: + get: + operationId: data-streams-list responses: '200': content: @@ -5977,846 +6095,434 @@ paths: schema: type: object properties: - result: + data_streams: items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string + $ref: '#/components/schemas/Fleet_data_stream' type: array - description: Indicates a successful call. - summary: Preview a saved object reference swap + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List data streams tags: - - data views - /api/encrypted_saved_objects/_rotate_key: - post: - description: > - Superuser role required. - - - If a saved object cannot be decrypted using the primary encryption key, - then Kibana will attempt to decrypt it using the specified - decryption-only keys. In most of the cases this overhead is negligible, - but if you're dealing with a large number of saved objects and - experiencing performance issues, you may want to rotate the encryption - key. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: rotateEncryptionKey - parameters: - - description: > - Specifies a maximum number of saved objects that Kibana can process - in a single batch. Bulk key rotation is an iterative process since - Kibana may not be able to fetch and process all required saved - objects in one go and splits processing into consequent batches. By - default, the batch size is 10000, which is also a maximum allowed - value. - in: query - name: batch_size - required: false - schema: - default: 10000 - type: number - - description: > - Limits encryption key rotation only to the saved objects with the - specified type. By default, Kibana tries to rotate the encryption - key for all saved object types that may contain encrypted - attributes. - in: query - name: type - required: false - schema: - type: string + - Data streams + parameters: [] + /api/fleet/enrollment_api_keys: + get: + operationId: get-enrollment-api-keys + parameters: [] responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - rotateEncryptionKeyResponse: - $ref: '#/components/examples/Saved_objects_key_rotation_response' schema: type: object properties: - failed: - description: > - Indicates the number of the saved objects that were still - encrypted with one of the old encryption keys that Kibana - failed to re-encrypt with the primary key. + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: type: number - successful: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - - - NOTE: In most cases, `total` will be greater than - `successful` even if `failed` is zero. The reason is that - Kibana may not need or may not be able to rotate - encryption keys for all encrypted saved objects. + perPage: type: number total: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. type: number - description: Indicates a successful call. + required: + - items + - page + - perPage + - total + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - '429': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Already in progress. - summary: Rotate a key for encrypted saved objects - tags: - - saved objects - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. - operationId: mlSync + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + operationId: create-enrollment-api-keys parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync saved objects in the default space + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key tags: - - ml - /api/saved_objects/_bulk_create: - post: - deprecated: true - operationId: bulkCreateSavedObjects + - Fleet enrollment API keys + '/api/fleet/enrollment_api_keys/{keyId}': + delete: + operationId: delete-enrollment-api-key parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: 'When true, overwrites the document with the same identifier.' - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + get: + operationId: get-enrollment-api-key + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Create saved objects - tags: - - saved objects - /api/saved_objects/_bulk_delete: - post: - deprecated: true - description: | - WARNING: When you delete a saved object, it cannot be recovered. - operationId: bulkDeleteSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. - in: query - name: force - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: type: object - type: array + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId required: true + schema: + type: string + /api/fleet/enrollment-api-keys: + get: + deprecated: true + operationId: get-enrollment-api-keys-deprecated + parameters: [] responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Delete saved objects + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys tags: - - saved objects - /api/saved_objects/_bulk_get: + - Fleet enrollment API keys post: deprecated: true - operationId: bulkGetSavedObjects + operationId: create-enrollment-api-keys-deprecated parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Get saved objects + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key tags: - - saved objects - /api/saved_objects/_bulk_resolve: - post: + - Fleet enrollment API keys + '/api/fleet/enrollment-api-keys/{keyId}': + delete: deprecated: true - description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. - operationId: bulkResolveSavedObjects + operationId: delete-enrollment-api-key-deprecated parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Resolve saved objects + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID tags: - - saved objects - /api/saved_objects/_bulk_update: - post: - deprecated: true - description: Update the attributes for multiple Kibana saved objects. - operationId: bulkUpdateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true + - Fleet enrollment API keys + get: + deprecated: true + operationId: get-enrollment-api-key-deprecated responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Update saved objects + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID tags: - - saved objects - /api/saved_objects/_export: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/epm/bulk_assets: post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + operationId: bulk-get-assets requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: '#/components/examples/Saved_objects_export_objects_request' schema: type: object properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. + assetIds: + description: list of items necessary to fetch assets items: type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: + properties: + id: type: string - type: array - required: true + type: + type: string + type: array + required: + - assetIds responses: '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: '#/components/examples/Saved_objects_export_objects_response' - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Export saved objects + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get assets tags: - - saved objects - /api/saved_objects/_find: + - Elastic Package Manager (EPM) + /api/fleet/epm/categories: get: - deprecated: true - description: Retrieve a paginated set of Kibana saved objects. - operationId: findSavedObjects - parameters: - - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. - in: query - name: aggs - schema: - type: string - - description: The default operator to use for the `simple_query_string`. - in: query - name: default_search_operator - schema: - type: string - - description: The fields to return in the attributes key of the response. - in: query - name: fields - schema: - oneOf: - - type: string - - type: array - - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. - in: query - name: has_no_reference - schema: - type: object - - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. - in: query - name: has_no_reference_operator - schema: - type: string - - description: >- - Filters to objects that have a relationship with the type and ID - combination. - in: query - name: has_reference - schema: - type: object - - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. - in: query - name: has_reference_operator - schema: - type: string - - description: The page of objects to return. - in: query - name: page - schema: - type: integer - - description: The number of objects to return per page. - in: query - name: per_page - schema: - type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - type: array - - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. - in: query - name: sort_field - schema: - type: string - - description: The saved object types to include. - in: query - name: type - required: true - schema: - oneOf: - - type: string - - type: array + operationId: get-package-categories responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a successful call. + $ref: '#/components/schemas/Fleet_get_categories_response' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Search for saved objects + $ref: '#/components/responses/Fleet_error' + summary: List package categories tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault + - Elastic Package Manager (EPM) + parameters: + - description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: include_policy_templates + schema: + default: false + type: boolean + /api/fleet/epm/packages: + get: + operationId: list-all-packages parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. + - description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. in: query - name: createNewCopies - required: false + name: excludeInstallStatus schema: + default: false type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) in: query - name: overwrite - required: false + name: prerelease schema: + default: false type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. + - deprecated: true in: query - name: compatibilityMode - required: false + name: experimental schema: + default: false type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: '#/components/examples/Saved_objects_import_objects_request' - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true + - in: query + name: category + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: '#/components/examples/Saved_objects_import_objects_response' schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. + $ref: '#/components/schemas/Fleet_get_packages_response' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Import saved objects + $ref: '#/components/responses/Fleet_error' + summary: List packages tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/saved_objects/_resolve_import_errors: + - Elastic Package Manager (EPM) post: - description: > - To resolve errors from the Import objects API, you can: - - - * Retry certain saved objects - - * Overwrite specific saved objects - - * Change references to different saved objects - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: resolveImportErrors + description: '' + operationId: install-package-by-upload parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors in: query - name: compatibilityMode - required: false + name: ignoreMappingUpdateErrors schema: + default: false type: boolean - - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. + - description: >- + Skip data stream rollover during index template mapping or settings + update in: query - name: createNewCopies - required: false + name: skipDataStreamRollover schema: + default: false type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request + application/gzip; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - file: - description: The same file given to the import API. - format: binary - type: string - retries: - description: >- - The retry operations, which can specify how to resolve - different types of errors. - items: - type: object - properties: - destinationId: - description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. - type: string - id: - description: The saved object ID. - type: string - ignoreMissingReferences: - description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. - type: boolean - overwrite: - description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. - type: boolean - replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. - items: - type: object - properties: - from: - type: string - to: - type: string - type: - type: string - type: array - type: - description: The saved object type. - type: string - required: - - type - - id - type: array - required: - - retries - required: true + format: binary + type: string + application/zip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response + application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - errors: - description: > - Specifies the objects that failed to resolve. - - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. - items: - type: object - type: array - success: - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. - type: boolean - successCount: - description: | - Indicates the number of successfully resolved records. - type: number - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. + _meta: + type: object + properties: + install_source: + enum: + - upload + - registry + - bundled + type: string + items: items: type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type type: array - description: Indicates a successful call. + required: + - items + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve import errors + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + summary: Install by package by direct upload tags: - - saved objects - '/api/saved_objects/{type}': + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/_bulk: post: - deprecated: true - description: Create a Kibana saved object with a randomly generated identifier. - operationId: createSavedObject + operationId: bulk-install-packages parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: 'If true, overwrites the document with the same identifier.' + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) in: query - name: overwrite + name: prerelease schema: + default: false type: boolean requestBody: content: @@ -6824,225 +6530,348 @@ paths: schema: type: object properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' + force: + description: force install to ignore package verification errors + type: boolean + packages: + description: list of packages to install + items: + oneOf: + - description: package name + type: string + - type: object + properties: + name: + description: package name + type: string + version: + description: package version + type: string + type: array required: - - attributes - required: true + - packages responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a successful call. - '409': + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgkey}': + delete: + deprecated: true + operationId: delete-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a conflict error. - summary: Create a saved object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete ackage tags: - - saved objects - '/api/saved_objects/{type}/{id}': + - Elastic Package Manager (EPM) get: deprecated: true - description: Retrieve a single Kibana saved object by identifier. - operationId: getSavedObject + operationId: get-package-deprecated parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - in: path + name: pkgkey + required: true + schema: + type: string + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + savedObject: + type: string + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject type: object - description: Indicates a successful call. + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Get a saved object + $ref: '#/components/responses/Fleet_error' + summary: Get package tags: - - saved objects + - Elastic Package Manager (EPM) post: deprecated: true - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. - operationId: createSavedObjectId + description: '' + operationId: install-package-deprecated parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: 'If true, overwrites the document with the same identifier.' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + - description: avoid erroring out on unexpected mapping update errors in: query - name: overwrite + name: ignoreMappingUpdateErrors schema: + default: false type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - required: - - attributes - required: true + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package tags: - - saved objects - put: - deprecated: true - description: Update the attributes for Kibana saved objects. - operationId: updateSavedObject + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}': + delete: + operationId: delete-package parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: delete package even if policies used by agents + in: query + name: force + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + deprecated: true type: object - required: true + properties: + force: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates the object was not found. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Update a saved object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package tags: - - saved objects - '/api/saved_objects/resolve/{type}/{id}': + - Elastic Package Manager (EPM) get: - deprecated: true - description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. - operationId: resolveSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + operationId: get-package responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + licensePath: + type: string + notice: + type: string + savedObject: + deprecated: true + type: object + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject type: object - description: Indicates a successful call. + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve a saved object + $ref: '#/components/responses/Fleet_error' + summary: Get package tags: - - saved objects - /api/status: - get: - operationId: /api/status#0 + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + - description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + name: full + schema: + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + post: + description: '' + operationId: install-package parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors in: query - name: v7format - required: false + name: ignoreMappingUpdateErrors schema: + default: false type: boolean - - description: Set to "true" to get the response in v8 format. + - description: >- + Skip data stream rollover during index template mapping or settings + update in: query - name: v8format - required: false + name: skipDataStreamRollover schema: + default: false type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - /data_streams: - get: - operationId: data-streams-list + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + ignore_constraints: + type: boolean responses: '200': content: @@ -7050,21 +6879,50 @@ paths: schema: type: object properties: - data_streams: + _meta: + type: object + properties: + install_source: + enum: + - registry + - upload + - bundled + type: string + items: items: - $ref: '#/components/schemas/Fleet_data_stream' + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type type: array + required: + - items description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: List data streams + summary: Install package tags: - - Data streams - parameters: [] - /enrollment_api_keys: - get: - operationId: get-enrollment-api-keys - parameters: [] + - Elastic Package Manager (EPM) + put: + description: '' + operationId: update-package + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean responses: '200': content: @@ -7074,34 +6932,31 @@ paths: properties: items: items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type type: array - page: - type: number - perPage: - type: number - total: - type: number required: - items - - page - - perPage - - total description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys + summary: Update package settings tags: - - Fleet enrollment API keys - post: - operationId: create-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}': + get: + operationId: packages-get-file responses: '200': content: @@ -7109,23 +6964,71 @@ paths: schema: type: object properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + body: + type: object + headers: + type: object + statusCode: + type: number description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key + summary: Get package file tags: - - Fleet enrollment API keys - '/enrollment_api_keys/{keyId}': - delete: - operationId: delete-enrollment-api-key + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: path + name: filePath + required: true + schema: + type: string + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': + post: + description: '' + operationId: reauthorize-transforms parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + transforms: + items: + type: object + properties: + transformId: + type: string + type: array responses: '200': content: @@ -7133,20 +7036,31 @@ paths: schema: type: object properties: - action: - enum: - - deleted - type: string + items: + items: + type: object + properties: + error: + type: string + success: + type: boolean + transformId: + type: string + required: + - transformId + - error + type: array required: - - action + - items description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID + summary: Authorize transforms tags: - - Fleet enrollment API keys + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/stats': get: - operationId: get-enrollment-api-key + operationId: get-package-stats responses: '200': content: @@ -7154,27 +7068,25 @@ paths: schema: type: object properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' required: - - item + - response description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID + summary: Get package stats tags: - - Fleet enrollment API keys + - Elastic Package Manager (EPM) parameters: - in: path - name: keyId + name: pkgName required: true schema: type: string - /enrollment-api-keys: + /api/fleet/epm/packages/limited: get: - deprecated: true - operationId: get-enrollment-api-keys-deprecated - parameters: [] + operationId: list-limited-packages responses: '200': content: @@ -7184,60 +7096,59 @@ paths: properties: items: items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: string type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - page - - perPage - - total description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys + summary: Get limited package list tags: - - Fleet enrollment API keys - post: - deprecated: true - operationId: create-enrollment-api-keys-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Elastic Package Manager (EPM) + parameters: [] + '/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs': + get: + operationId: get-inputs-template responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key + summary: Get inputs template tags: - - Fleet enrollment API keys - '/enrollment-api-keys/{keyId}': - delete: - deprecated: true - operationId: delete-enrollment-api-key-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Format of response - json or yaml + in: query + name: format + schema: + enum: + - json + - yaml + - yml + type: string + - description: Specify if version is prerelease + in: query + name: prerelease + schema: + type: boolean + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + /api/fleet/epm/verification_key_id: + get: + operationId: packages-get-verification-key-id responses: '200': content: @@ -7245,21 +7156,29 @@ paths: schema: type: object properties: - action: - enum: - - deleted - type: string - required: - - action + body: + type: object + properties: + id: + description: >- + the key ID of the GPG key used to verify package + signatures + nullable: true + type: string + headers: + type: object + statusCode: + type: number description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID + summary: Get package signature verification key ID tags: - - Fleet enrollment API keys + - Elastic Package Manager (EPM) + parameters: [] + /api/fleet/fleet_server_hosts: get: - deprecated: true - operationId: get-enrollment-api-key-deprecated + operationId: get-fleet-server-hosts responses: '200': content: @@ -7267,164 +7186,89 @@ paths: schema: type: object properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item + items: + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID + summary: List Fleet Server hosts tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /epm/bulk_assets: + - Fleet Server hosts post: - operationId: bulk-get-assets + operationId: post-fleet-server-hosts requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - assetIds: - description: list of items necessary to fetch assets + host_urls: items: - type: object - properties: - id: - type: string - type: - type: string + type: string type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string required: - - assetIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_bulk_assets_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get assets - tags: - - Elastic Package Manager (EPM) - /epm/categories: - get: - operationId: get-package-categories + - name + - host_urls responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_categories_response' + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: List package categories + summary: Create Fleet Server host tags: - - Elastic Package Manager (EPM) - parameters: - - description: >- - Whether to include prerelease packages in categories count (e.g. beta, - rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: include_policy_templates - schema: - default: false - type: boolean - /epm/packages: - get: - operationId: list-all-packages + - Fleet Server hosts + '/api/fleet/fleet_server_hosts/{itemId}': + delete: + operationId: delete-fleet-server-hosts parameters: - - description: >- - Whether to exclude the install status of each package. Enabling this - option will opt in to caching for the response via `cache-control` - headers. If you don't need up-to-date installation info for a - package, and are querying for a list of available packages, - providing this flag can improve performance substantially. - in: query - name: excludeInstallStatus - schema: - default: false - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: category - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_packages_response' + type: object + properties: + id: + type: string + required: + - id description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: List packages + summary: Delete Fleet Server host by ID tags: - - Elastic Package Manager (EPM) - post: - description: '' - operationId: install-package-by-upload - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string + - Fleet Server hosts + get: + operationId: get-one-fleet-server-hosts responses: '200': content: @@ -7432,110 +7276,84 @@ paths: schema: type: object properties: - _meta: - type: object - properties: - install_source: - enum: - - upload - - registry - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' required: - - items + - item description: OK '400': $ref: '#/components/responses/Fleet_error' - '429': - $ref: '#/components/responses/Fleet_error' - summary: Install by package by direct upload - tags: - - Elastic Package Manager (EPM) - /epm/packages/_bulk: - post: - operationId: bulk-install-packages + summary: Get Fleet Server host by ID + tags: + - Fleet Server hosts + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-server-hosts parameters: - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - force: - description: force install to ignore package verification errors - type: boolean - packages: - description: list of packages to install + host_urls: items: - oneOf: - - description: package name - type: string - - type: object - properties: - name: - description: package name - type: string - version: - description: package version - type: string + type: string type: array - required: - - packages + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + nullable: true + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Bulk install packages + summary: Update Fleet Server host by ID tags: - - Elastic Package Manager (EPM) - '/epm/packages/{pkgkey}': - delete: - deprecated: true - operationId: delete-package-deprecated + - Fleet Server hosts + /api/fleet/health_check: + post: + operationId: fleet-server-health-check parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey - required: true - schema: - type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - force: - type: boolean + host: + deprecated: true + type: string + id: + type: string + required: + - id + required: true responses: '200': content: @@ -7543,109 +7361,108 @@ paths: schema: type: object properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response + host: + deprecated: true + type: string + id: + description: Fleet Server host id + type: string + status: + type: string description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Delete ackage + summary: Fleet Server health check tags: - - Elastic Package Manager (EPM) + - Fleet internals + /api/fleet/kubernetes: get: - deprecated: true - operationId: get-package-deprecated + operationId: get-full-k8s-manifest parameters: - - in: path - name: pkgkey - required: true + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false schema: type: string - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease + - in: query + name: enrolToken + required: false schema: - default: false - type: boolean + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - properties: - response: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - savedObject: - type: string - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject type: object + properties: + item: + type: string description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get package + summary: Get full K8s agent manifest tags: - - Elastic Package Manager (EPM) + - Fleet Kubernetes + /api/fleet/logstash_api_keys: post: - deprecated: true - description: '' - operationId: install-package-deprecated + operationId: generate-logstash-api-key parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey - required: true - schema: - type: string - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + api_key: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Generate Logstash API key + tags: + - Fleet outputs + /api/fleet/outputs: + get: + operationId: get-outputs + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_output_create_request' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List outputs + tags: + - Fleet outputs + post: + operationId: post-outputs requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - force: - type: boolean + $ref: '#/components/schemas/Fleet_output_create_request' + required: true responses: '200': content: @@ -7653,49 +7470,19 @@ paths: schema: type: object properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response + item: + $ref: '#/components/schemas/Fleet_output_create_request' description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Install package + summary: Create output tags: - - Elastic Package Manager (EPM) - '/epm/packages/{pkgName}/{pkgVersion}': + - Fleet outputs + '/api/fleet/outputs/{outputId}': delete: - operationId: delete-package + operationId: delete-output parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: delete package even if policies used by agents - in: query - name: force - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - deprecated: true - type: object - properties: - force: - type: boolean responses: '200': content: @@ -7703,130 +7490,48 @@ paths: schema: type: object properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array + id: + type: string required: - - items + - id description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Delete package + summary: Delete output by ID tags: - - Elastic Package Manager (EPM) + - Fleet outputs get: - operationId: get-package + operationId: get-output responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - properties: - item: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - licensePath: - type: string - notice: - type: string - savedObject: - deprecated: true - type: object - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get package + summary: Get output by ID tags: - - Elastic Package Manager (EPM) + - Fleet outputs parameters: - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion + name: outputId required: true schema: type: string - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - - description: >- - Return all fields from the package manifest, not just those supported - by the Elastic Package Registry - in: query - name: full - schema: - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - post: - description: '' - operationId: install-package + put: + operationId: update-output parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - force: - type: boolean - ignore_constraints: - type: boolean + $ref: '#/components/schemas/Fleet_output_update_request' responses: '200': content: @@ -7834,50 +7539,17 @@ paths: schema: type: object properties: - _meta: - type: object - properties: - install_source: - enum: - - registry - - upload - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items + item: + $ref: '#/components/schemas/Fleet_output_update_request' description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Install package + summary: Update output by ID tags: - - Elastic Package Manager (EPM) - put: - description: '' - operationId: update-package - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - keepPoliciesUpToDate: - type: boolean + - Fleet outputs + '/api/fleet/outputs/{outputId}/health': + get: + operationId: get-output-health responses: '200': content: @@ -7885,33 +7557,35 @@ paths: schema: type: object properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items + message: + description: long message if unhealthy + type: string + state: + description: 'state of output, HEALTHY or DEGRADED' + type: string + timestamp: + description: timestamp of reported state + type: string description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Update package settings + summary: Get latest output health tags: - - Elastic Package Manager (EPM) - '/epm/packages/{pkgName}/{pkgVersion}/{filePath}': + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + /api/fleet/package_policies: get: - operationId: packages-get-file + operationId: get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' responses: '200': content: @@ -7919,71 +7593,77 @@ paths: schema: type: object properties: - body: - type: object - headers: - type: object - statusCode: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + page: + type: number + perPage: + type: number + total: type: number + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package policies + tags: + - Fleet package policies + parameters: [] + post: + operationId: create-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + description: >- + You should use inputs as an object and not use the deprecated inputs + array. + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get package file + '409': + $ref: '#/components/responses/Fleet_error' + summary: Create package policy tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - '/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': + - Fleet package policies + /api/fleet/package_policies/_bulk_get: post: - description: '' - operationId: reauthorize-transforms + operationId: bulk-get-package-policies parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: >- - Whether to include prerelease packages in categories count (e.g. - beta, rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean + - $ref: '#/components/parameters/Fleet_format' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - transforms: + ids: + description: list of package policy ids items: - type: object - properties: - transformId: - type: string + type: string type: array + ignoreMissing: + type: boolean + required: + - ids responses: '200': content: @@ -7993,29 +7673,45 @@ paths: properties: items: items: - type: object - properties: - error: - type: string - success: - type: boolean - transformId: - type: string - required: - - transformId - - error + $ref: '#/components/schemas/Fleet_package_policy' type: array required: - items description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Authorize transforms + summary: Bulk get package policies tags: - - Elastic Package Manager (EPM) - '/epm/packages/{pkgName}/stats': + - Fleet package policies + '/api/fleet/package_policies/{packagePolicyId}': + delete: + operationId: delete-package-policy + parameters: + - in: query + name: force + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy by ID + tags: + - Fleet package policies get: - operationId: get-package-stats + operationId: get-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_format' responses: '200': content: @@ -8023,25 +7719,32 @@ paths: schema: type: object properties: - response: - $ref: '#/components/schemas/Fleet_package_usage_stats' + item: + $ref: '#/components/schemas/Fleet_package_policy' required: - - response + - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get package stats + summary: Get package policy by ID tags: - - Elastic Package Manager (EPM) + - Fleet package policies parameters: - in: path - name: pkgName + name: packagePolicyId required: true schema: type: string - /epm/packages/limited: - get: - operationId: list-limited-packages + put: + operationId: update-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' responses: '200': content: @@ -8049,91 +7752,146 @@ paths: schema: type: object properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + sucess: + type: boolean + required: + - item + - sucess + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package policy by ID + tags: + - Fleet package policies + /api/fleet/package_policies/delete: + post: + operationId: post-delete-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + packagePolicyIds: items: - items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: type: string - type: array + name: + type: string + success: + type: boolean + required: + - id + - success + type: array description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get limited package list + summary: Delete package policy tags: - - Elastic Package Manager (EPM) - parameters: [] - '/epm/templates/{pkgName}/{pkgVersion}/inputs': - get: - operationId: get-inputs-template + - Fleet package policies + /api/fleet/package_policies/upgrade: + post: + operationId: upgrade-package-policy + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get inputs template - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Format of response - json or yaml - in: query - name: format - schema: - enum: - - json - - yaml - - yml - type: string - - description: Specify if version is prerelease - in: query - name: prerelease - schema: - type: boolean - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - /epm/verification_key_id: - get: - operationId: packages-get-verification-key-id + '409': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade package policy to a newer package version + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade/dryrun: + post: + operationId: upgrade-package-policy-dry-run + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - id: - description: >- - the key ID of the GPG key used to verify package - signatures - nullable: true - type: string - headers: - type: object - statusCode: - type: number + items: + type: object + properties: + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + hasErrors: + type: boolean + required: + - hasErrors + type: array description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get package signature verification key ID + summary: Dry run package policy upgrade tags: - - Elastic Package Manager (EPM) - parameters: [] - /fleet_server_hosts: + - Fleet package policies + /api/fleet/proxies: get: - operationId: get-fleet-server-hosts + operationId: get-fleet-proxies responses: '200': content: @@ -8143,7 +7901,7 @@ paths: properties: items: items: - $ref: '#/components/schemas/Fleet_fleet_server_host' + $ref: '#/components/schemas/Fleet_proxies' type: array page: type: integer @@ -8154,37 +7912,34 @@ paths: description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: List Fleet Server hosts + summary: List proxies tags: - - Fleet Server hosts + - Fleet proxies post: - operationId: post-fleet-server-hosts + operationId: post-fleet-proxies requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - host_urls: - items: - type: string - type: array + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string id: type: string - is_default: - type: boolean - is_internal: - type: boolean name: type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. + proxy_headers: + type: object + url: type: string required: - name - - host_urls + - url responses: '200': content: @@ -8193,16 +7948,16 @@ paths: type: object properties: item: - $ref: '#/components/schemas/Fleet_fleet_server_host' + $ref: '#/components/schemas/Fleet_proxies' description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Create Fleet Server host + summary: Create proxy tags: - - Fleet Server hosts - '/fleet_server_hosts/{itemId}': + - Fleet proxies + '/api/fleet/proxies/{itemId}': delete: - operationId: delete-fleet-server-hosts + operationId: delete-fleet-proxies parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: @@ -8219,11 +7974,11 @@ paths: description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Delete Fleet Server host by ID + summary: Delete proxy by ID tags: - - Fleet Server hosts + - Fleet proxies get: - operationId: get-one-fleet-server-hosts + operationId: get-one-fleet-proxies responses: '200': content: @@ -8232,15 +7987,15 @@ paths: type: object properties: item: - $ref: '#/components/schemas/Fleet_fleet_server_host' + $ref: '#/components/schemas/Fleet_proxies' required: - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get Fleet Server host by ID + summary: Get proxy by ID tags: - - Fleet Server hosts + - Fleet proxies parameters: - in: path name: itemId @@ -8248,7 +8003,7 @@ paths: schema: type: string put: - operationId: update-fleet-server-hosts + operationId: update-fleet-proxies parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: @@ -8257,21 +8012,17 @@ paths: schema: type: object properties: - host_urls: - items: - type: string - type: array - is_default: - type: boolean - is_internal: - type: boolean + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string name: type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - nullable: true + proxy_headers: + type: object + url: type: string responses: '200': @@ -8281,34 +8032,149 @@ paths: type: object properties: item: - $ref: '#/components/schemas/Fleet_fleet_server_host' + $ref: '#/components/schemas/Fleet_proxies' required: - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Update Fleet Server host by ID + summary: Update proxy by ID tags: - - Fleet Server hosts - /health_check: + - Fleet proxies + /api/fleet/service_tokens: post: - operationId: fleet-server-health-check + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /api/fleet/service-tokens: + post: + deprecated: true + operationId: generate-service-token-deprecated parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /api/fleet/settings: + get: + operationId: get-settings + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get settings + tags: + - Fleet internals + put: + operationId: update-settings requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - host: - deprecated: true - type: string - id: + additional_yaml_config: type: string - required: - - id - required: true + fleet_server_hosts: + description: Protocol and path must be the same for each URL + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update settings + tags: + - Fleet internals + /api/fleet/setup: + post: + operationId: setup + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + description: Internal Server Error + summary: Initiate Fleet setup + tags: + - Fleet internals + /api/fleet/uninstall_tokens: + get: + operationId: get-uninstall-tokens + parameters: + - description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + minimum: 5 + type: integer + - $ref: '#/components/parameters/Fleet_page_index' + - description: Partial match filtering for policy IDs + in: query + name: policyId + required: false + schema: + type: string responses: '200': content: @@ -8316,37 +8182,45 @@ paths: schema: type: object properties: - host: - deprecated: true - type: string - id: - description: Fleet Server host id - type: string - status: - type: string + items: + items: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + required: + - id + - policy_id + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Fleet Server health check + summary: List metadata for latest uninstall tokens per agent policy tags: - - Fleet internals - /kubernetes: + - Fleet uninstall tokens + '/api/fleet/uninstall_tokens/{uninstallTokenId}': get: - operationId: get-full-k8s-manifest + operationId: get-uninstall-token parameters: - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false + - in: path + name: uninstallTokenId + required: true schema: type: string responses: @@ -8357,66 +8231,126 @@ paths: type: object properties: item: - type: string + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + token: + type: string + required: + - id + - token + - policy_id + - created_at + required: + - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get full K8s agent manifest + summary: Get one decrypted uninstall token by its ID tags: - - Fleet Kubernetes - /logstash_api_keys: - post: - operationId: generate-logstash-api-key + - Fleet uninstall tokens + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models in the default space. You must have `all` privileges for the + **Machine Learning** feature in the **Analytics** section of the Kibana + feature privileges. This API runs automatically when you start Kibana + and periodically thereafter. + operationId: mlSync parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' schema: - type: object - properties: - api_key: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Generate Logstash API key + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync saved objects in the default space tags: - - Fleet outputs - /outputs: - get: - operationId: get-outputs + - ml + /api/saved_objects/_bulk_create: + post: + deprecated: true + operationId: bulkCreateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: 'When true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_output_create_request' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: List outputs + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Create saved objects tags: - - Fleet outputs + - saved objects + /api/saved_objects/_bulk_delete: post: - operationId: post-outputs + deprecated: true + description: | + WARNING: When you delete a saved object, it cannot be recovered. + operationId: bulkDeleteSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + When true, force delete objects that exist in multiple namespaces. + Note that the option applies to the whole request. Use the delete + object API to specify per-object deletion behavior. TIP: Use this if + you attempted to delete objects and received an HTTP 400 error with + the following message: "Unable to delete saved object that exists in + multiple namespaces, use the force option to delete it anyway". + WARNING: When you bulk delete objects that exist in multiple + namespaces, the API also deletes legacy url aliases that reference + the object. These requests are batched to minimise the impact but + they can place a heavy load on Kibana. Make sure you limit the + number of objects that exist in multiple namespaces in a single bulk + delete operation. + in: query + name: force + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_output_create_request' + items: + type: object + type: array required: true responses: '200': @@ -8424,578 +8358,857 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. '400': - $ref: '#/components/responses/Fleet_error' - summary: Create output + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Delete saved objects tags: - - Fleet outputs - '/outputs/{outputId}': - delete: - operationId: delete-output + - saved objects + /api/saved_objects/_bulk_get: + post: + deprecated: true + operationId: bulkGetSavedObjects parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - id: - type: string - required: - - id - description: OK + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete output by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Get saved objects tags: - - Fleet outputs - get: - operationId: get-output + - saved objects + /api/saved_objects/_bulk_resolve: + post: + deprecated: true + description: > + Retrieve multiple Kibana saved objects by identifier using any legacy + URL aliases if they exist. Under certain circumstances when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved by the bulk resolve API + using either its new ID or its old ID. + operationId: bulkResolveSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. '400': - $ref: '#/components/responses/Fleet_error' - summary: Get output by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Resolve saved objects tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - put: - operationId: update-output + - saved objects + /api/saved_objects/_bulk_update: + post: + deprecated: true + description: Update the attributes for multiple Kibana saved objects. + operationId: bulkUpdateSavedObjects parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_output_update_request' + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_update_request' - description: OK + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. '400': - $ref: '#/components/responses/Fleet_error' - summary: Update output by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Update saved objects tags: - - Fleet outputs - '/outputs/{outputId}/health': - get: - operationId: get-output-health + - saved objects + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: '#/components/examples/Saved_objects_export_objects_request' + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: '#/components/examples/Saved_objects_export_objects_response' schema: + additionalProperties: true type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: 'state of output, HEALTHY or DEGRADED' - type: string - timestamp: - description: timestamp of reported state - type: string - description: OK + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Get latest output health + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Export saved objects tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - /package_policies: + - saved objects + /api/saved_objects/_find: get: - operationId: get-package-policies + deprecated: true + description: Retrieve a paginated set of Kibana saved objects. + operationId: findSavedObjects parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' + - description: > + An aggregation structure, serialized as a string. The field format + is similar to filter, meaning that to use a saved object type + attribute in the aggregation, the `savedObjectType.attributes.title: + "myTitle"` format must be used. For root fields, the syntax is + `savedObjectType.rootField`. NOTE: As objects change in Kibana, the + results on each page of the response also change. Use the find API + for traditional paginated results, but avoid using it to export + large amounts of data. + in: query + name: aggs + schema: + type: string + - description: The default operator to use for the `simple_query_string`. + in: query + name: default_search_operator + schema: + type: string + - description: The fields to return in the attributes key of the response. + in: query + name: fields + schema: + oneOf: + - type: string + - type: array + - description: > + The filter is a KQL string with the caveat that if you filter with + an attribute from your saved object type, it should look like that: + `savedObjectType.attributes.title: "myTitle"`. However, if you use a + root attribute of a saved object such as `updated_at`, you will have + to define your filter like that: `savedObjectType.updated_at > + 2018-12-22`. + in: query + name: filter + schema: + type: string + - description: >- + Filters to objects that do not have a relationship with the type and + identifier combination. + in: query + name: has_no_reference + schema: + type: object + - description: >- + The operator to use for the `has_no_reference` parameter. Either + `OR` or `AND`. Defaults to `OR`. + in: query + name: has_no_reference_operator + schema: + type: string + - description: >- + Filters to objects that have a relationship with the type and ID + combination. + in: query + name: has_reference + schema: + type: object + - description: >- + The operator to use for the `has_reference` parameter. Either `OR` + or `AND`. Defaults to `OR`. + in: query + name: has_reference_operator + schema: + type: string + - description: The page of objects to return. + in: query + name: page + schema: + type: integer + - description: The number of objects to return per page. + in: query + name: per_page + schema: + type: integer + - description: >- + An Elasticsearch `simple_query_string` query that filters the + objects in the response. + in: query + name: search + schema: + type: string + - description: >- + The fields to perform the `simple_query_string` parsed query + against. + in: query + name: search_fields + schema: + oneOf: + - type: string + - type: array + - description: > + Sorts the response. Includes "root" and "type" fields. "root" fields + exist for all saved objects, such as "updated_at". "type" fields are + specific to an object type, such as fields returned in the + attributes key of the response. When a single type is defined in the + type parameter, the "root" and "type" fields are allowed, and + validity checks are made in that order. When multiple types are + defined in the type parameter, only "root" fields are allowed. + in: query + name: sort_field + schema: + type: string + - description: The saved object types to include. + in: query + name: type + required: true + schema: + oneOf: + - type: string + - type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - description: OK + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: List package policies + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Search for saved objects tags: - - Fleet package policies - parameters: [] + - saved objects + /api/saved_objects/_import: post: - operationId: create-package-policy + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false + schema: + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false + schema: + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: '#/components/examples/Saved_objects_import_objects_request' schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - description: >- - You should use inputs as an object and not use the deprecated inputs - array. + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: '#/components/examples/Saved_objects_import_objects_response' schema: type: object properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Create package policy + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Import saved objects tags: - - Fleet package policies - /package_policies/_bulk_get: + - saved objects + x-codeSamples: + - label: Import with createNewCopies + lang: cURL + source: | + curl \ + -X POST api/saved_objects/_import?createNewCopies=true + -H "kbn-xsrf: true" + --form file=@file.ndjson + /api/saved_objects/_resolve_import_errors: post: - operationId: bulk-get-package-policies + description: > + To resolve errors from the Import objects API, you can: + + + * Retry certain saved objects + + * Overwrite specific saved objects + + * Change references to different saved objects + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: resolveImportErrors parameters: - - $ref: '#/components/parameters/Fleet_format' + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. When enabled during the initial import, also enable when + resolving import errors. This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + - description: > + Creates copies of the saved objects, regenerates each object ID, and + resets the origin. When enabled during the initial import, also + enable when resolving import errors. + in: query + name: createNewCopies + required: false + schema: + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsRequest: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_request schema: type: object properties: - ids: - description: list of package policy ids + file: + description: The same file given to the import API. + format: binary + type: string + retries: + description: >- + The retry operations, which can specify how to resolve + different types of errors. items: - type: string + type: object + properties: + destinationId: + description: >- + Specifies the destination ID that the imported object + should have, if different from the current ID. + type: string + id: + description: The saved object ID. + type: string + ignoreMissingReferences: + description: >- + When set to `true`, ignores missing reference errors. + When set to `false`, does nothing. + type: boolean + overwrite: + description: >- + When set to `true`, the source object overwrites the + conflicting destination object. When set to `false`, + does nothing. + type: boolean + replaceReferences: + description: >- + A list of `type`, `from`, and `to` used to change the + object references. + items: + type: object + properties: + from: + type: string + to: + type: string + type: + type: string + type: array + type: + description: The saved object type. + type: string + required: + - type + - id type: array - ignoreMissing: - type: boolean required: - - ids + - retries + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsResponse: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_response schema: type: object properties: - items: + errors: + description: > + Specifies the objects that failed to resolve. + + + NOTE: One object can result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and a `conflict` error. items: - $ref: '#/components/schemas/Fleet_package_policy' + type: object type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get package policies - tags: - - Fleet package policies - '/package_policies/{packagePolicyId}': - delete: - operationId: delete-package-policy - parameters: - - in: query - name: force - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy by ID - tags: - - Fleet package policies - get: - operationId: get-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_format' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK + success: + description: > + Indicates a successful import. When set to `false`, some + objects may not have been created. For additional + information, refer to the `errors` and `successResults` + properties. + type: boolean + successCount: + description: | + Indicates the number of successfully resolved records. + type: number + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are only created when all resolvable errors + are addressed, including conflict and missing references. + items: + type: object + type: array + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package policy by ID - tags: - - Fleet package policies - parameters: - - in: path - name: packagePolicyId - required: true - schema: - type: string - put: - operationId: update-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - sucess: - type: boolean - required: - - item - - sucess - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package policy by ID + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve import errors tags: - - Fleet package policies - /package_policies/delete: + - saved objects + '/api/saved_objects/{type}': post: - operationId: post-delete-package-policy + deprecated: true + description: Create a Kibana saved object with a randomly generated identifier. + operationId: createSavedObject parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: 'If true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_references' required: - - packagePolicyIds + - attributes + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy + type: object + description: Indicates a successful call. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object tags: - - Fleet package policies - /package_policies/upgrade: - post: - operationId: upgrade-package-policy - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds + - saved objects + '/api/saved_objects/{type}/{id}': + get: + deprecated: true + description: Retrieve a single Kibana saved object by identifier. + operationId: getSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade package policy to a newer package version + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Get a saved object tags: - - Fleet package policies - /package_policies/upgrade/dryrun: + - saved objects post: - operationId: upgrade-package-policy-dry-run + deprecated: true + description: >- + Create a Kibana saved object and specify its identifier instead of using + a randomly generated ID. + operationId: createSavedObjectId + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: 'If true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - packagePolicyIds: - items: - type: string - type: array - packageVersion: - type: string + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' required: - - packagePolicyIds + - attributes + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - agent_diff: - $ref: '#/components/schemas/Fleet_upgrade_agent_diff' - diff: - $ref: '#/components/schemas/Fleet_upgrade_diff' - hasErrors: - type: boolean - required: - - hasErrors - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Dry run package policy upgrade - tags: - - Fleet package policies - /proxies: - get: - operationId: get-fleet-proxies - responses: - '200': + type: object + description: Indicates a successful call. + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_proxies' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List proxies + description: Indicates a conflict error. + summary: Create a saved object tags: - - Fleet proxies - post: - operationId: post-fleet-proxies + - saved objects + put: + deprecated: true + description: Update the attributes for Kibana saved objects. + operationId: updateSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - id: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string - required: - - name - - url + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create proxy - tags: - - Fleet proxies - '/proxies/{itemId}': - delete: - operationId: delete-fleet-proxies - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + description: Indicates a successful call. + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete proxy by ID + description: Indicates the object was not found. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Update a saved object tags: - - Fleet proxies + - saved objects + '/api/saved_objects/resolve/{type}/{id}': get: - operationId: get-one-fleet-proxies + deprecated: true + description: > + Retrieve a single Kibana saved object by identifier using any legacy URL + alias if it exists. Under certain circumstances, when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved using either its new ID or + its old ID. + operationId: resolveSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - required: - - item - description: OK + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Get proxy by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve a saved object tags: - - Fleet proxies - parameters: - - in: path - name: itemId - required: true - schema: - type: string - put: - operationId: update-fleet-proxies + - saved objects + /api/status: + get: + operationId: /api/status#0 parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update proxy by ID + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status tags: - - Fleet proxies + - system '/s/{spaceId}/api/observability/slos': get: description: > @@ -9439,244 +9652,6 @@ paths: summary: Enable an SLO tags: - slo - /service_tokens: - post: - operationId: generate-service-token - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - value: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token - tags: - - Fleet service tokens - /service-tokens: - post: - deprecated: true - operationId: generate-service-token-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - value: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token - tags: - - Fleet service tokens - /settings: - get: - operationId: get-settings - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get settings - tags: - - Fleet internals - put: - operationId: update-settings - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - additional_yaml_config: - type: string - fleet_server_hosts: - description: Protocol and path must be the same for each URL - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update settings - tags: - - Fleet internals - /settings/enrollment: - get: - operationId: get-enrollment-settings - parameters: - - description: >- - An agent policy ID to scope the enrollment settings to. For example, - that policy's Fleet Server host, its proxy, download location, etc. - If not provided, the default Fleet Server policy is used (if any). - in: query - name: agentPolicyId - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_settings_enrollment_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment settings - tags: - - Fleet internals - /setup: - post: - operationId: setup - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - description: Internal Server Error - summary: Initiate Fleet setup - tags: - - Fleet internals - /uninstall_tokens: - get: - operationId: get-uninstall-tokens - parameters: - - description: The number of items to return - in: query - name: perPage - required: false - schema: - default: 20 - minimum: 5 - type: integer - - $ref: '#/components/parameters/Fleet_page_index' - - description: Partial match filtering for policy IDs - in: query - name: policyId - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: object - properties: - created_at: - type: string - id: - type: string - policy_id: - type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List metadata for latest uninstall tokens per agent policy - tags: - - Fleet uninstall tokens - '/uninstall_tokens/{uninstallTokenId}': - get: - operationId: get-uninstall-token - parameters: - - in: path - name: uninstallTokenId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - type: object - properties: - created_at: - type: string - id: - type: string - policy_id: - type: string - token: - type: string - required: - - id - - token - - policy_id - - created_at - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get one decrypted uninstall token by its ID - tags: - - Fleet uninstall tokens components: examples: Alerting_create_es_query_esql_rule_request: @@ -24848,49 +24823,6 @@ components: - is_default - is_preconfigured - host_urls - Fleet_fleet_settings_enrollment_response: - title: Fleet settings response - type: object - properties: - download_source: - $ref: '#/components/schemas/Fleet_download_sources' - fleet_server: - type: object - properties: - has_active: - type: boolean - host: - $ref: '#/components/schemas/Fleet_fleet_server_host' - host_proxy: - $ref: '#/components/schemas/Fleet_proxies' - policies: - items: - type: object - properties: - download_source_id: - type: string - fleet_server_host_id: - type: string - has_fleet_server: - type: boolean - id: - type: string - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - name: - type: string - required: - - id - - name - - is_managed - type: array - required: - - agent_policies - - has_active - required: - - fleet_server Fleet_fleet_settings_response: title: Fleet settings response type: object diff --git a/x-pack/plugins/fleet/common/openapi/bundled.json b/x-pack/plugins/fleet/common/openapi/bundled.json index 8e40077992671..b169c3aff6f66 100644 --- a/x-pack/plugins/fleet/common/openapi/bundled.json +++ b/x-pack/plugins/fleet/common/openapi/bundled.json @@ -1,5 +1,27 @@ { "openapi": "3.0.0", + "info": { + "title": "Fleet", + "description": "OpenAPI schema for Fleet API endpoints", + "version": "0.2", + "contact": { + "name": "Fleet Team" + }, + "license": { + "name": "Elastic License 2.0", + "url": "https://www.elastic.co/licensing/elastic-license" + } + }, + "servers": [ + { + "url": "http://KIBANA_HOST:5601" + } + ], + "security": [ + { + "basicAuth": [] + } + ], "tags": [ { "name": "Data streams" @@ -50,26 +72,8 @@ "name": "Fleet uninstall tokens" } ], - "info": { - "title": "Fleet", - "description": "OpenAPI schema for Fleet API endpoints", - "version": "0.2", - "contact": { - "name": "Fleet Team" - }, - "license": { - "name": "Elastic License 2.0", - "url": "https://www.elastic.co/licensing/elastic-license" - } - }, - "servers": [ - { - "url": "http://KIBANA_HOST:5601/api/fleet", - "description": "Public and supported Fleet API" - } - ], "paths": { - "/health_check": { + "/api/fleet/health_check": { "post": { "summary": "Fleet Server health check", "tags": [ @@ -133,7 +137,7 @@ } } }, - "/setup": { + "/api/fleet/setup": { "post": { "summary": "Initiate Fleet setup", "tags": [ @@ -177,7 +181,7 @@ ] } }, - "/settings": { + "/api/fleet/settings": { "get": { "summary": "Get settings", "tags": [ @@ -247,48 +251,7 @@ "operationId": "update-settings" } }, - "/settings/enrollment": { - "servers": [ - { - "url": "http://KIBANA_HOST:5601/internal/fleet", - "description": "Used for Fleet internals and not supported" - } - ], - "get": { - "summary": "Get enrollment settings", - "tags": [ - "Fleet internals" - ], - "parameters": [ - { - "in": "query", - "name": "agentPolicyId", - "required": false, - "schema": { - "type": "string" - }, - "description": "An agent policy ID to scope the enrollment settings to. For example, that policy's Fleet Server host, its proxy, download location, etc. If not provided, the default Fleet Server policy is used (if any)." - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/fleet_settings_enrollment_response" - } - } - } - }, - "400": { - "$ref": "#/components/responses/error" - } - }, - "operationId": "get-enrollment-settings" - } - }, - "/service-tokens": { + "/api/fleet/service-tokens": { "post": { "summary": "Create service token", "tags": [ @@ -326,7 +289,7 @@ "deprecated": true } }, - "/service_tokens": { + "/api/fleet/service_tokens": { "post": { "summary": "Create service token", "tags": [ @@ -363,7 +326,7 @@ ] } }, - "/epm/verification_key_id": { + "/api/fleet/epm/verification_key_id": { "get": { "summary": "Get package signature verification key ID", "tags": [ @@ -406,7 +369,7 @@ }, "parameters": [] }, - "/epm/bulk_assets": { + "/api/fleet/epm/bulk_assets": { "post": { "summary": "Bulk get assets", "tags": [ @@ -459,7 +422,7 @@ } } }, - "/epm/categories": { + "/api/fleet/epm/categories": { "get": { "summary": "List package categories", "tags": [ @@ -511,7 +474,7 @@ } ] }, - "/epm/packages/limited": { + "/api/fleet/epm/packages/limited": { "get": { "summary": "Get limited package list", "tags": [ @@ -544,7 +507,7 @@ }, "parameters": [] }, - "/epm/packages": { + "/api/fleet/epm/packages": { "get": { "summary": "List packages", "tags": [ @@ -712,7 +675,7 @@ } } }, - "/epm/packages/_bulk": { + "/api/fleet/epm/packages/_bulk": { "post": { "summary": "Bulk install packages", "tags": [ @@ -790,7 +753,7 @@ } } }, - "/epm/packages/{pkgkey}": { + "/api/fleet/epm/packages/{pkgkey}": { "get": { "summary": "Get package", "tags": [ @@ -1047,7 +1010,7 @@ "deprecated": true } }, - "/epm/packages/{pkgName}/{pkgVersion}": { + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}": { "get": { "summary": "Get package", "tags": [ @@ -1414,7 +1377,7 @@ } } }, - "/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize": { + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize": { "post": { "summary": "Authorize transforms", "tags": [ @@ -1517,7 +1480,7 @@ } } }, - "/epm/packages/{pkgName}/{pkgVersion}/{filePath}": { + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}": { "get": { "summary": "Get package file", "tags": [ @@ -1578,7 +1541,7 @@ } ] }, - "/epm/packages/{pkgName}/stats": { + "/api/fleet/epm/packages/{pkgName}/stats": { "get": { "summary": "Get package stats", "tags": [ @@ -1625,7 +1588,7 @@ } ] }, - "/epm/templates/{pkgName}/{pkgVersion}/inputs": { + "/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs": { "get": { "summary": "Get inputs template", "tags": [ @@ -1694,7 +1657,7 @@ } ] }, - "/agents/setup": { + "/api/fleet/agents/setup": { "get": { "summary": "Get agent setup info", "tags": [ @@ -1771,7 +1734,7 @@ ] } }, - "/agent-status": { + "/api/fleet/agent-status": { "get": { "summary": "Get agent status summary", "tags": [ @@ -1842,7 +1805,7 @@ "deprecated": true } }, - "/agent_status": { + "/api/fleet/agent_status": { "get": { "summary": "Get agent status summary", "tags": [ @@ -1933,7 +1896,7 @@ ] } }, - "/agent_status/data": { + "/api/fleet/agent_status/data": { "get": { "summary": "Get incoming agent data", "tags": [ @@ -1986,7 +1949,7 @@ ] } }, - "/agents": { + "/api/fleet/agents": { "get": { "summary": "List agents", "tags": [ @@ -2097,7 +2060,7 @@ } } }, - "/agents/bulk_upgrade": { + "/api/fleet/agents/bulk_upgrade": { "post": { "summary": "Bulk upgrade agents", "tags": [ @@ -2151,7 +2114,7 @@ } } }, - "/agents/action_status": { + "/api/fleet/agents/action_status": { "get": { "summary": "Get agent action status", "tags": [ @@ -2311,7 +2274,7 @@ "operationId": "agents-action-status" } }, - "/agents/{agentId}": { + "/api/fleet/agents/{agentId}": { "parameters": [ { "schema": { @@ -2452,7 +2415,7 @@ ] } }, - "/agents/{agentId}/actions": { + "/api/fleet/agents/{agentId}/actions": { "parameters": [ { "schema": { @@ -2520,7 +2483,7 @@ } } }, - "/agents/{agentId}/actions/{actionId}/cancel": { + "/api/fleet/agents/{agentId}/actions/{actionId}/cancel": { "parameters": [ { "schema": { @@ -2572,7 +2535,7 @@ ] } }, - "/agents/files/{fileId}/{fileName}": { + "/api/fleet/agents/files/{fileId}/{fileName}": { "parameters": [ { "schema": { @@ -2628,7 +2591,7 @@ "operationId": "get-agent-upload-file" } }, - "/agents/files/{fileId}": { + "/api/fleet/agents/files/{fileId}": { "parameters": [ { "schema": { @@ -2675,7 +2638,7 @@ "operationId": "delete-agent-upload-file" } }, - "/agents/{agentId}/reassign": { + "/api/fleet/agents/{agentId}/reassign": { "parameters": [ { "schema": { @@ -2778,7 +2741,7 @@ "deprecated": true } }, - "/agents/{agentId}/unenroll": { + "/api/fleet/agents/{agentId}/unenroll": { "parameters": [ { "schema": { @@ -2855,7 +2818,7 @@ } } }, - "/agents/{agentId}/upgrade": { + "/api/fleet/agents/{agentId}/upgrade": { "parameters": [ { "schema": { @@ -2904,7 +2867,7 @@ } } }, - "/agents/{agentId}/uploads": { + "/api/fleet/agents/{agentId}/uploads": { "parameters": [ { "schema": { @@ -2951,7 +2914,7 @@ "operationId": "list-agent-uploads" } }, - "/agents/bulk_reassign": { + "/api/fleet/agents/bulk_reassign": { "post": { "summary": "Bulk reassign agents", "tags": [ @@ -3023,7 +2986,7 @@ } } }, - "/agents/bulk_unenroll": { + "/api/fleet/agents/bulk_unenroll": { "post": { "summary": "Bulk unenroll agents", "tags": [ @@ -3106,7 +3069,7 @@ } } }, - "/agents/bulk_update_agent_tags": { + "/api/fleet/agents/bulk_update_agent_tags": { "post": { "summary": "Bulk update agent tags", "tags": [ @@ -3196,7 +3159,7 @@ } } }, - "/agents/tags": { + "/api/fleet/agents/tags": { "get": { "summary": "List agent tags", "tags": [ @@ -3220,7 +3183,7 @@ "operationId": "get-agent-tags" } }, - "/agents/{agentId}/request_diagnostics": { + "/api/fleet/agents/{agentId}/request_diagnostics": { "parameters": [ { "schema": { @@ -3288,7 +3251,7 @@ ] } }, - "/agents/bulk_request_diagnostics": { + "/api/fleet/agents/bulk_request_diagnostics": { "post": { "summary": "Bulk request diagnostics from agents", "tags": [ @@ -3370,7 +3333,7 @@ } } }, - "/agent_policies": { + "/api/fleet/agent_policies": { "get": { "summary": "List agent policies", "tags": [ @@ -3487,7 +3450,7 @@ ] } }, - "/agent_policies/{agentPolicyId}": { + "/api/fleet/agent_policies/{agentPolicyId}": { "parameters": [ { "schema": { @@ -3575,7 +3538,7 @@ ] } }, - "/agent_policies/{agentPolicyId}/copy": { + "/api/fleet/agent_policies/{agentPolicyId}/copy": { "parameters": [ { "schema": { @@ -3643,7 +3606,7 @@ } } }, - "/agent_policies/{agentPolicyId}/full": { + "/api/fleet/agent_policies/{agentPolicyId}/full": { "get": { "summary": "Get full agent policy by ID", "tags": [ @@ -3713,7 +3676,7 @@ } ] }, - "/agent_policies/{agentPolicyId}/download": { + "/api/fleet/agent_policies/{agentPolicyId}/download": { "get": { "summary": "Download agent policy by ID", "tags": [ @@ -3776,7 +3739,7 @@ } ] }, - "/agent_policies/_bulk_get": { + "/api/fleet/agent_policies/_bulk_get": { "post": { "summary": "Bulk get agent policies", "tags": [ @@ -3841,7 +3804,7 @@ "parameters": [] } }, - "/agent_policies/delete": { + "/api/fleet/agent_policies/delete": { "post": { "summary": "Delete agent policy by ID", "tags": [ @@ -3904,7 +3867,7 @@ }, "parameters": [] }, - "/data_streams": { + "/api/fleet/data_streams": { "get": { "summary": "List data streams", "tags": [ @@ -3937,7 +3900,7 @@ }, "parameters": [] }, - "/enrollment-api-keys": { + "/api/fleet/enrollment-api-keys": { "get": { "summary": "List enrollment API keys", "tags": [ @@ -4032,7 +3995,7 @@ "deprecated": true } }, - "/enrollment-api-keys/{keyId}": { + "/api/fleet/enrollment-api-keys/{keyId}": { "parameters": [ { "schema": { @@ -4114,7 +4077,7 @@ "deprecated": true } }, - "/enrollment_api_keys": { + "/api/fleet/enrollment_api_keys": { "get": { "summary": "List enrollment API keys", "tags": [ @@ -4207,7 +4170,7 @@ ] } }, - "/enrollment_api_keys/{keyId}": { + "/api/fleet/enrollment_api_keys/{keyId}": { "parameters": [ { "schema": { @@ -4287,7 +4250,7 @@ ] } }, - "/package_policies": { + "/api/fleet/package_policies": { "get": { "summary": "List package policies", "tags": [ @@ -4398,7 +4361,7 @@ ] } }, - "/package_policies/_bulk_get": { + "/api/fleet/package_policies/_bulk_get": { "post": { "summary": "Bulk get package policies", "tags": [ @@ -4463,7 +4426,7 @@ ] } }, - "/package_policies/delete": { + "/api/fleet/package_policies/delete": { "post": { "summary": "Delete package policy", "tags": [ @@ -4533,7 +4496,7 @@ ] } }, - "/package_policies/upgrade": { + "/api/fleet/package_policies/upgrade": { "post": { "summary": "Upgrade package policy to a newer package version", "tags": [ @@ -4598,7 +4561,7 @@ } } }, - "/package_policies/upgrade/dryrun": { + "/api/fleet/package_policies/upgrade/dryrun": { "post": { "summary": "Dry run package policy upgrade", "tags": [ @@ -4662,7 +4625,7 @@ } } }, - "/package_policies/{packagePolicyId}": { + "/api/fleet/package_policies/{packagePolicyId}": { "parameters": [ { "schema": { @@ -4799,7 +4762,7 @@ ] } }, - "/outputs": { + "/api/fleet/outputs": { "get": { "summary": "List outputs", "tags": [ @@ -4877,7 +4840,7 @@ "operationId": "post-outputs" } }, - "/outputs/{outputId}": { + "/api/fleet/outputs/{outputId}": { "get": { "summary": "Get output by ID", "tags": [ @@ -4992,7 +4955,7 @@ ] } }, - "/outputs/{outputId}/health": { + "/api/fleet/outputs/{outputId}/health": { "get": { "summary": "Get latest output health", "tags": [ @@ -5040,7 +5003,7 @@ } ] }, - "/logstash_api_keys": { + "/api/fleet/logstash_api_keys": { "post": { "summary": "Generate Logstash API key", "tags": [ @@ -5074,7 +5037,7 @@ ] } }, - "/agent_download_sources": { + "/api/fleet/agent_download_sources": { "get": { "summary": "List agent binary download sources", "tags": [ @@ -5170,7 +5133,7 @@ "operationId": "post-download-sources" } }, - "/agent_download_sources/{sourceId}": { + "/api/fleet/agent_download_sources/{sourceId}": { "get": { "summary": "Get agent binary download source by ID", "tags": [ @@ -5307,7 +5270,7 @@ ] } }, - "/fleet_server_hosts": { + "/api/fleet/fleet_server_hosts": { "get": { "summary": "List Fleet Server hosts", "tags": [ @@ -5412,7 +5375,7 @@ "operationId": "post-fleet-server-hosts" } }, - "/fleet_server_hosts/{itemId}": { + "/api/fleet/fleet_server_hosts/{itemId}": { "get": { "summary": "Get Fleet Server host by ID", "tags": [ @@ -5555,7 +5518,7 @@ ] } }, - "/proxies": { + "/api/fleet/proxies": { "get": { "summary": "List proxies", "tags": [ @@ -5659,7 +5622,7 @@ "operationId": "post-fleet-proxies" } }, - "/proxies/{itemId}": { + "/api/fleet/proxies/{itemId}": { "get": { "summary": "Get proxy by ID", "tags": [ @@ -5800,7 +5763,7 @@ ] } }, - "/kubernetes": { + "/api/fleet/kubernetes": { "get": { "summary": "Get full K8s agent manifest", "tags": [ @@ -5855,7 +5818,7 @@ ] } }, - "/uninstall_tokens": { + "/api/fleet/uninstall_tokens": { "get": { "summary": "List metadata for latest uninstall tokens per agent policy", "tags": [ @@ -5943,7 +5906,7 @@ ] } }, - "/uninstall_tokens/{uninstallTokenId}": { + "/api/fleet/uninstall_tokens/{uninstallTokenId}": { "get": { "summary": "Get one decrypted uninstall token by its ID", "tags": [ @@ -6215,166 +6178,6 @@ "item" ] }, - "fleet_server_host": { - "title": "Fleet Server Host", - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "is_default": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "proxy_id": { - "type": "string" - }, - "host_urls": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "fleet_server_hosts", - "id", - "is_default", - "is_preconfigured", - "host_urls" - ] - }, - "proxies": { - "title": "Fleet Proxy", - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "url": { - "type": "string" - }, - "proxy_headers": { - "type": "object" - }, - "certificate_authorities": { - "type": "string" - }, - "certificate": { - "type": "string" - }, - "certificate_key": { - "type": "string" - } - }, - "required": [ - "name", - "url" - ] - }, - "download_sources": { - "title": "Download Source", - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "is_default": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "host": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "type": "string", - "nullable": true - } - }, - "required": [ - "is_default", - "name", - "host" - ] - }, - "fleet_settings_enrollment_response": { - "title": "Fleet settings response", - "type": "object", - "properties": { - "fleet_server": { - "type": "object", - "properties": { - "policies": { - "type": "array", - "items": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "is_managed": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "has_fleet_server": { - "type": "boolean" - }, - "fleet_server_host_id": { - "type": "string" - }, - "download_source_id": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "is_managed" - ] - } - }, - "has_active": { - "type": "boolean" - }, - "host": { - "$ref": "#/components/schemas/fleet_server_host" - }, - "host_proxy": { - "$ref": "#/components/schemas/proxies" - } - }, - "required": [ - "agent_policies", - "has_active" - ] - }, - "download_source": { - "$ref": "#/components/schemas/download_sources" - } - }, - "required": [ - "fleet_server" - ] - }, "saved_object_type": { "title": "Saved Object type", "oneOf": [ @@ -9479,12 +9282,103 @@ "logstash": "#/components/schemas/output_update_request_logstash" } } + }, + "download_sources": { + "title": "Download Source", + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "is_default": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "host": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "type": "string", + "nullable": true + } + }, + "required": [ + "is_default", + "name", + "host" + ] + }, + "fleet_server_host": { + "title": "Fleet Server Host", + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "is_default": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "proxy_id": { + "type": "string" + }, + "host_urls": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "fleet_server_hosts", + "id", + "is_default", + "is_preconfigured", + "host_urls" + ] + }, + "proxies": { + "title": "Fleet Proxy", + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "url": { + "type": "string" + }, + "proxy_headers": { + "type": "object" + }, + "certificate_authorities": { + "type": "string" + }, + "certificate": { + "type": "string" + }, + "certificate_key": { + "type": "string" + } + }, + "required": [ + "name", + "url" + ] } } - }, - "security": [ - { - "basicAuth": [] - } - ] + } } \ No newline at end of file diff --git a/x-pack/plugins/fleet/common/openapi/bundled.yaml b/x-pack/plugins/fleet/common/openapi/bundled.yaml index 26836db8fd3e6..73e2dfefedbff 100644 --- a/x-pack/plugins/fleet/common/openapi/bundled.yaml +++ b/x-pack/plugins/fleet/common/openapi/bundled.yaml @@ -1,4 +1,17 @@ openapi: 3.0.0 +info: + title: Fleet + description: OpenAPI schema for Fleet API endpoints + version: '0.2' + contact: + name: Fleet Team + license: + name: Elastic License 2.0 + url: https://www.elastic.co/licensing/elastic-license +servers: + - url: http://KIBANA_HOST:5601 +security: + - basicAuth: [] tags: - name: Data streams - name: Elastic Agents @@ -16,20 +29,8 @@ tags: - name: Fleet proxies - name: Fleet service tokens - name: Fleet uninstall tokens -info: - title: Fleet - description: OpenAPI schema for Fleet API endpoints - version: '0.2' - contact: - name: Fleet Team - license: - name: Elastic License 2.0 - url: https://www.elastic.co/licensing/elastic-license -servers: - - url: http://KIBANA_HOST:5601/api/fleet - description: Public and supported Fleet API paths: - /health_check: + /api/fleet/health_check: post: summary: Fleet Server health check tags: @@ -69,7 +70,7 @@ paths: deprecated: true required: - id - /setup: + /api/fleet/setup: post: summary: Initiate Fleet setup tags: @@ -95,7 +96,7 @@ paths: operationId: setup parameters: - $ref: '#/components/parameters/kbn_xsrf' - /settings: + /api/fleet/settings: get: summary: Get settings tags: @@ -139,35 +140,7 @@ paths: '400': $ref: '#/components/responses/error' operationId: update-settings - /settings/enrollment: - servers: - - url: http://KIBANA_HOST:5601/internal/fleet - description: Used for Fleet internals and not supported - get: - summary: Get enrollment settings - tags: - - Fleet internals - parameters: - - in: query - name: agentPolicyId - required: false - schema: - type: string - description: >- - An agent policy ID to scope the enrollment settings to. For example, - that policy's Fleet Server host, its proxy, download location, etc. - If not provided, the default Fleet Server policy is used (if any). - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/fleet_settings_enrollment_response' - '400': - $ref: '#/components/responses/error' - operationId: get-enrollment-settings - /service-tokens: + /api/fleet/service-tokens: post: summary: Create service token tags: @@ -190,7 +163,7 @@ paths: parameters: - $ref: '#/components/parameters/kbn_xsrf' deprecated: true - /service_tokens: + /api/fleet/service_tokens: post: summary: Create service token tags: @@ -212,7 +185,7 @@ paths: operationId: generate-service-token parameters: - $ref: '#/components/parameters/kbn_xsrf' - /epm/verification_key_id: + /api/fleet/epm/verification_key_id: get: summary: Get package signature verification key ID tags: @@ -231,9 +204,7 @@ paths: id: type: string nullable: true - description: >- - the key ID of the GPG key used to verify package - signatures + description: the key ID of the GPG key used to verify package signatures statusCode: type: number headers: @@ -242,7 +213,7 @@ paths: $ref: '#/components/responses/error' operationId: packages-get-verification-key-id parameters: [] - /epm/bulk_assets: + /api/fleet/epm/bulk_assets: post: summary: Bulk get assets tags: @@ -275,7 +246,7 @@ paths: description: list of items necessary to fetch assets required: - assetIds - /epm/categories: + /api/fleet/epm/categories: get: summary: List package categories tags: @@ -296,9 +267,7 @@ paths: schema: type: boolean default: false - description: >- - Whether to include prerelease packages in categories count (e.g. beta, - rc, preview) + description: Whether to include prerelease packages in categories count (e.g. beta, rc, preview) - in: query name: experimental deprecated: true @@ -310,7 +279,7 @@ paths: schema: type: boolean default: false - /epm/packages/limited: + /api/fleet/epm/packages/limited: get: summary: Get limited package list tags: @@ -331,7 +300,7 @@ paths: $ref: '#/components/responses/error' operationId: list-limited-packages parameters: [] - /epm/packages: + /api/fleet/epm/packages: get: summary: List packages tags: @@ -352,20 +321,13 @@ paths: schema: type: boolean default: false - description: >- - Whether to exclude the install status of each package. Enabling this - option will opt in to caching for the response via `cache-control` - headers. If you don't need up-to-date installation info for a - package, and are querying for a list of available packages, - providing this flag can improve performance substantially. + description: Whether to exclude the install status of each package. Enabling this option will opt in to caching for the response via `cache-control` headers. If you don't need up-to-date installation info for a package, and are querying for a list of available packages, providing this flag can improve performance substantially. - in: query name: prerelease schema: type: boolean default: false - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) + description: Whether to return prerelease versions of packages (e.g. beta, rc, preview) - in: query name: experimental deprecated: true @@ -432,9 +394,7 @@ paths: schema: type: boolean default: false - description: >- - Skip data stream rollover during index template mapping or settings - update + description: Skip data stream rollover during index template mapping or settings update requestBody: content: application/zip: @@ -445,7 +405,7 @@ paths: schema: type: string format: binary - /epm/packages/_bulk: + /api/fleet/epm/packages/_bulk: post: summary: Bulk install packages tags: @@ -466,9 +426,7 @@ paths: schema: type: boolean default: false - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) + description: Whether to return prerelease versions of packages (e.g. beta, rc, preview) requestBody: content: application/json: @@ -495,7 +453,7 @@ paths: description: force install to ignore package verification errors required: - packages - /epm/packages/{pkgkey}: + /api/fleet/epm/packages/{pkgkey}: get: summary: Get package tags: @@ -540,9 +498,7 @@ paths: schema: type: boolean default: false - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) + description: Whether to return prerelease versions of packages (e.g. beta, rc, preview) deprecated: true post: summary: Install package @@ -594,9 +550,7 @@ paths: schema: type: boolean default: false - description: >- - Skip data stream rollover during index template mapping or settings - update + description: Skip data stream rollover during index template mapping or settings update requestBody: content: application/json: @@ -653,7 +607,7 @@ paths: force: type: boolean deprecated: true - /epm/packages/{pkgName}/{pkgVersion}: + /api/fleet/epm/packages/{pkgName}/{pkgVersion}: get: summary: Get package tags: @@ -715,18 +669,14 @@ paths: - schema: type: boolean name: full - description: >- - Return all fields from the package manifest, not just those supported - by the Elastic Package Registry + description: Return all fields from the package manifest, not just those supported by the Elastic Package Registry in: query - in: query name: prerelease schema: type: boolean default: false - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) + description: Whether to return prerelease versions of packages (e.g. beta, rc, preview) post: summary: Install package tags: @@ -781,9 +731,7 @@ paths: schema: type: boolean default: false - description: >- - Skip data stream rollover during index template mapping or settings - update + description: Skip data stream rollover during index template mapping or settings update requestBody: content: application/json: @@ -881,7 +829,7 @@ paths: properties: force: type: boolean - /epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: post: summary: Authorize transforms tags: @@ -931,9 +879,7 @@ paths: schema: type: boolean default: false - description: >- - Whether to include prerelease packages in categories count (e.g. - beta, rc, preview) + description: Whether to include prerelease packages in categories count (e.g. beta, rc, preview) requestBody: content: application/json: @@ -947,7 +893,7 @@ paths: properties: transformId: type: string - /epm/packages/{pkgName}/{pkgVersion}/{filePath}: + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}: get: summary: Get package file tags: @@ -985,7 +931,7 @@ paths: name: filePath in: path required: true - /epm/packages/{pkgName}/stats: + /api/fleet/epm/packages/{pkgName}/stats: get: summary: Get package stats tags: @@ -1013,7 +959,7 @@ paths: name: pkgName in: path required: true - /epm/templates/{pkgName}/{pkgVersion}/inputs: + /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: get: summary: Get inputs template tags: @@ -1056,7 +1002,7 @@ paths: name: ignoreUnverified description: Ignore if the package is fails signature verification in: query - /agents/setup: + /api/fleet/agents/setup: get: summary: Get agent setup info tags: @@ -1102,7 +1048,7 @@ paths: - admin_password parameters: - $ref: '#/components/parameters/kbn_xsrf' - /agent-status: + /api/fleet/agent-status: get: summary: Get agent status summary tags: @@ -1150,7 +1096,7 @@ paths: in: query required: false deprecated: true - /agent_status: + /api/fleet/agent_status: get: summary: Get agent status summary tags: @@ -1212,7 +1158,7 @@ paths: in: query required: false deprecated: true - /agent_status/data: + /api/fleet/agent_status/data: get: summary: Get incoming agent data tags: @@ -1245,7 +1191,7 @@ paths: name: agentsIds in: query required: true - /agents: + /api/fleet/agents: get: summary: List agents tags: @@ -1305,7 +1251,7 @@ paths: type: string required: - policy_id - /agents/bulk_upgrade: + /api/fleet/agents/bulk_upgrade: post: summary: Bulk upgrade agents tags: @@ -1339,7 +1285,7 @@ paths: - agent1 - agent2 start_time: '2022-08-03T14:00:00.000Z' - /agents/action_status: + /api/fleet/agents/action_status: get: summary: Get agent action status tags: @@ -1427,9 +1373,7 @@ paths: description: creation time of action latestErrors: type: array - description: >- - latest errors that happened when the agents executed - the action + description: latest errors that happened when the agents executed the action items: type: object properties: @@ -1454,7 +1398,7 @@ paths: '400': $ref: '#/components/responses/error' operationId: agents-action-status - /agents/{agentId}: + /api/fleet/agents/{agentId}: parameters: - schema: type: string @@ -1539,7 +1483,7 @@ paths: operationId: delete-agent parameters: - $ref: '#/components/parameters/kbn_xsrf' - /agents/{agentId}/actions: + /api/fleet/agents/{agentId}/actions: parameters: - schema: type: string @@ -1580,7 +1524,7 @@ paths: properties: action: $ref: '#/components/schemas/agent_action' - /agents/{agentId}/actions/{actionId}/cancel: + /api/fleet/agents/{agentId}/actions/{actionId}/cancel: parameters: - schema: type: string @@ -1611,7 +1555,7 @@ paths: operationId: agent-action-cancel parameters: - $ref: '#/components/parameters/kbn_xsrf' - /agents/files/{fileId}/{fileName}: + /api/fleet/agents/files/{fileId}/{fileName}: parameters: - schema: type: string @@ -1646,7 +1590,7 @@ paths: '400': $ref: '#/components/responses/error' operationId: get-agent-upload-file - /agents/files/{fileId}: + /api/fleet/agents/files/{fileId}: parameters: - schema: type: string @@ -1675,7 +1619,7 @@ paths: '400': $ref: '#/components/responses/error' operationId: delete-agent-upload-file - /agents/{agentId}/reassign: + /api/fleet/agents/{agentId}/reassign: parameters: - schema: type: string @@ -1737,7 +1681,7 @@ paths: required: - policy_id deprecated: true - /agents/{agentId}/unenroll: + /api/fleet/agents/{agentId}/unenroll: parameters: - schema: type: string @@ -1783,7 +1727,7 @@ paths: type: boolean force: type: boolean - /agents/{agentId}/upgrade: + /api/fleet/agents/{agentId}/upgrade: parameters: - schema: type: string @@ -1812,7 +1756,7 @@ paths: application/json: schema: $ref: '#/components/schemas/upgrade_agent' - /agents/{agentId}/uploads: + /api/fleet/agents/{agentId}/uploads: parameters: - schema: type: string @@ -1841,7 +1785,7 @@ paths: '400': $ref: '#/components/responses/error' operationId: list-agent-uploads - /agents/bulk_reassign: + /api/fleet/agents/bulk_reassign: post: summary: Bulk reassign agents tags: @@ -1884,7 +1828,7 @@ paths: example: policy_id: policy_id agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - /agents/bulk_unenroll: + /api/fleet/agents/bulk_unenroll: post: summary: Bulk unenroll agents tags: @@ -1926,9 +1870,7 @@ paths: description: Unenrolls hosted agents too includeInactive: type: boolean - description: >- - When passing agents by KQL query, unenrolls inactive agents - too + description: When passing agents by KQL query, unenrolls inactive agents too required: - agents example: @@ -1937,7 +1879,7 @@ paths: agents: - agent1 - agent2 - /agents/bulk_update_agent_tags: + /api/fleet/agents/bulk_update_agent_tags: post: summary: Bulk update agent tags tags: @@ -1991,7 +1933,7 @@ paths: - newTag tagsToRemove: - existingTag - /agents/tags: + /api/fleet/agents/tags: get: summary: List agent tags tags: @@ -2006,7 +1948,7 @@ paths: '400': $ref: '#/components/responses/error' operationId: get-agent-tags - /agents/{agentId}/request_diagnostics: + /api/fleet/agents/{agentId}/request_diagnostics: parameters: - schema: type: string @@ -2045,7 +1987,7 @@ paths: operationId: request-diagnostics-agent parameters: - $ref: '#/components/parameters/kbn_xsrf' - /agents/bulk_request_diagnostics: + /api/fleet/agents/bulk_request_diagnostics: post: summary: Bulk request diagnostics from agents tags: @@ -2092,7 +2034,7 @@ paths: - agents example: agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - /agent_policies: + /api/fleet/agent_policies: get: summary: List agent policies tags: @@ -2131,18 +2073,12 @@ paths: type: boolean in: query name: full - description: >- - When set to true, retrieve the related package policies for each - agent policy. + description: When set to true, retrieve the related package policies for each agent policy. - schema: type: boolean in: query name: noAgentCount - description: >- - When set to true, do not count how many agents are in the agent - policy, this can improve performance if you are searching over a - large number of agent policies. The "agents" property will always be - 0 if set to true. + description: When set to true, do not count how many agents are in the agent policy, this can improve performance if you are searching over a large number of agent policies. The "agents" property will always be 0 if set to true. description: '' post: summary: Create agent policy @@ -2169,7 +2105,7 @@ paths: security: [] parameters: - $ref: '#/components/parameters/kbn_xsrf' - /agent_policies/{agentPolicyId}: + /api/fleet/agent_policies/{agentPolicyId}: parameters: - schema: type: string @@ -2223,7 +2159,7 @@ paths: $ref: '#/components/schemas/agent_policy_update_request' parameters: - $ref: '#/components/parameters/kbn_xsrf' - /agent_policies/{agentPolicyId}/copy: + /api/fleet/agent_policies/{agentPolicyId}/copy: parameters: - schema: type: string @@ -2264,7 +2200,7 @@ paths: required: - name description: '' - /agent_policies/{agentPolicyId}/full: + /api/fleet/agent_policies/{agentPolicyId}/full: get: summary: Get full agent policy by ID tags: @@ -2305,7 +2241,7 @@ paths: name: kubernetes in: query required: false - /agent_policies/{agentPolicyId}/download: + /api/fleet/agent_policies/{agentPolicyId}/download: get: summary: Download agent policy by ID tags: @@ -2344,7 +2280,7 @@ paths: name: kubernetes in: query required: false - /agent_policies/_bulk_get: + /api/fleet/agent_policies/_bulk_get: post: summary: Bulk get agent policies tags: @@ -2386,7 +2322,7 @@ paths: operationId: bulk-get-agent-policies security: [] parameters: [] - /agent_policies/delete: + /api/fleet/agent_policies/delete: post: summary: Delete agent policy by ID tags: @@ -2419,15 +2355,13 @@ paths: type: string force: type: boolean - description: >- - bypass validation checks that can prevent agent policy - deletion + description: bypass validation checks that can prevent agent policy deletion required: - agentPolicyId parameters: - $ref: '#/components/parameters/kbn_xsrf' parameters: [] - /data_streams: + /api/fleet/data_streams: get: summary: List data streams tags: @@ -2448,7 +2382,7 @@ paths: $ref: '#/components/responses/error' operationId: data-streams-list parameters: [] - /enrollment-api-keys: + /api/fleet/enrollment-api-keys: get: summary: List enrollment API keys tags: @@ -2510,7 +2444,7 @@ paths: parameters: - $ref: '#/components/parameters/kbn_xsrf' deprecated: true - /enrollment-api-keys/{keyId}: + /api/fleet/enrollment-api-keys/{keyId}: parameters: - schema: type: string @@ -2561,7 +2495,7 @@ paths: parameters: - $ref: '#/components/parameters/kbn_xsrf' deprecated: true - /enrollment_api_keys: + /api/fleet/enrollment_api_keys: get: summary: List enrollment API keys tags: @@ -2621,7 +2555,7 @@ paths: operationId: create-enrollment-api-keys parameters: - $ref: '#/components/parameters/kbn_xsrf' - /enrollment_api_keys/{keyId}: + /api/fleet/enrollment_api_keys/{keyId}: parameters: - schema: type: string @@ -2670,7 +2604,7 @@ paths: operationId: delete-enrollment-api-key parameters: - $ref: '#/components/parameters/kbn_xsrf' - /package_policies: + /api/fleet/package_policies: get: summary: List package policies tags: @@ -2727,9 +2661,7 @@ paths: '409': $ref: '#/components/responses/error' requestBody: - description: >- - You should use inputs as an object and not use the deprecated inputs - array. + description: You should use inputs as an object and not use the deprecated inputs array. content: application/json: schema: @@ -2737,7 +2669,7 @@ paths: parameters: - $ref: '#/components/parameters/kbn_xsrf' - $ref: '#/components/parameters/format' - /package_policies/_bulk_get: + /api/fleet/package_policies/_bulk_get: post: summary: Bulk get package policies tags: @@ -2777,7 +2709,7 @@ paths: security: [] parameters: - $ref: '#/components/parameters/format' - /package_policies/delete: + /api/fleet/package_policies/delete: post: summary: Delete package policy tags: @@ -2820,7 +2752,7 @@ paths: $ref: '#/components/responses/error' parameters: - $ref: '#/components/parameters/kbn_xsrf' - /package_policies/upgrade: + /api/fleet/package_policies/upgrade: post: summary: Upgrade package policy to a newer package version tags: @@ -2861,7 +2793,7 @@ paths: $ref: '#/components/responses/error' '409': $ref: '#/components/responses/error' - /package_policies/upgrade/dryrun: + /api/fleet/package_policies/upgrade/dryrun: post: summary: Dry run package policy upgrade tags: @@ -2901,7 +2833,7 @@ paths: - hasErrors '400': $ref: '#/components/responses/error' - /package_policies/{packagePolicyId}: + /api/fleet/package_policies/{packagePolicyId}: parameters: - schema: type: string @@ -2983,7 +2915,7 @@ paths: type: boolean name: force in: query - /outputs: + /api/fleet/outputs: get: summary: List outputs tags: @@ -3032,7 +2964,7 @@ paths: schema: $ref: '#/components/schemas/output_create_request' operationId: post-outputs - /outputs/{outputId}: + /api/fleet/outputs/{outputId}: get: summary: Get output by ID tags: @@ -3101,7 +3033,7 @@ paths: $ref: '#/components/responses/error' parameters: - $ref: '#/components/parameters/kbn_xsrf' - /outputs/{outputId}/health: + /api/fleet/outputs/{outputId}/health: get: summary: Get latest output health tags: @@ -3132,7 +3064,7 @@ paths: name: outputId in: path required: true - /logstash_api_keys: + /api/fleet/logstash_api_keys: post: summary: Generate Logstash API key tags: @@ -3152,7 +3084,7 @@ paths: operationId: generate-logstash-api-key parameters: - $ref: '#/components/parameters/kbn_xsrf' - /agent_download_sources: + /api/fleet/agent_download_sources: get: summary: List agent binary download sources tags: @@ -3213,7 +3145,7 @@ paths: - host - is_default operationId: post-download-sources - /agent_download_sources/{sourceId}: + /api/fleet/agent_download_sources/{sourceId}: get: summary: Get agent binary download source by ID tags: @@ -3297,7 +3229,7 @@ paths: $ref: '#/components/responses/error' parameters: - $ref: '#/components/parameters/kbn_xsrf' - /fleet_server_hosts: + /api/fleet/fleet_server_hosts: get: summary: List Fleet Server hosts tags: @@ -3354,9 +3286,7 @@ paths: is_internal: type: boolean proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. + description: The ID of the proxy to use for this fleet server host. See the proxies API for more information. type: string host_urls: type: array @@ -3366,7 +3296,7 @@ paths: - name - host_urls operationId: post-fleet-server-hosts - /fleet_server_hosts/{itemId}: + /api/fleet/fleet_server_hosts/{itemId}: get: summary: Get Fleet Server host by ID tags: @@ -3431,9 +3361,7 @@ paths: is_internal: type: boolean proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. + description: The ID of the proxy to use for this fleet server host. See the proxies API for more information. type: string nullable: true host_urls: @@ -3456,7 +3384,7 @@ paths: $ref: '#/components/responses/error' parameters: - $ref: '#/components/parameters/kbn_xsrf' - /proxies: + /api/fleet/proxies: get: summary: List proxies tags: @@ -3522,7 +3450,7 @@ paths: - name - url operationId: post-fleet-proxies - /proxies/{itemId}: + /api/fleet/proxies/{itemId}: get: summary: Get proxy by ID tags: @@ -3608,7 +3536,7 @@ paths: $ref: '#/components/responses/error' parameters: - $ref: '#/components/parameters/kbn_xsrf' - /kubernetes: + /api/fleet/kubernetes: get: summary: Get full K8s agent manifest tags: @@ -3642,7 +3570,7 @@ paths: name: enrolToken in: query required: false - /uninstall_tokens: + /api/fleet/uninstall_tokens: get: summary: List metadata for latest uninstall tokens per agent policy tags: @@ -3700,7 +3628,7 @@ paths: required: false schema: type: string - /uninstall_tokens/{uninstallTokenId}: + /api/fleet/uninstall_tokens/{uninstallTokenId}: get: summary: Get one decrypted uninstall token by its ID tags: @@ -3891,118 +3819,6 @@ components: $ref: '#/components/schemas/settings' required: - item - fleet_server_host: - title: Fleet Server Host - type: object - properties: - id: - type: string - name: - type: string - is_default: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - proxy_id: - type: string - host_urls: - type: array - items: - type: string - required: - - fleet_server_hosts - - id - - is_default - - is_preconfigured - - host_urls - proxies: - title: Fleet Proxy - type: object - properties: - id: - type: string - name: - type: string - url: - type: string - proxy_headers: - type: object - certificate_authorities: - type: string - certificate: - type: string - certificate_key: - type: string - required: - - name - - url - download_sources: - title: Download Source - type: object - properties: - id: - type: string - is_default: - type: boolean - name: - type: string - host: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the proxies - API for more information. - type: string - nullable: true - required: - - is_default - - name - - host - fleet_settings_enrollment_response: - title: Fleet settings response - type: object - properties: - fleet_server: - type: object - properties: - policies: - type: array - items: - type: object - properties: - id: - type: string - name: - type: string - is_managed: - type: boolean - is_default_fleet_server: - type: boolean - has_fleet_server: - type: boolean - fleet_server_host_id: - type: string - download_source_id: - type: string - required: - - id - - name - - is_managed - has_active: - type: boolean - host: - $ref: '#/components/schemas/fleet_server_host' - host_proxy: - $ref: '#/components/schemas/proxies' - required: - - agent_policies - - has_active - download_source: - $ref: '#/components/schemas/download_sources' - required: - - fleet_server saved_object_type: title: Saved Object type oneOf: @@ -4338,9 +4154,7 @@ components: release: type: string deprecated: true - description: >- - release label is deprecated, derive from the version instead - (packages follow semver) + description: release label is deprecated, derive from the version instead (packages follow semver) enum: - experimental - beta @@ -4619,9 +4433,7 @@ components: properties: cpu_avg: type: number - description: >- - Average agent CPU usage during the last 5 minutes, number - between 0-1 + description: Average agent CPU usage during the last 5 minutes, number between 0-1 memory_size_byte_avg: type: number description: Average agent memory consumption during the last 5 minutes @@ -4898,9 +4710,7 @@ components: - metrics - logs keep_monitoring_alive: - description: >- - When set to true, monitoring will be enabled but logs/metrics - collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled type: boolean nullable: true data_output_id: @@ -4920,10 +4730,7 @@ components: inactivity_timeout: type: integer package_policies: - description: >- - This field is present only when retrieving a single agent policy, or - when retrieving a list of agent policies with the ?full=true - parameter + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter type: array items: $ref: '#/components/schemas/package_policy' @@ -4951,28 +4758,19 @@ components: - name - enabled is_protected: - description: >- - Indicates whether the agent policy has tamper protection enabled. - Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean overrides: type: object - description: >- - Override settings that are defined in the agent policy. Input - settings cannot be overridden. The override option should be used - only in unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true advanced_settings: type: object - description: >- - Advanced settings stored in the agent policy, e.g. - agent_limits_go_max_procs + description: Advanced settings stored in the agent policy, e.g. agent_limits_go_max_procs nullable: true supports_agentless: type: boolean - description: >- - Indicates whether the agent policy supports agentless integrations. - Only allowed in a serverless environment. + description: Indicates whether the agent policy supports agentless integrations. Only allowed in a serverless environment. global_data_tags: type: array items: @@ -4981,9 +4779,7 @@ components: oneOf: - type: string - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. required: - id - status @@ -5049,9 +4845,7 @@ components: oneOf: - type: string - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. required: - name - namespace @@ -5318,9 +5112,7 @@ components: example: my description namespace: type: string - description: >- - The package policy namespace. Leave blank to inherit the agent - policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. example: customnamespace policy_id: type: string @@ -5350,14 +5142,10 @@ components: - version vars: type: object - description: >- - Package root level variable (see integration documentation for more - information) + description: Package root level variable (see integration documentation for more information) inputs: type: object - description: >- - Package policy inputs (see integration documentation to know what - inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) example: nginx-logfile: enabled: true @@ -5379,14 +5167,10 @@ components: description: enable or disable that input, (default to true) vars: type: object - description: >- - Input level variable (see integration documentation for more - information) + description: Input level variable (see integration documentation for more information) streams: type: object - description: >- - Input streams (see integration documentation to know what - streams are available) + description: Input streams (see integration documentation to know what streams are available) additionalProperties: type: object properties: @@ -5395,24 +5179,17 @@ components: description: enable or disable that stream, (default to true) vars: type: object - description: >- - Stream level variable (see integration documentation for - more information) + description: Stream level variable (see integration documentation for more information) overrides: type: object properties: inputs: type: object - description: >- - Override settings that are defined in the package policy. The - override option should be used only in unusual circumstances and not - as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true force: type: boolean - description: >- - Force package policy creation even if package is not verified, or if - the agent policy is managed. + description: Force package policy creation even if package is not verified, or if the agent policy is managed. required: - name - package @@ -5702,9 +5479,7 @@ components: type: string when: deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. + description: Deprecated, kafka output do not support conditionnal topics anymore. type: object properties: type: @@ -6049,9 +5824,7 @@ components: type: string when: deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. + description: Deprecated, kafka output do not support conditionnal topics anymore. type: object properties: type: @@ -6149,5 +5922,70 @@ components: elasticsearch: '#/components/schemas/output_update_request_elasticsearch' kafka: '#/components/schemas/output_update_request_kafka' logstash: '#/components/schemas/output_update_request_logstash' -security: - - basicAuth: [] + download_sources: + title: Download Source + type: object + properties: + id: + type: string + is_default: + type: boolean + name: + type: string + host: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + type: string + nullable: true + required: + - is_default + - name + - host + fleet_server_host: + title: Fleet Server Host + type: object + properties: + id: + type: string + name: + type: string + is_default: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + proxy_id: + type: string + host_urls: + type: array + items: + type: string + required: + - fleet_server_hosts + - id + - is_default + - is_preconfigured + - host_urls + proxies: + title: Fleet Proxy + type: object + properties: + id: + type: string + name: + type: string + url: + type: string + proxy_headers: + type: object + certificate_authorities: + type: string + certificate: + type: string + certificate_key: + type: string + required: + - name + - url diff --git a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml index 2de74e31a9a35..1056cbcd7c42e 100644 --- a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml +++ b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml @@ -26,178 +26,177 @@ info: name: Elastic License 2.0 url: https://www.elastic.co/licensing/elastic-license servers: - - url: 'http://KIBANA_HOST:5601/api/fleet' - description: Public and supported Fleet API + - url: 'http://KIBANA_HOST:5601' paths: # Fleet internals - /health_check: + /api/fleet/health_check: $ref: paths/health_check.yaml - /setup: + /api/fleet/setup: $ref: paths/setup.yaml - /settings: + /api/fleet/settings: $ref: paths/settings.yaml - /settings/enrollment: - servers: - - url: 'http://KIBANA_HOST:5601/internal/fleet' - description: Used for Fleet internals and not supported - $ref: paths/settings_enrollment.yaml - /service-tokens: + # /internal/fleet/settings/enrollment: + # servers: + # - url: 'http://KIBANA_HOST:5601/internal/fleet' + # description: Used for Fleet internals and not supported + # $ref: paths/settings_enrollment.yaml + /api/fleet/service-tokens: $ref: paths/service_tokens_deprecated.yaml - /service_tokens: + /api/fleet/service_tokens: $ref: paths/service_tokens.yaml # EPM / integrations endpoints - /epm/verification_key_id: + /api/fleet/epm/verification_key_id: $ref: paths/epm@verification_key_id.yaml - /epm/bulk_assets: + /api/fleet/epm/bulk_assets: $ref: paths/epm@bulk_assets.yaml - /epm/categories: + /api/fleet/epm/categories: $ref: paths/epm@categories.yaml - /epm/packages/limited: + /api/fleet/epm/packages/limited: $ref: paths/epm@limited_list.yaml - /epm/packages: + /api/fleet/epm/packages: $ref: paths/epm@packages.yaml - /epm/packages/_bulk: + /api/fleet/epm/packages/_bulk: $ref: paths/epm@packages_bulk.yaml - '/epm/packages/{pkgkey}': + '/api/fleet/epm/packages/{pkgkey}': $ref: 'paths/epm@packages@{pkgkey}_deprecated.yaml' - '/epm/packages/{pkgName}/{pkgVersion}': + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}': $ref: 'paths/epm@packages@{pkg_name}@{pkg_version}.yaml' - '/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': $ref: 'paths/epm@packages@{pkg_name}@{pkg_version}@transforms@authorize.yaml' - '/epm/packages/{pkgName}/{pkgVersion}/{filePath}': + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}': $ref: paths/epm@get_file.yaml - '/epm/packages/{pkgName}/stats': + '/api/fleet/epm/packages/{pkgName}/stats': $ref: 'paths/epm@packages@{pkg_name}@stats.yaml' - '/epm/templates/{pkgName}/{pkgVersion}/inputs': + '/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs': $ref: 'paths/epm@templates@{pkg_name}@{pkg_version}@inputs.yaml' # Agent endpoints - /agents/setup: + /api/fleet/agents/setup: $ref: paths/agents@setup.yaml - /agent-status: + /api/fleet/agent-status: $ref: paths/agent_status_deprecated.yaml - /agent_status: + /api/fleet/agent_status: $ref: paths/agent_status.yaml - /agent_status/data: + /api/fleet/agent_status/data: $ref: paths/agent_status@data.yaml - /agents: + /api/fleet/agents: $ref: paths/agents.yaml - /agents/bulk_upgrade: + /api/fleet/agents/bulk_upgrade: $ref: paths/agents@bulk_upgrade.yaml - /agents/action_status: + /api/fleet/agents/action_status: $ref: paths/agents@action_status.yaml - '/agents/{agentId}': + '/api/fleet/agents/{agentId}': $ref: 'paths/agents@{agent_id}.yaml' - '/agents/{agentId}/actions': + '/api/fleet/agents/{agentId}/actions': $ref: 'paths/agents@{agent_id}@actions.yaml' - '/agents/{agentId}/actions/{actionId}/cancel': + '/api/fleet/agents/{agentId}/actions/{actionId}/cancel': $ref: 'paths/agents@{agent_id}@actions@{action_id}@cancel.yaml' - '/agents/files/{fileId}/{fileName}': + '/api/fleet/agents/files/{fileId}/{fileName}': $ref: 'paths/agents@files@{file_id}@{file_name}.yaml' - '/agents/files/{fileId}': + '/api/fleet/agents/files/{fileId}': $ref: 'paths/agents@files@{file_id}.yaml' - '/agents/{agentId}/reassign': + '/api/fleet/agents/{agentId}/reassign': $ref: 'paths/agents@{agent_id}@reassign.yaml' - '/agents/{agentId}/unenroll': + '/api/fleet/agents/{agentId}/unenroll': $ref: 'paths/agents@{agent_id}@unenroll.yaml' - '/agents/{agentId}/upgrade': + '/api/fleet/agents/{agentId}/upgrade': $ref: 'paths/agents@{agent_id}@upgrade.yaml' - '/agents/{agentId}/uploads': + '/api/fleet/agents/{agentId}/uploads': $ref: 'paths/agents@{agent_id}@uploads.yaml' - '/agents/bulk_reassign': + '/api/fleet/agents/bulk_reassign': $ref: 'paths/agents@bulk_reassign.yaml' - '/agents/bulk_unenroll': + '/api/fleet/agents/bulk_unenroll': $ref: 'paths/agents@bulk_unenroll.yaml' - '/agents/bulk_update_agent_tags': + '/api/fleet/agents/bulk_update_agent_tags': $ref: 'paths/agents@bulk_update_tags.yaml' - /agents/tags: + /api/fleet/agents/tags: $ref: paths/agent_tags.yaml - '/agents/{agentId}/request_diagnostics': + '/api/fleet/agents/{agentId}/request_diagnostics': $ref: 'paths/agents@{agent_id}@request_diagnostics.yaml' - /agents/bulk_request_diagnostics: + /api/fleet/agents/bulk_request_diagnostics: $ref: 'paths/agents@bulk_request_diagnostics.yaml' # Agent policies endpoints - /agent_policies: + /api/fleet/agent_policies: $ref: paths/agent_policies.yaml - '/agent_policies/{agentPolicyId}': + '/api/fleet/agent_policies/{agentPolicyId}': $ref: 'paths/agent_policies@{agent_policy_id}.yaml' - '/agent_policies/{agentPolicyId}/copy': + '/api/fleet/agent_policies/{agentPolicyId}/copy': $ref: 'paths/agent_policies@{agent_policy_id}@copy.yaml' - '/agent_policies/{agentPolicyId}/full': + '/api/fleet/agent_policies/{agentPolicyId}/full': $ref: 'paths/agent_policies@{agent_policy_id}@full.yaml' - '/agent_policies/{agentPolicyId}/download': + '/api/fleet/agent_policies/{agentPolicyId}/download': $ref: 'paths/agent_policies@{agent_policy_id}@download.yaml' - /agent_policies/_bulk_get: + /api/fleet/agent_policies/_bulk_get: $ref: paths/agent_policies@_bulk_get.yaml - /agent_policies/delete: + /api/fleet/agent_policies/delete: $ref: paths/agent_policies@delete.yaml # Data streams endpoints - /data_streams: + /api/fleet/data_streams: $ref: paths/data_streams.yaml # Enrollment endpoints - /enrollment-api-keys: + /api/fleet/enrollment-api-keys: $ref: paths/enrollment_api_keys_deprecated.yaml - '/enrollment-api-keys/{keyId}': + '/api/fleet/enrollment-api-keys/{keyId}': $ref: 'paths/enrollment_api_keys@{key_id}_deprecated.yaml' - /enrollment_api_keys: + /api/fleet/enrollment_api_keys: $ref: paths/enrollment_api_keys.yaml - '/enrollment_api_keys/{keyId}': + '/api/fleet/enrollment_api_keys/{keyId}': $ref: 'paths/enrollment_api_keys@{key_id}.yaml' # Package policies endpoints - /package_policies: + /api/fleet/package_policies: $ref: paths/package_policies.yaml - /package_policies/_bulk_get: + /api/fleet/package_policies/_bulk_get: $ref: paths/package_policies@_bulk_get.yaml - /package_policies/delete: + /api/fleet/package_policies/delete: $ref: paths/package_policies@delete.yaml - /package_policies/upgrade: + /api/fleet/package_policies/upgrade: $ref: paths/package_policies@upgrade.yaml - /package_policies/upgrade/dryrun: + /api/fleet/package_policies/upgrade/dryrun: $ref: paths/package_policies@upgrade_dryrun.yaml - '/package_policies/{packagePolicyId}': + '/api/fleet/package_policies/{packagePolicyId}': $ref: 'paths/package_policies@{package_policy_id}.yaml' # Outputs - /outputs: + /api/fleet/outputs: $ref: paths/outputs.yaml - /outputs/{outputId}: + '/api/fleet/outputs/{outputId}': $ref: paths/outputs@{output_id}.yaml - /outputs/{outputId}/health: + '/api/fleet/outputs/{outputId}/health': $ref: paths/output_health@{output_id}.yaml - /logstash_api_keys: + /api/fleet/logstash_api_keys: $ref: paths/logstash_api_keys.yaml # Agent binary download sources - /agent_download_sources: + /api/fleet/agent_download_sources: $ref: paths/agent_download_sources.yaml - /agent_download_sources/{sourceId}: + '/api/fleet/agent_download_sources/{sourceId}': $ref: paths/agent_download_sources@{source_id}.yaml # Fleet server hosts - /fleet_server_hosts: + /api/fleet/fleet_server_hosts: $ref: paths/fleet_server_hosts.yaml - /fleet_server_hosts/{itemId}: + '/api/fleet/fleet_server_hosts/{itemId}': $ref: paths/fleet_server_hosts@{item_id}.yaml # Fleet proxies - /proxies: + /api/fleet/proxies: $ref: paths/proxies.yaml - /proxies/{itemId}: + '/api/fleet/proxies/{itemId}': $ref: paths/proxies@{item_id}.yaml # K8s - /kubernetes: + /api/fleet/kubernetes: $ref: paths/kubernetes.yaml # Uninstall tokens - /uninstall_tokens: + /api/fleet/uninstall_tokens: $ref: paths/uninstall_tokens.yaml - /uninstall_tokens/{uninstallTokenId}: + '/api/fleet/uninstall_tokens/{uninstallTokenId}': $ref: paths/uninstall_tokens@{uninstall_token_id}.yaml components: securitySchemes: