diff --git a/docs/api/role-management.asciidoc b/docs/api/role-management.asciidoc index 7fbded3e57dd3..837e63bff74f0 100644 --- a/docs/api/role-management.asciidoc +++ b/docs/api/role-management.asciidoc @@ -1,4 +1,3 @@ -[role="xpack"] [[role-management-api]] == {kib} role management APIs @@ -6,19 +5,4 @@ Manage the roles that grant <>. WARNING: Do not use the {ref}/security-api.html#security-role-apis[{es} role management APIs] to manage {kib} roles. -The following {kib} role management APIs are available: - -* <> to create a new {kib} role, or update the attributes of an existing role -* <> to create a new {kib} roles, or update the attributes of existing roles - -* <> to retrieve all {kib} roles - -* <> to retrieve a specific role - -* <> to delete a {kib} role - -include::role-management/put.asciidoc[] -include::role-management/get.asciidoc[] -include::role-management/get-all.asciidoc[] -include::role-management/delete.asciidoc[] -include::role-management/put-bulk.asciidoc[] +For the latest API details, refer to {api-kibana}/group/endpoint-roles[role APIs]. diff --git a/docs/api/role-management/delete.asciidoc b/docs/api/role-management/delete.asciidoc deleted file mode 100644 index 530e1e252ef8f..0000000000000 --- a/docs/api/role-management/delete.asciidoc +++ /dev/null @@ -1,26 +0,0 @@ -[[role-management-api-delete]] -=== Delete role API -++++ -Delete role -++++ - -experimental[] Delete a {kib} role. - -[[role-management-api-delete-prereqs]] -==== Prerequisite - -To use the delete role API, you must have the `manage_security` cluster privilege. - -[[role-management-api-delete-request-body]] -==== Request - -`DELETE :/api/security/role/my_admin_role` - -[[role-management-api-delete-response-codes]] -==== Response codes - -`204`:: - Indicates a successful call. - -`404`:: - Indicates an unsuccessful call. diff --git a/docs/api/role-management/get-all.asciidoc b/docs/api/role-management/get-all.asciidoc deleted file mode 100644 index 56c8b2c78859b..0000000000000 --- a/docs/api/role-management/get-all.asciidoc +++ /dev/null @@ -1,80 +0,0 @@ -[[role-management-api-get]] -=== Get all {kib} roles API -++++ -Get all roles -++++ - -experimental[] Retrieve all {kib} roles. - -[[role-management-api-get-prereqs]] -==== Prerequisite - -To use the get role API, you must have the `manage_security` cluster privilege. - -[[role-management-api-retrieve-all-request-body]] -==== Request - -`GET :/api/security/role` - -[[role-management-api-retrieve-all-response-codes]] -==== Response code - -`200`:: - Indicates a successful call. - -[[role-management-api-retrieve-all-example]] -==== Example - -The API returns the following: - -[source,sh] --------------------------------------------------- -[ - { - "name": "my_kibana_role", - "description": "My kibana role description", - "metadata" : { - "version" : 1 - }, - "transient_metadata": { - "enabled": true - }, - "elasticsearch": { - "indices": [ ], - "cluster": [ ], - "run_as": [ ] - }, - "kibana": [{ - "base": [ - "all" - ], - "feature": {}, - "spaces": [ - "*" - ] - }] - }, - { - "name": "my_admin_role", - "description": "My admin role description", - "metadata" : { - "version" : 1 - }, - "transient_metadata": { - "enabled": true - }, - "elasticsearch": { - "cluster" : [ "all" ], - "indices" : [ { - "names" : [ "index1", "index2" ], - "privileges" : [ "all" ], - "field_security" : { - "grant" : [ "title", "body" ] - }, - "query" : "{\"match\": {\"title\": \"foo\"}}" - } ], - }, - "kibana": [ ] - } -] --------------------------------------------------- diff --git a/docs/api/role-management/get.asciidoc b/docs/api/role-management/get.asciidoc deleted file mode 100644 index 95f944a56e150..0000000000000 --- a/docs/api/role-management/get.asciidoc +++ /dev/null @@ -1,106 +0,0 @@ -[[role-management-specific-api-get]] -=== Get specific role API -++++ -Get specific role -++++ - -experimental[] Retrieve a specific role. - -[[role-management-specific-api-get-prereqs]] -==== Prerequisite - -To use the get specific role API, you must have the `manage_security` cluster privilege. - -[[role-management-specific-api-retrieve-all-request-body]] -===== Request - -`GET :/api/security/role/my_restricted_kibana_role` - -[[role-management-specific-api-retrieve-all-response-codes]] -==== Response code - -`200`:: - Indicates a successful call. - -[[role-management-specific-api-retrieve-all-example]] -===== Example - -The API returns the following: - -[source,sh] --------------------------------------------------- -{ - "name": "my_restricted_kibana_role", - "description": "My restricted kibana role description", - "metadata" : { - "version" : 1 - }, - "transient_metadata": { - "enabled": true - }, - "elasticsearch": { - "cluster": [ ], - "indices": [ ], - "run_as": [ ] - }, - "kibana": [ - { - "base": [ - "read" - ], - "feature": {}, - "spaces": [ - "marketing" - ] - }, - { - "base": [], - "feature": { - "discover": [ - "all" - ], - "visualize": [ - "all" - ], - "dashboard": [ - "all" - ], - "dev_tools": [ - "read" - ], - "advancedSettings": [ - "read" - ], - "indexPatterns": [ - "read" - ], - "graph": [ - "all" - ], - "apm": [ - "read" - ], - "maps": [ - "read" - ], - "canvas": [ - "read" - ], - "infrastructure": [ - "all" - ], - "logs": [ - "all" - ], - "uptime": [ - "all" - ] - }, - "spaces": [ - "sales", - "default" - ] - } - ] -} --------------------------------------------------- diff --git a/docs/api/role-management/put-bulk.asciidoc b/docs/api/role-management/put-bulk.asciidoc deleted file mode 100644 index a11de47167e05..0000000000000 --- a/docs/api/role-management/put-bulk.asciidoc +++ /dev/null @@ -1,377 +0,0 @@ -[[role-management-api-put-bulk]] -=== Bulk create or update roles API -++++ -Bulk create or update roles API -++++ - -preview::["This functionality is in technical preview, and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."] - -experimental[] Create new {kib} roles, or update the attributes of an existing roles. {kib} roles are stored in the -{es} native realm. - -[[role-management-api-put-bulk-request]] -==== Request - -`POST :/api/security/roles` - -[[role-management-api-put-bulk-prereqs]] -==== Prerequisite - -To use the bulk create or update roles API, you must have the `manage_security` cluster privilege. - -[role="child_attributes"] -[[role-management-api-bulk-response-body]] -==== Request body - -`roles`:: - (object) Object that specifies the roles to add as a role name to role map. -`` (required):: (string) The role name. -`description`:: - (Optional, string) Description for the role. - -`metadata`:: - (Optional, object) In the `metadata` object, keys that begin with `_` are reserved for system usage. - -`elasticsearch`:: - (Optional, object) {es} cluster and index privileges. Valid keys include - `cluster`, `indices`, `remote_indices`, `remote_cluster`, and `run_as`. For more information, see - {ref}/defining-roles.html[Defining roles]. - -`kibana`:: - (list) Objects that specify the <> for the role. -+ -.Properties of `kibana` -[%collapsible%open] -===== -`base` ::: - (Optional, list) A base privilege. When specified, the base must be `["all"]` or `["read"]`. - When the `base` privilege is specified, you are unable to use the `feature` section. - "all" grants read/write access to all {kib} features for the specified spaces. - "read" grants read-only access to all {kib} features for the specified spaces. - -`feature` ::: - (object) Contains privileges for specific features. - When the `feature` privileges are specified, you are unable to use the `base` section. - To retrieve a list of available features, use the <>. - -`spaces` ::: - (list) The spaces to apply the privileges to. - To grant access to all spaces, set to `["*"]`, or omit the value. -===== - -[[role-management-api-bulk-put-response-codes]] -==== Response code - -`200`:: - Indicates a successful call. - -==== Examples - -Grant access to various features in all spaces: - -[source,sh] --------------------------------------------------- -$ curl -X POST api/security/roles -{ - "roles": { - "my_kibana_role_1": { - "description": "my_kibana_role_1_description", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [], - "indices": [] - }, - "kibana": [ - { - "base": [], - "feature": { - "discover": ["all"], - "visualize": ["all"], - "dashboard": ["all"], - "dev_tools": ["read"], - "advancedSettings": ["read"], - "indexPatterns": ["read"], - "graph": ["all"], - "apm": ["read"], - "maps": ["read"], - "canvas": ["read"], - "infrastructure": ["all"], - "logs": ["all"], - "uptime": ["all"] - }, - "spaces": ["*"] - } - ] - }, - "my_kibana_role_2": { - "description": "my_kibana_role_2_description", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [], - "indices": [] - }, - "kibana": [ - { - "base": [], - "feature": { - "discover": ["all"], - "visualize": ["all"], - "dashboard": ["all"], - "dev_tools": ["read"], - "logs": ["all"], - "uptime": ["all"] - }, - "spaces": ["*"] - } - ] - } - } -} --------------------------------------------------- -// KIBANA - -Grant dashboard-only access to only the Marketing space for `my_kibana_role_1` and dashboard-only access to only Sales space for `my_kibana_role_2`: - -[source,sh] --------------------------------------------------- -$ curl -X POST api/security/roles -{ - "roles": { - "my_kibana_role_1": { - "description": "Grants dashboard-only access to only the Marketing space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [], - "indices": [] - }, - "kibana": [ - { - "base": [], - "feature": { - "dashboard": ["read"] - }, - "spaces": ["marketing"] - } - ] - }, - "my_kibana_role_2": { - "description": "Grants dashboard-only access to only the Sales space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [], - "indices": [] - }, - "kibana": [ - { - "base": [], - "feature": { - "dashboard": ["read"] - }, - "spaces": ["sales"] - } - ] - } - } -} - --------------------------------------------------- -// KIBANA - -Grant full access to all features in the Default space for `my_kibana_role_1` and `my_kibana_role_2`: - -[source,sh] --------------------------------------------------- -$ curl -X POST api/security/roles -{ - "roles": { - "my_kibana_role_1": { - "description": "Grants full access to all features in the Default space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [], - "indices": [] - }, - "kibana": [ - { - "base": ["all"], - "feature": {}, - "spaces": ["default"] - } - ] - }, - "my_kibana_role_2": { - "description": "Grants full access to all features in the Default space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [], - "indices": [] - }, - "kibana": [ - { - "base": ["all"], - "feature": {}, - "spaces": ["default"] - } - ] - } - } -} - --------------------------------------------------- -// KIBANA - -Grant different access to different spaces: - -[source,sh] --------------------------------------------------- -$ curl -X POST api/security/roles -{ - "roles": { - "my_kibana_role_1": { - "description": "Grants full access to discover and dashboard features in the default space. Grants read access in the marketing, and sales spaces.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [], - "indices": [] - }, - "kibana": [ - { - "base": [], - "feature": { - "discover": ["all"], - "dashboard": ["all"] - }, - "spaces": ["default"] - }, - { - "base": ["read"], - "spaces": ["marketing", "sales"] - } - ] - }, - "my_kibana_role_2": { - "description": "Grants full access to discover and dashboard features in the default space. Grants read access in the marketing space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [], - "indices": [] - }, - "kibana": [ - { - "base": [], - "feature": { - "discover": ["all"], - "dashboard": ["all"] - }, - "spaces": ["default"] - }, - { - "base": ["read"], - "spaces": ["marketing"] - } - ] - } - } -} - --------------------------------------------------- -// KIBANA - -Grant access to {kib} and {es}: - -[source,sh] --------------------------------------------------- -$ curl -X POST api/security/roles -{ - "roles": { - "my_kibana_role_1": { - "description": "Grants all cluster privileges and full access to index1 and index2. Grants full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": ["all"], - "indices": [ - { - "names": ["index1", "index2"], - "privileges": ["all"] - } - ], - "remote_indices": [ - { - "clusters": ["remote_cluster1"], - "names": ["remote_index1", "remote_index2"], - "privileges": ["all"] - } - ], - "remote_cluster": [ - { - "clusters": ["remote_cluster1"], - "privileges": ["monitor_enrich"] - } - ] - }, - "kibana": [ - { - "base": ["all"], - "feature": {}, - "spaces": ["default"] - } - ] - }, - "my_kibana_role_2": { - "description": "Grants all cluster privileges and full access to index1. Grants full access to remote_index1, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": ["all"], - "indices": [ - { - "names": ["index1"], - "privileges": ["all"] - } - ], - "remote_indices": [ - { - "clusters": ["remote_cluster1"], - "names": ["remote_index1"], - "privileges": ["all"] - } - ], - "remote_cluster": [ - { - "clusters": ["remote_cluster1"], - "privileges": ["monitor_enrich"] - } - ] - }, - "kibana": [ - { - "base": ["all"], - "feature": {}, - "spaces": ["default"] - } - ] - } - } -} - --------------------------------------------------- -// KIBANA diff --git a/docs/api/role-management/put.asciidoc b/docs/api/role-management/put.asciidoc deleted file mode 100644 index d68f3928a4063..0000000000000 --- a/docs/api/role-management/put.asciidoc +++ /dev/null @@ -1,238 +0,0 @@ -[[role-management-api-put]] -=== Create or update role API -++++ -Create or update role -++++ - -experimental[] Create a new {kib} role, or update the attributes of an existing role. {kib} roles are stored in the -{es} native realm. - -[[role-management-api-put-request]] -==== Request - -`PUT :/api/security/role/my_kibana_role` - -[[role-management-api-put-prereqs]] -==== Prerequisite - -To use the create or update role API, you must have the `manage_security` cluster privilege. - -[role="child_attributes"] -[[role-management-api-response-body]] -==== Request body - -`description`:: - (Optional, string) Description for the role. - -`metadata`:: - (Optional, object) In the `metadata` object, keys that begin with `_` are reserved for system usage. - -`elasticsearch`:: - (Optional, object) {es} cluster and index privileges. Valid keys include - `cluster`, `indices`, `remote_indices`, `remote_cluster`, and `run_as`. For more information, see - {ref}/defining-roles.html[Defining roles]. - -`kibana`:: - (list) Objects that specify the <> for the role. -+ -.Properties of `kibana` -[%collapsible%open] -===== -`base` ::: - (Optional, list) A base privilege. When specified, the base must be `["all"]` or `["read"]`. - When the `base` privilege is specified, you are unable to use the `feature` section. - "all" grants read/write access to all {kib} features for the specified spaces. - "read" grants read-only access to all {kib} features for the specified spaces. - -`feature` ::: - (object) Contains privileges for specific features. - When the `feature` privileges are specified, you are unable to use the `base` section. - To retrieve a list of available features, use the <>. - -`spaces` ::: - (list) The spaces to apply the privileges to. - To grant access to all spaces, set to `["*"]`, or omit the value. -===== - -[[role-management-api-put-query-params]] -==== Query parameters - -`createOnly`:: - (Optional, boolean) When `true`, will prevent overwriting the role if it already exists. - -[[role-management-api-put-response-codes]] -==== Response code - -`204`:: - Indicates a successful call. - -`409`:: - When `createOnly` is true, indicates a conflict with an existing role. - -==== Examples - -Grant access to various features in all spaces: - -[source,sh] --------------------------------------------------- -$ curl -X PUT api/security/role/my_kibana_role -{ - "description": "my_kibana_role_description", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [ ], - "indices": [ ] - }, - "kibana": [ - { - "base": [ ], - "feature": { - "discover": [ "all" ], - "visualize": [ "all" ], - "dashboard": [ "all" ], - "dev_tools": [ "read" ], - "advancedSettings": [ "read" ], - "indexPatterns": [ "read" ], - "graph": [ "all" ], - "apm": [ "read" ], - "maps": [ "read" ], - "canvas": [ "read" ], - "infrastructure": [ "all" ], - "logs": [ "all" ], - "uptime": [ "all" ] - }, - "spaces": [ "*" ] - } - ] -} --------------------------------------------------- -// KIBANA - -Grant dashboard-only access to only the Marketing space: - -[source,sh] --------------------------------------------------- -$ curl -X PUT api/security/role/my_kibana_role -{ - "description": "Grants dashboard-only access to only the Marketing space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [ ], - "indices": [ ] - }, - "kibana": [ - { - "base": [ ], - "feature": { - "dashboard": [ "read" ] - }, - "spaces": [ "marketing" ] - } - ] -} --------------------------------------------------- -// KIBANA - -Grant full access to all features in the Default space: - -[source,sh] --------------------------------------------------- -$ curl -X PUT api/security/role/my_kibana_role -{ - "description": "Grants full access to all features in the Default space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [ ], - "indices": [ ] - }, - "kibana": [ - { - "base": [ "all" ], - "feature": { }, - "spaces": [ "default" ] - } - ] -} --------------------------------------------------- -// KIBANA - -Grant different access to different spaces: - -[source,sh] --------------------------------------------------- -$ curl -X PUT api/security/role/my_kibana_role -{ - "description": "Grants full access to discover and dashboard features in the default space. Grants read access in the marketing, and sales spaces.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [ ], - "indices": [ ] - }, - "kibana": [ - { - "base": [ ], - "feature": { - "discover": [ "all" ], - "dashboard": [ "all" ] - }, - "spaces": [ "default" ] - }, - { - "base": [ "read"] , - "spaces": [ "marketing", "sales" ] - } - ] -} --------------------------------------------------- -// KIBANA - -Grant access to {kib} and {es}: - -[source,sh] --------------------------------------------------- -$ curl -X PUT api/security/role/my_kibana_role -{ - "description": "Grants all cluster privileges and full access to index1 and index2. Grants full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space.", - "metadata": { - "version": 1 - }, - "elasticsearch": { - "cluster": [ "all" ], - "indices": [ - { - "names": [ "index1", "index2" ], - "privileges": [ "all" ] - } - ], - "remote_indices": [ - { - "clusters": [ "remote_cluster1" ], - "names": [ "remote_index1", "remote_index2" ], - "privileges": [ "all" ] - } - ], - "remote_cluster": [ - { - "clusters": [ "remote_cluster1" ], - "privileges": [ "monitor_enrich" ] - } - ] - }, - "kibana": [ - { - "base": [ "all" ], - "feature": { }, - "spaces": [ "default" ] - } - ] -} --------------------------------------------------- -// KIBANA diff --git a/docs/developer/architecture/security/rbac.asciidoc b/docs/developer/architecture/security/rbac.asciidoc index bf75ec1715de0..11896da243f2d 100644 --- a/docs/developer/architecture/security/rbac.asciidoc +++ b/docs/developer/architecture/security/rbac.asciidoc @@ -77,7 +77,7 @@ The application is created by concatenating the prefix of `kibana-` with the val } ---------------------------------- -Roles that grant <> should be managed using the <> or the *Management -> Security -> Roles* page, not directly using the {es} {ref}/security-api.html#security-role-apis[role management API]. This role can then be assigned to users using the {es} +Roles that grant <> should be managed using the {api-kibana}/group/endpoint-roles[role APIs] or the *Management -> Security -> Roles* page, not directly using the {es} {ref}/security-api.html#security-role-apis[role management API]. This role can then be assigned to users using the {es} {ref}/security-api.html#security-user-apis[user management APIs]. [[development-rbac-authorization]] diff --git a/docs/management/watcher-ui/index.asciidoc b/docs/management/watcher-ui/index.asciidoc index 96ad0d3acc287..2e941cb86ca0b 100644 --- a/docs/management/watcher-ui/index.asciidoc +++ b/docs/management/watcher-ui/index.asciidoc @@ -39,9 +39,8 @@ and either of these Watcher roles: * `watcher_admin`. You can perform all Watcher actions, including create and edit watches. * `watcher_user`. You can view watches, but not create or edit them. -To manage roles, open the main menu, then click *Stack Management > Roles*, or use the -<>. Watches are shared between -all users with the same role. +To manage roles, open the main menu, then click *Stack Management > Roles*, or use the {api-kibana}/group/endpoint-roles[role APIs]. +Watches are shared between all users with the same role. NOTE: If you are creating a threshold watch, you must also have the `view_index_metadata` index privilege. See {ref}/index-mgmt.html[Index management] for detailed information. diff --git a/docs/redirects.asciidoc b/docs/redirects.asciidoc index 1fa61881eca92..84cf809c66667 100644 --- a/docs/redirects.asciidoc +++ b/docs/redirects.asciidoc @@ -1196,4 +1196,28 @@ Refer to {api-kibana}/group/endpoint-spaces[spaces APIs]. [role="exclude",id="spaces-api-update-objects-spaces"] == Update saved objects spaces API -Refer to {api-kibana}/group/endpoint-spaces[spaces APIs]. \ No newline at end of file +Refer to {api-kibana}/group/endpoint-spaces[spaces APIs]. +[role="exclude",id="role-management-api-delete] +== Delete role API + +Refer to {api-kibana}/group/endpoint-roles[role APIs]. + +[role="exclude",id="role-management-api-get"] +== Get all {kib} roles API + +Refer to {api-kibana}/group/endpoint-roles[role APIs]. + +[role="exclude",id="role-management-specific-api-get"] +== Get specific role API + +Refer to {api-kibana}/group/endpoint-roles[role APIs]. + +[role="exclude",id="role-management-api-put-bulk"] +== Bulk create or update roles API + +Refer to {api-kibana}/group/endpoint-roles[role APIs]. + +[role="exclude",id="role-management-api-put"] +== Create or update role API + +Refer to {api-kibana}/group/endpoint-roles[role APIs]. diff --git a/docs/setup/configuring-reporting.asciidoc b/docs/setup/configuring-reporting.asciidoc index a1b2f7e9af583..4213cf38b6398 100644 --- a/docs/setup/configuring-reporting.asciidoc +++ b/docs/setup/configuring-reporting.asciidoc @@ -99,9 +99,10 @@ Granting the privilege to generate reports also grants the user the privilege to [float] [[reporting-roles-user-api]] ==== Grant access with the role API -With <> enabled in Reporting, you can also use the {ref}/security-api-put-role.html[role API] to grant access to the {report-features}, using *All* privileges, or sub-feature privileges. +With <> enabled in Reporting, you can also use the {api-kibana}/group/endpoint-roles[role APIs] to grant access to the {report-features}, using *All* privileges, or sub-feature privileges. + +NOTE: This API request needs to be run against the <>. -NOTE: This link:https://www.elastic.co/guide/en/kibana/current/role-management-api-put.html[API request] needs to be executed against the link:https://www.elastic.co/guide/en/kibana/current/api.html[Kibana API endpoint]. [source, sh] --------------------------------------------------------------- PUT :/api/security/role/custom_reporting_user diff --git a/docs/user/introduction.asciidoc b/docs/user/introduction.asciidoc index f3281b9bed175..48c9dfd91c9c6 100644 --- a/docs/user/introduction.asciidoc +++ b/docs/user/introduction.asciidoc @@ -193,8 +193,8 @@ or even give users their very own private space. For example, power users might have privileges to create and edit visualizations and dashboards, while analysts or executives might have *Dashboard* and *Canvas* with read-only privileges. -{kib}’s role management interface allows you to describe these various access -levels, or you can automate role creation via our <>. +The {kib} role management interface allows you to describe these various access +levels, or you can automate role creation by using {api-kibana}/group/endpoint-roles[role APIs]. [role="screenshot"] image::spaces/images/spaces-roles.png[{kib privileges}] diff --git a/docs/user/security/api-keys/index.asciidoc b/docs/user/security/api-keys/index.asciidoc index 5b3dd206b5408..2f9a0d337e3b9 100644 --- a/docs/user/security/api-keys/index.asciidoc +++ b/docs/user/security/api-keys/index.asciidoc @@ -28,7 +28,7 @@ image:images/api-keys.png["API Keys UI"] * To create or update a *cross-cluster API key*, you must have the `manage_security` privilege and an Enterprise license. * To have a read-only view on the API keys, you must have access to the page and the `read_security` cluster privilege. -To manage roles, open the main menu, then click *Stack Management > Security > Roles*, or use the <>. +To manage roles, open the main menu, then click *Stack Management > Security > Roles*, or use the {api-kibana}/group/endpoint-roles[role APIs]. [float] [[create-api-key]] diff --git a/docs/user/security/authorization/kibana-privileges.asciidoc b/docs/user/security/authorization/kibana-privileges.asciidoc index 581210bb9d393..6c9a94a354fb3 100644 --- a/docs/user/security/authorization/kibana-privileges.asciidoc +++ b/docs/user/security/authorization/kibana-privileges.asciidoc @@ -1,22 +1,21 @@ -[role="xpack"] [[kibana-privileges]] -=== {kib} privileges += {kib} privileges {kib} privileges grant users access to features within {kib}. Roles have privileges to determine whether users have write or read access. -==== Base privileges +== Base privileges Assigning a base privilege grants access to all {kib} features, such as *Discover*, *Dashboard*, *Visualize Library*, and *Canvas*. [[kibana-privileges-all]] `all`:: Grants full read-write access. `read`:: Grants read-only access. -===== Assigning base privileges +=== Assigning base privileges From the role management screen: [role="screenshot"] image::security/images/assign-base-privilege.png[Assign base privilege] -From the <>: +Using the {api-kibana}/group/endpoint-roles[role APIs]: [source,js] -------------------------------------------------- PUT /api/security/role/my_kibana_role @@ -37,23 +36,23 @@ PUT /api/security/role/my_kibana_role [[kibana-feature-privileges]] -==== Feature privileges +== Feature privileges Assigning a feature privilege grants access to a specific feature. `all`:: Grants full read-write access. `read`:: Grants read-only access. -===== Sub-feature privileges +=== Sub-feature privileges Some features allow for finer access control than the `all` and `read` privileges. -This additional level of control is a https://www.elastic.co/subscriptions[subscription feature]. +This additional level of control is a {subscriptions}[subscription feature]. -===== Assigning feature privileges +=== Assigning feature privileges From the role management screen: [role="screenshot"] image::security/images/assign-subfeature-privilege.png[Assign feature privilege] -From the <>: +Using the {api-kibana}/group/endpoint-roles[role APIs]: [source,js] -------------------------------------------------- PUT /api/security/role/my_kibana_role diff --git a/docs/user/security/index.asciidoc b/docs/user/security/index.asciidoc index 906aee3d76d5a..44d7c41391c35 100644 --- a/docs/user/security/index.asciidoc +++ b/docs/user/security/index.asciidoc @@ -30,7 +30,7 @@ authentication and built-in users, see === Roles To manage roles, open the main menu, then click *Stack Management > Roles*, or use -the <>. For more information on configuring roles for {kib}, see <>. +the {api-kibana}/group/endpoint-roles[role APIs]. For more information on configuring roles for {kib}, see <>. For a more holistic overview of configuring roles for the entire stack, see {ref}/authorization.html[User authorization]. @@ -43,7 +43,7 @@ cause Kibana's authorization to behave unexpectedly. ============================================================================ include::authorization/index.asciidoc[] -include::authorization/kibana-privileges.asciidoc[] +include::authorization/kibana-privileges.asciidoc[leveloffset=+2] include::api-keys/index.asciidoc[] include::role-mappings/index.asciidoc[] include::fips-140-2.asciidoc[] diff --git a/oas_docs/bundle.json b/oas_docs/bundle.json index b1665860e42aa..5215c3cf0a68f 100644 --- a/oas_docs/bundle.json +++ b/oas_docs/bundle.json @@ -6424,6 +6424,7 @@ } }, { + "description": "If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.", "in": "query", "name": "replaceDeprecatedPrivileges", "required": false, @@ -6432,7 +6433,11 @@ } } ], - "responses": {}, + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, "summary": "Get all roles", "tags": [ "roles" @@ -6475,7 +6480,11 @@ } } ], - "responses": {}, + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, "summary": "Delete a role", "tags": [ "roles" @@ -6497,6 +6506,7 @@ } }, { + "description": "The role name.", "in": "path", "name": "name", "required": true, @@ -6506,6 +6516,7 @@ } }, { + "description": "If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.", "in": "query", "name": "replaceDeprecatedPrivileges", "required": false, @@ -6514,13 +6525,18 @@ } } ], - "responses": {}, + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, "summary": "Get a role", "tags": [ "roles" ] }, "put": { + "description": "Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.", "operationId": "%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2", "parameters": [ { @@ -6546,6 +6562,7 @@ } }, { + "description": "The role name.", "in": "path", "name": "name", "required": true, @@ -6556,6 +6573,7 @@ } }, { + "description": "When true, a role is not overwritten if it already exists.", "in": "query", "name": "createOnly", "required": false, @@ -6572,6 +6590,7 @@ "additionalProperties": false, "properties": { "description": { + "description": "A description for the role.", "maxLength": 2048, "type": "string" }, @@ -6580,6 +6599,7 @@ "properties": { "cluster": { "items": { + "description": "Cluster privileges that define the cluster level actions that users can perform.", "type": "string" }, "type": "array" @@ -6589,11 +6609,13 @@ "additionalProperties": false, "properties": { "allow_restricted_indices": { + "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.", "type": "boolean" }, "field_security": { "additionalProperties": { "items": { + "description": "The document fields that the role members have read access to.", "type": "string" }, "type": "array" @@ -6602,6 +6624,7 @@ }, "names": { "items": { + "description": "The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).", "type": "string" }, "minItems": 1, @@ -6609,12 +6632,14 @@ }, "privileges": { "items": { + "description": "The index level privileges that the role members have for the data streams and indices.", "type": "string" }, "minItems": 1, "type": "array" }, "query": { + "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.", "type": "string" } }, @@ -6632,6 +6657,7 @@ "properties": { "clusters": { "items": { + "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", "type": "string" }, "minItems": 1, @@ -6639,6 +6665,7 @@ }, "privileges": { "items": { + "description": "The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.", "type": "string" }, "minItems": 1, @@ -6658,10 +6685,12 @@ "additionalProperties": false, "properties": { "allow_restricted_indices": { + "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.", "type": "boolean" }, "clusters": { "items": { + "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", "type": "string" }, "minItems": 1, @@ -6670,6 +6699,7 @@ "field_security": { "additionalProperties": { "items": { + "description": "The document fields that the role members have read access to.", "type": "string" }, "type": "array" @@ -6678,6 +6708,7 @@ }, "names": { "items": { + "description": "A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).", "type": "string" }, "minItems": 1, @@ -6685,12 +6716,14 @@ }, "privileges": { "items": { + "description": "The index level privileges that role members have for the specified indices.", "type": "string" }, "minItems": 1, "type": "array" }, "query": { + "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ", "type": "string" } }, @@ -6705,6 +6738,7 @@ }, "run_as": { "items": { + "description": "A user name that the role member can impersonate.", "type": "string" }, "type": "array" @@ -6739,12 +6773,14 @@ "oneOf": [ { "items": { + "description": "A base privilege that grants applies to all spaces.", "type": "string" }, "type": "array" }, { "items": { + "description": "A base privilege that applies to specific spaces.", "type": "string" }, "type": "array" @@ -6754,6 +6790,7 @@ "feature": { "additionalProperties": { "items": { + "description": "The privileges that the role member has for the feature.", "type": "string" }, "type": "array" @@ -6775,6 +6812,7 @@ }, { "items": { + "description": "A space that the privilege applies to.", "type": "string" }, "type": "array" @@ -6805,7 +6843,11 @@ } } }, - "responses": {}, + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, "summary": "Create or update a role", "tags": [ "roles" @@ -6850,6 +6892,7 @@ "additionalProperties": false, "properties": { "description": { + "description": "A description for the role.", "maxLength": 2048, "type": "string" }, @@ -6858,6 +6901,7 @@ "properties": { "cluster": { "items": { + "description": "Cluster privileges that define the cluster level actions that users can perform.", "type": "string" }, "type": "array" @@ -6867,11 +6911,13 @@ "additionalProperties": false, "properties": { "allow_restricted_indices": { + "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.", "type": "boolean" }, "field_security": { "additionalProperties": { "items": { + "description": "The document fields that the role members have read access to.", "type": "string" }, "type": "array" @@ -6880,6 +6926,7 @@ }, "names": { "items": { + "description": "The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).", "type": "string" }, "minItems": 1, @@ -6887,12 +6934,14 @@ }, "privileges": { "items": { + "description": "The index level privileges that the role members have for the data streams and indices.", "type": "string" }, "minItems": 1, "type": "array" }, "query": { + "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.", "type": "string" } }, @@ -6910,6 +6959,7 @@ "properties": { "clusters": { "items": { + "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", "type": "string" }, "minItems": 1, @@ -6917,6 +6967,7 @@ }, "privileges": { "items": { + "description": "The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.", "type": "string" }, "minItems": 1, @@ -6936,10 +6987,12 @@ "additionalProperties": false, "properties": { "allow_restricted_indices": { + "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.", "type": "boolean" }, "clusters": { "items": { + "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", "type": "string" }, "minItems": 1, @@ -6948,6 +7001,7 @@ "field_security": { "additionalProperties": { "items": { + "description": "The document fields that the role members have read access to.", "type": "string" }, "type": "array" @@ -6956,6 +7010,7 @@ }, "names": { "items": { + "description": "A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).", "type": "string" }, "minItems": 1, @@ -6963,12 +7018,14 @@ }, "privileges": { "items": { + "description": "The index level privileges that role members have for the specified indices.", "type": "string" }, "minItems": 1, "type": "array" }, "query": { + "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ", "type": "string" } }, @@ -6983,6 +7040,7 @@ }, "run_as": { "items": { + "description": "A user name that the role member can impersonate.", "type": "string" }, "type": "array" @@ -7017,12 +7075,14 @@ "oneOf": [ { "items": { + "description": "A base privilege that grants applies to all spaces.", "type": "string" }, "type": "array" }, { "items": { + "description": "A base privilege that applies to specific spaces.", "type": "string" }, "type": "array" @@ -7032,6 +7092,7 @@ "feature": { "additionalProperties": { "items": { + "description": "The privileges that the role member has for the feature.", "type": "string" }, "type": "array" @@ -7053,6 +7114,7 @@ }, { "items": { + "description": "A space that the privilege applies to.", "type": "string" }, "type": "array" @@ -7091,7 +7153,11 @@ } } }, - "responses": {}, + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, "summary": "Create or update roles", "tags": [ "roles" diff --git a/oas_docs/bundle.serverless.json b/oas_docs/bundle.serverless.json deleted file mode 100644 index 3631a9fffb889..0000000000000 --- a/oas_docs/bundle.serverless.json +++ /dev/null @@ -1,6869 +0,0 @@ -{ - "components": { - "schemas": { - "core_status_redactedResponse": { - "additionalProperties": false, - "description": "A minimal representation of Kibana's operational status.", - "properties": { - "status": { - "additionalProperties": false, - "properties": { - "overall": { - "additionalProperties": false, - "properties": { - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - } - }, - "required": [ - "level" - ], - "type": "object" - } - }, - "required": [ - "overall" - ], - "type": "object" - } - }, - "required": [ - "status" - ], - "type": "object" - }, - "core_status_response": { - "additionalProperties": false, - "description": "Kibana's operational status as well as a detailed breakdown of plugin statuses indication of various loads (like event loop utilization and network traffic) at time of request.", - "properties": { - "metrics": { - "additionalProperties": false, - "description": "Metric groups collected by Kibana.", - "properties": { - "collection_interval_in_millis": { - "description": "The interval at which metrics should be collected.", - "type": "number" - }, - "elasticsearch_client": { - "additionalProperties": false, - "description": "Current network metrics of Kibana's Elasticsearch client.", - "properties": { - "totalActiveSockets": { - "description": "Count of network sockets currently in use.", - "type": "number" - }, - "totalIdleSockets": { - "description": "Count of network sockets currently idle.", - "type": "number" - }, - "totalQueuedRequests": { - "description": "Count of requests not yet assigned to sockets.", - "type": "number" - } - }, - "required": [ - "totalActiveSockets", - "totalIdleSockets", - "totalQueuedRequests" - ], - "type": "object" - }, - "last_updated": { - "description": "The time metrics were collected.", - "type": "string" - } - }, - "required": [ - "elasticsearch_client", - "last_updated", - "collection_interval_in_millis" - ], - "type": "object" - }, - "name": { - "description": "Kibana instance name.", - "type": "string" - }, - "status": { - "additionalProperties": false, - "properties": { - "core": { - "additionalProperties": false, - "description": "Statuses of core Kibana services.", - "properties": { - "elasticsearch": { - "additionalProperties": false, - "properties": { - "detail": { - "description": "Human readable detail of the service status.", - "type": "string" - }, - "documentationUrl": { - "description": "A URL to further documentation regarding this service.", - "type": "string" - }, - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - }, - "meta": { - "additionalProperties": {}, - "description": "An unstructured set of extra metadata about this service.", - "type": "object" - }, - "summary": { - "description": "A human readable summary of the service status.", - "type": "string" - } - }, - "required": [ - "level", - "summary", - "meta" - ], - "type": "object" - }, - "savedObjects": { - "additionalProperties": false, - "properties": { - "detail": { - "description": "Human readable detail of the service status.", - "type": "string" - }, - "documentationUrl": { - "description": "A URL to further documentation regarding this service.", - "type": "string" - }, - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - }, - "meta": { - "additionalProperties": {}, - "description": "An unstructured set of extra metadata about this service.", - "type": "object" - }, - "summary": { - "description": "A human readable summary of the service status.", - "type": "string" - } - }, - "required": [ - "level", - "summary", - "meta" - ], - "type": "object" - } - }, - "required": [ - "elasticsearch", - "savedObjects" - ], - "type": "object" - }, - "overall": { - "additionalProperties": false, - "properties": { - "detail": { - "description": "Human readable detail of the service status.", - "type": "string" - }, - "documentationUrl": { - "description": "A URL to further documentation regarding this service.", - "type": "string" - }, - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - }, - "meta": { - "additionalProperties": {}, - "description": "An unstructured set of extra metadata about this service.", - "type": "object" - }, - "summary": { - "description": "A human readable summary of the service status.", - "type": "string" - } - }, - "required": [ - "level", - "summary", - "meta" - ], - "type": "object" - }, - "plugins": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "detail": { - "description": "Human readable detail of the service status.", - "type": "string" - }, - "documentationUrl": { - "description": "A URL to further documentation regarding this service.", - "type": "string" - }, - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - }, - "meta": { - "additionalProperties": {}, - "description": "An unstructured set of extra metadata about this service.", - "type": "object" - }, - "summary": { - "description": "A human readable summary of the service status.", - "type": "string" - } - }, - "required": [ - "level", - "summary", - "meta" - ], - "type": "object" - }, - "description": "A dynamic mapping of plugin ID to plugin status.", - "type": "object" - } - }, - "required": [ - "overall", - "core", - "plugins" - ], - "type": "object" - }, - "uuid": { - "description": "Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts.", - "type": "string" - }, - "version": { - "additionalProperties": false, - "properties": { - "build_date": { - "description": "The date and time of this build.", - "type": "string" - }, - "build_flavor": { - "description": "The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the \"traditional\" flavour, while other flavours are reserved for Elastic-specific use cases.", - "enum": [ - "serverless", - "traditional" - ], - "type": "string" - }, - "build_hash": { - "description": "A unique hash value representing the git commit of this Kibana build.", - "type": "string" - }, - "build_number": { - "description": "A monotonically increasing number, each subsequent build will have a higher number.", - "type": "number" - }, - "build_snapshot": { - "description": "Whether this build is a snapshot build.", - "type": "boolean" - }, - "number": { - "description": "A semantic version number.", - "type": "string" - } - }, - "required": [ - "number", - "build_hash", - "build_number", - "build_snapshot", - "build_flavor", - "build_date" - ], - "type": "object" - } - }, - "required": [ - "name", - "uuid", - "version", - "status", - "metrics" - ], - "type": "object" - } - }, - "securitySchemes": { - "apiKeyAuth": { - "in": "header", - "name": "Authorization", - "type": "apiKey" - }, - "basicAuth": { - "scheme": "basic", - "type": "http" - } - } - }, - "info": { - "title": "Kibana HTTP APIs", - "version": "0.0.0" - }, - "openapi": "3.0.0", - "paths": { - "/api/actions": { - "get": { - "deprecated": true, - "operationId": "%2Fapi%2Factions#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get all connectors", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/action": { - "post": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Faction#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionTypeId": { - "description": "The connector type identifier.", - "type": "string" - }, - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name", - "actionTypeId" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Create a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/action/{id}": { - "delete": { - "deprecated": true, - "description": "WARNING: When you delete a connector, it cannot be recovered.", - "operationId": "%2Fapi%2Factions%2Faction%2F%7Bid%7D#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "summary": "Delete a connector", - "tags": [ - "connectors" - ] - }, - "get": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Faction%2F%7Bid%7D#1", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Get connector information", - "tags": [ - "connectors" - ] - }, - "put": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Faction%2F%7Bid%7D#2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "name": { - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Update a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/action/{id}/_execute": { - "post": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "params": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "params" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Run a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connector/{id}": { - "delete": { - "description": "WARNING: When you delete a connector, it cannot be recovered.", - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "summary": "Delete a connector", - "tags": [ - "connectors" - ] - }, - "get": { - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Get connector information", - "tags": [ - "connectors" - ] - }, - "post": { - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector.", - "type": "string" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name", - "connector_type_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Create a connector", - "tags": [ - "connectors" - ] - }, - "put": { - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Update a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connector/{id}/_execute": { - "post": { - "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.", - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "params": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "params" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Run a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connector_types": { - "get": { - "description": "You do not need any Kibana feature privileges to run this API.", - "operationId": "%2Fapi%2Factions%2Fconnector_types#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).", - "in": "query", - "name": "feature_id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get connector types", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connectors": { - "get": { - "operationId": "%2Fapi%2Factions%2Fconnectors#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get all connectors", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/list_action_types": { - "get": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Flist_action_types#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get connector types", - "tags": [ - "connectors" - ] - } - }, - "/api/alerting/rule/{id}": { - "delete": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Delete a rule", - "tags": [ - "alerting" - ] - }, - "get": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "additionalProperties": false, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Get rule details", - "tags": [ - "alerting" - ] - }, - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", - "in": "path", - "name": "id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "default": [], - "items": { - "additionalProperties": false, - "description": "An action that runs under defined conditions.", - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "enabled": { - "default": true, - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "name": { - "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "schedule": { - "additionalProperties": false, - "description": "The check interval, which specifies how frequently the rule conditions are checked.", - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "tags": { - "default": [], - "description": "The tags for the rule.", - "items": { - "type": "string" - }, - "type": "array" - }, - "throttle": { - "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "rule_type_id", - "consumer", - "schedule" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "additionalProperties": false, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "409": { - "description": "Indicates that the rule id is already in use." - } - }, - "summary": "Create a rule", - "tags": [ - "alerting" - ] - }, - "put": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "default": [], - "items": { - "additionalProperties": false, - "description": "An action that runs under defined conditions.", - "properties": { - "alerts_filter": { - "additionalProperties": false, - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "name": { - "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "tags": { - "default": [], - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "schedule" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "additionalProperties": false, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - }, - "409": { - "description": "Indicates that the rule has already been updated by another user." - } - }, - "summary": "Update a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_disable": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "untrack": { - "description": "Defines whether this rule's alerts should be untracked.", - "type": "boolean" - } - }, - "type": "object", - "x-oas-optional": true - } - } - } - }, - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Disable a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_enable": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Enable a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_mute_all": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Mute all alerts", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_unmute_all": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Unmute all alerts", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_update_api_key": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - }, - "409": { - "description": "Indicates that the rule has already been updated by another user." - } - }, - "summary": "Update the API key for a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "rule_id", - "required": true, - "schema": { - "type": "string" - } - }, - { - "description": "The identifier for the alert.", - "in": "path", - "name": "alert_id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule or alert with the given ID does not exist." - } - }, - "summary": "Mute an alert", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "rule_id", - "required": true, - "schema": { - "type": "string" - } - }, - { - "description": "The identifier for the alert.", - "in": "path", - "name": "alert_id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule or alert with the given ID does not exist." - } - }, - "summary": "Unmute an alert", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rules/_find": { - "get": { - "operationId": "%2Fapi%2Falerting%2Frules%2F_find#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "The number of rules to return per page.", - "in": "query", - "name": "per_page", - "required": false, - "schema": { - "default": 10, - "minimum": 0, - "type": "number" - } - }, - { - "description": "The page number to return.", - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "minimum": 1, - "type": "number" - } - }, - { - "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", - "in": "query", - "name": "search", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "The default operator to use for the simple_query_string.", - "in": "query", - "name": "default_search_operator", - "required": false, - "schema": { - "default": "OR", - "enum": [ - "OR", - "AND" - ], - "type": "string" - } - }, - { - "description": "The fields to perform the simple_query_string parsed query against.", - "in": "query", - "name": "search_fields", - "required": false, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", - "in": "query", - "name": "sort_field", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "Determines the sort order.", - "in": "query", - "name": "sort_order", - "required": false, - "schema": { - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - }, - { - "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", - "in": "query", - "name": "has_reference", - "required": false, - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "id": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type", - "id" - ], - "type": "object" - } - }, - { - "in": "query", - "name": "fields", - "required": false, - "schema": { - "items": { - "description": "The fields to return in the `attributes` key of the response.", - "type": "string" - }, - "type": "array" - } - }, - { - "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", - "in": "query", - "name": "filter", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "filter_consumers", - "required": false, - "schema": { - "items": { - "description": "List of consumers to filter.", - "type": "string" - }, - "type": "array" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "additionalProperties": false, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - } - }, - "summary": "Get information about rules", - "tags": [ - "alerting" - ] - } - }, - "/api/spaces/space": { - "get": { - "operationId": "%2Fapi%2Fspaces%2Fspace#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "Specifies which authorization checks are applied to the API call. The default value is `any`.", - "in": "query", - "name": "purpose", - "required": false, - "schema": { - "enum": [ - "any", - "copySavedObjectsIntoSpace", - "shareSavedObjectsIntoSpace" - ], - "type": "string" - } - }, - { - "description": "When enabled, the API returns any spaces that the user is authorized to access in any capacity and each space will contain the purposes for which the user is authorized. This can be useful to determine which spaces a user can read but not take a specific action in. If the security plugin is not enabled, this parameter has no effect, since no authorization checks take place. This parameter cannot be used in with the `purpose` parameter.", - "in": "query", - "name": "include_authorized_purposes", - "required": true, - "schema": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - false - ], - "type": "boolean", - "x-oas-optional": true - }, - { - "type": "boolean", - "x-oas-optional": true - } - ] - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Get all spaces", - "tags": [ - "spaces" - ] - }, - "post": { - "operationId": "%2Fapi%2Fspaces%2Fspace#1", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "description": "The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.", - "type": "string" - }, - "description": { - "description": "A description for the space.", - "type": "string" - }, - "disabledFeatures": { - "default": [], - "items": { - "description": "The list of features that are turned off in the space.", - "type": "string" - }, - "type": "array" - }, - "id": { - "description": "The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.", - "type": "string" - }, - "imageUrl": { - "description": "The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.", - "type": "string" - }, - "initials": { - "description": "One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.", - "maxLength": 2, - "type": "string" - }, - "name": { - "description": "The display name for the space. ", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Create a space", - "tags": [ - "spaces" - ] - } - }, - "/api/spaces/space/{id}": { - "delete": { - "description": "When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone.", - "operationId": "%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The space identifier.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "404": { - "description": "Indicates that the request failed." - } - }, - "summary": "Delete a space", - "tags": [ - "spaces" - ] - }, - "get": { - "operationId": "%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "The space identifier.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Get a space", - "tags": [ - "spaces" - ] - }, - "put": { - "operationId": "%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The space identifier. You are unable to change the ID with the update operation.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "description": "The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.", - "type": "string" - }, - "description": { - "description": "A description for the space.", - "type": "string" - }, - "disabledFeatures": { - "default": [], - "items": { - "description": "The list of features that are turned off in the space.", - "type": "string" - }, - "type": "array" - }, - "id": { - "description": "The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.", - "type": "string" - }, - "imageUrl": { - "description": "The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.", - "type": "string" - }, - "initials": { - "description": "One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.", - "maxLength": 2, - "type": "string" - }, - "name": { - "description": "The display name for the space. ", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Update a space", - "tags": [ - "spaces" - ] - } - }, - "/api/status": { - "get": { - "operationId": "%2Fapi%2Fstatus#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "Set to \"true\" to get the response in v7 format.", - "in": "query", - "name": "v7format", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "description": "Set to \"true\" to get the response in v8 format.", - "in": "query", - "name": "v8format", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "$ref": "#/components/schemas/core_status_response" - }, - { - "$ref": "#/components/schemas/core_status_redactedResponse" - } - ], - "description": "Kibana's operational status. A minimal response is sent for unauthorized users." - } - } - }, - "description": "Overall status is OK and Kibana should be functioning normally." - }, - "503": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "$ref": "#/components/schemas/core_status_response" - }, - { - "$ref": "#/components/schemas/core_status_redactedResponse" - } - ], - "description": "Kibana's operational status. A minimal response is sent for unauthorized users." - } - } - }, - "description": "Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable." - } - }, - "summary": "Get Kibana's current status", - "tags": [ - "system" - ] - } - } - }, - "security": [ - { - "basicAuth": [] - } - ], - "servers": [ - { - "url": "http://localhost:5622" - } - ], - "tags": [ - { - "name": "alerting" - }, - { - "name": "connectors" - }, - { - "name": "spaces" - }, - { - "name": "system" - } - ] -} \ No newline at end of file diff --git a/oas_docs/examples/create_role_request1.yaml b/oas_docs/examples/create_role_request1.yaml new file mode 100644 index 0000000000000..1d041005f30de --- /dev/null +++ b/oas_docs/examples/create_role_request1.yaml @@ -0,0 +1,23 @@ +summary: Feature privileges in multiple spaces +description: Grant access to various features in some spaces. +value: + description: Grant full access to discover and dashboard features in the default space. Grant read access in the marketing, and sales spaces. + metadata: + version: 1 + elasticsearch: + cluster: [] + indices: [] + kibana: + - base: [] + feature: + discover: + - all + dashboard: + - all + spaces: + - default + - base: + - read + spaces: + - marketing + - sales diff --git a/oas_docs/examples/create_role_request2.yaml b/oas_docs/examples/create_role_request2.yaml new file mode 100644 index 0000000000000..d36d7e2330f3c --- /dev/null +++ b/oas_docs/examples/create_role_request2.yaml @@ -0,0 +1,16 @@ +summary: Dashboard privileges in a space +description: Grant access to dashboard features in a Marketing space. +value: + description: Grant dashboard access in the Marketing space. + metadata: + version: 1 + elasticsearch: + cluster: [] + indices: [] + kibana: + - base: [] + feature: + dashboard: + - read + spaces: + - marketing \ No newline at end of file diff --git a/oas_docs/examples/create_role_request3.yaml b/oas_docs/examples/create_role_request3.yaml new file mode 100644 index 0000000000000..55b4cb0834b9f --- /dev/null +++ b/oas_docs/examples/create_role_request3.yaml @@ -0,0 +1,14 @@ +summary: Feature privileges in a space +description: Grant full access to all features in the default space. +value: + metadata: + version: 1 + elasticsearch: + cluster: [] + indices: [] + kibana: + - base: + - all + feature: { } + spaces: + - default \ No newline at end of file diff --git a/oas_docs/examples/create_role_request4.yaml b/oas_docs/examples/create_role_request4.yaml new file mode 100644 index 0000000000000..f2332e2e934dc --- /dev/null +++ b/oas_docs/examples/create_role_request4.yaml @@ -0,0 +1,34 @@ +summary: Elasticsearch and Kibana feature privileges +description: Grant Elasticsearch and Kibana feature privileges. +value: + description: Grant all cluster privileges and full access to index1 and index2. Grant full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grant all Kibana privileges in the default space. + metadata: + version: 1 + elasticsearch: + cluster: + - all + indices: + - names: + - index1 + - index2 + privileges: + - all + remote_indices: + - clusters: + - remote_cluster1 + names: + - remote_index1 + - remote_index2 + privileges: + - all + remote_cluster: + - clusters: + - remote_cluster1 + privileges: + - monitor_enrich + kibana: + - base: + - all + feature: { } + spaces: + - default \ No newline at end of file diff --git a/oas_docs/examples/get_role_response1.yaml b/oas_docs/examples/get_role_response1.yaml new file mode 100644 index 0000000000000..5e44481afa8ce --- /dev/null +++ b/oas_docs/examples/get_role_response1.yaml @@ -0,0 +1,41 @@ +summary: Get role details +value: + name: my_kibana_role + description: Grants all cluster privileges and full access to index1 and index2. Grants full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space. + metadata: + version: 1 + transient_metadata: + enabled: true + elasticsearch: + cluster: + - all + remote_cluster: + - privileges: + - monitor_enrich + clusters: + - remote_cluster1 + indices: + - names: + - index1 + - index2 + privileges: + - all + allow_restricted_indices: false + remote_indices: + - names: + - remote_index1 + - remote_index2 + privileges: + - all + allow_restricted_indices: false + clusters: + - remote_cluster1 + run_as: [] + kibana: + - base: + - all + feature: {} + spaces: + - default + _transform_error: [] + _unrecognized_applications: [] diff --git a/oas_docs/examples/get_roles_response1.yaml b/oas_docs/examples/get_roles_response1.yaml new file mode 100644 index 0000000000000..9c3a45163ace1 --- /dev/null +++ b/oas_docs/examples/get_roles_response1.yaml @@ -0,0 +1,39 @@ +summary: Get all role details +value: + - name: my_kibana_role + description: My kibana role description + metadata: + version: 1 + transient_metadata: + enabled: true + elasticsearch: + indices: [] + cluster: [] + run_as: [] + kibana: + - base: + - all + feature: {} + spaces: + - "*" + - name: my_admin_role + description: My admin role description + metadata: + version: 1 + transient_metadata: + enabled: true + elasticsearch: + cluster: + - all + indices: + - names: + - index1 + - index2 + privileges: + - all + field_security: + grant: + - title + - body + query: '{\"match\": {\"title\": \"foo\"}}' + kibana: [] \ No newline at end of file diff --git a/oas_docs/output/kibana.serverless.staging.yaml b/oas_docs/output/kibana.serverless.staging.yaml index ecfc211c98e1e..9415fc6da6d07 100644 --- a/oas_docs/output/kibana.serverless.staging.yaml +++ b/oas_docs/output/kibana.serverless.staging.yaml @@ -73,7 +73,6 @@ servers: default: localhost port: default: '5601' - - url: 'http://localhost:5622' - url: 'https://{kibana_url}' variables: kibana_url: @@ -83,5261 +82,6 @@ servers: - description: local url: 'http://localhost:5601' paths: - /api/actions: - get: - deprecated: true - operationId: '%2Fapi%2Factions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/action: - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionTypeId: - description: The connector type identifier. - type: string - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - actionTypeId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - '/api/actions/action/{id}': - delete: - deprecated: true - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - put: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - '/api/actions/action/{id}/_execute': - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connector_types: - get: - description: You do not need any Kibana feature privileges to run this API. - operationId: '%2Fapi%2Factions%2Fconnector_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id - required: false - schema: - type: string - responses: {} - summary: Get connector types - tags: - - connectors - '/api/actions/connector/{id}': - delete: - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - post: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - connector_type_id: - description: The type of connector. - type: string - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - connector_type_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - put: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - '/api/actions/connector/{id}/_execute': - post: - description: >- - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connectors: - get: - operationId: '%2Fapi%2Factions%2Fconnectors#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/list_action_types: - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Flist_action_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get connector types - tags: - - connectors - '/api/alerting/rule/{id}': - delete: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Delete a rule - tags: - - alerting - get: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Get rule details - tags: - - alerting - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The identifier for the rule. If it is omitted, an ID is randomly - generated. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Conditions that affect whether the action runs. If you - specify multiple conditions, all conditions must be - met for the action to run. For example, if an alert - occurs within the specified time frame and matches the - query, the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, `infrastructure`, - `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, - `siem`, `stackAlerts`, or `uptime`. - type: string - enabled: - default: true - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - rule_type_id: - description: The rule type identifier. - type: string - schedule: - additionalProperties: false - description: >- - The check interval, which specifies how frequently the rule - conditions are checked. - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - description: The tags for the rule. - items: - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - rule_type_id - - consumer - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '409': - description: Indicates that the rule id is already in use. - summary: Create a rule - tags: - - alerting - put: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - items: - description: The tags for the rule. - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update a rule - tags: - - alerting - '/api/alerting/rule/{id}/_disable': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - untrack: - description: Defines whether this rule's alerts should be untracked. - type: boolean - x-oas-optional: true - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Disable a rule - tags: - - alerting - '/api/alerting/rule/{id}/_enable': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Enable a rule - tags: - - alerting - '/api/alerting/rule/{id}/_mute_all': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Mute all alerts - tags: - - alerting - '/api/alerting/rule/{id}/_unmute_all': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Unmute all alerts - tags: - - alerting - '/api/alerting/rule/{id}/_update_api_key': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update the API key for a rule - tags: - - alerting - '/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute': - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Mute an alert - tags: - - alerting - '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute': - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Unmute an alert - tags: - - alerting - /api/alerting/rules/_find: - get: - operationId: '%2Fapi%2Falerting%2Frules%2F_find#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The number of rules to return per page. - in: query - name: per_page - required: false - schema: - default: 10 - minimum: 0 - type: number - - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: number - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. - in: query - name: search - required: false - schema: - type: string - - description: The default operator to use for the simple_query_string. - in: query - name: default_search_operator - required: false - schema: - default: OR - enum: - - OR - - AND - type: string - - description: The fields to perform the simple_query_string parsed query against. - in: query - name: search_fields - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - description: >- - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order. - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - required: false - schema: - additionalProperties: false - nullable: true - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - - in: query - name: fields - required: false - schema: - items: - description: The fields to return in the `attributes` key of the response. - type: string - type: array - - description: >- - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - required: false - schema: - type: string - - in: query - name: filter_consumers - required: false - schema: - items: - description: List of consumers to filter. - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - summary: Get information about rules - tags: - - alerting /api/apm/agent_keys: post: description: Create a new agent key for APM. @@ -15876,264 +10620,27 @@ paths: statusCode: type: number description: Generic Error - summary: Get anonymization fields - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Create a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a model response - tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a new Security AI Assistant conversation. - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Get a list of all conversations for the current user. - operationId: FindConversations - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get conversations - tags: - - Security AI Assistant API - - Conversations API - '/api/security_ai_assistant/current_user/conversations/{id}': - delete: - description: Delete an existing conversation using the conversation ID. - operationId: DeleteConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Delete a conversation - tags: - - Security AI Assistant API - - Conversation API - get: - description: Get the details of an existing conversation using the conversation ID. - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get a conversation + summary: Get anonymization fields tags: - Security AI Assistant API - - Conversations API - put: - description: Update an existing conversation using the conversation ID. - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + - AnonymizationFields API + /api/security_ai_assistant/chat/complete: + post: + description: Create a model response for the given chat conversation. + operationId: ChatComplete requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/octet-stream; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + format: binary + type: string description: Indicates a successful call. '400': content: @@ -16148,52 +10655,28 @@ paths: statusCode: type: number description: Generic Error - summary: Update a conversation + summary: Create a model response tags: - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: + - Chat Complete API + /api/security_ai_assistant/current_user/conversations: post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. - operationId: PerformPromptsBulkAction + description: Create a new Security AI Assistant conversation. + operationId: CreateConversation requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + #/components/schemas/Security_AI_Assistant_API_ConversationResponse description: Indicates a successful call. '400': content: @@ -16208,14 +10691,14 @@ paths: statusCode: type: number description: Generic Error - summary: Apply a bulk action to prompts + summary: Create a conversation tags: - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: + - Conversation API + /api/security_ai_assistant/current_user/conversations/_find: get: - description: Get a list of all prompts. - operationId: FindPrompts + description: Get a list of all conversations for the current user. + operationId: FindConversations parameters: - in: query name: fields @@ -16236,7 +10719,7 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - description: Sort order in: query name: sort_order @@ -16251,7 +10734,7 @@ paths: default: 1 minimum: 1 type: integer - - description: Prompts per page + - description: Conversations per page in: query name: per_page required: false @@ -16269,7 +10752,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse + #/components/schemas/Security_AI_Assistant_API_ConversationResponse type: array page: type: integer @@ -16296,344 +10779,271 @@ paths: statusCode: type: number description: Generic Error - summary: Get prompts + summary: Get conversations tags: - Security AI Assistant API - - Prompts API - /api/spaces/space: - get: - operationId: '%2Fapi%2Fspaces%2Fspace#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: - '200': - description: Indicates a successful call. - summary: Get all spaces - tags: - - spaces - post: - operationId: '%2Fapi%2Fspaces%2Fspace#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Create a space - tags: - - spaces - '/api/spaces/space/{id}': + - Conversations API + '/api/security_ai_assistant/current_user/conversations/{id}': delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' + description: Delete an existing conversation using the conversation ID. + operationId: DeleteConversation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The space identifier. + - description: The conversation's `id` value. in: path name: id required: true schema: - type: string + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse description: Indicates a successful call. - '404': - description: Indicates that the request failed. - summary: Delete a space + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Delete a conversation tags: - - spaces + - Security AI Assistant API + - Conversation API get: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' + description: Get the details of an existing conversation using the conversation ID. + operationId: ReadConversation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The space identifier. + - description: The conversation's `id` value. in: path name: id required: true schema: - type: string + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse description: Indicates a successful call. - summary: Get a space + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get a conversation tags: - - spaces + - Security AI Assistant API + - Conversations API put: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' + description: Update an existing conversation using the conversation ID. + operationId: UpdateConversation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. + - description: The conversation's `id` value. in: path name: id required: true schema: - type: string + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Update a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/prompts/_bulk_action: + post: + description: >- + Apply a bulk action to multiple prompts. The bulk action is applied to + all prompts that match the filter or to the list of prompts by their + IDs. + operationId: PerformPromptsBulkAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] + create: items: - description: The list of features that are turned off in the space. - type: string + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of prompts IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter promps + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse description: Indicates a successful call. - summary: Update a space + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to prompts tags: - - spaces - /api/status: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/prompts/_find: get: - operationId: '%2Fapi%2Fstatus#0' + description: Get a list of all prompts. + operationId: FindPrompts parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: Set to "true" to get the response in v7 format. + - description: Field to sort by in: query - name: v7format + name: sort_field required: false schema: - type: boolean - - description: Set to "true" to get the response in v8 format. + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + - description: Sort order in: query - name: v8format + name: sort_order required: false schema: - type: boolean + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Prompts per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get prompts tags: - - system + - Security AI Assistant API + - Prompts API /api/timeline: delete: operationId: DeleteTimelines @@ -22270,273 +16680,6 @@ components: type: object title: Package policy Upgrade dryrun type: array - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. - type: object - properties: - status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall - required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. - type: object - properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. - type: string - status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins - uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. - type: string - version: - additionalProperties: false - type: object - properties: - build_date: - description: The date and time of this build. - type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. - enum: - - serverless - - traditional - type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. - type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. - type: string - required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date - required: - - name - - uuid - - version - - status - - metrics Machine_learning_APIs_mlSync200Response: properties: datafeedsAdded: @@ -33728,7 +27871,6 @@ components: security: - apiKeyAuth: [] tags: - - name: alerting - description: > Configure APM agent keys to authorize requests from APM agents to the APM Server. @@ -33738,7 +27880,6 @@ tags: Annotations enable you to easily see how events are impacting the performance of your applications. name: APM annotations - - name: connectors - name: Data streams - description: >- Data view APIs enable you to manage data views, formerly known as Kibana @@ -33820,5 +27961,3 @@ tags: x-displayName: Security timeline - description: 'SLO APIs enable you to define, manage and track service-level objectives' name: slo - - name: spaces - - name: system diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index ecfc211c98e1e..9415fc6da6d07 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -73,7 +73,6 @@ servers: default: localhost port: default: '5601' - - url: 'http://localhost:5622' - url: 'https://{kibana_url}' variables: kibana_url: @@ -83,5261 +82,6 @@ servers: - description: local url: 'http://localhost:5601' paths: - /api/actions: - get: - deprecated: true - operationId: '%2Fapi%2Factions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/action: - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionTypeId: - description: The connector type identifier. - type: string - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - actionTypeId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - '/api/actions/action/{id}': - delete: - deprecated: true - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - put: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - '/api/actions/action/{id}/_execute': - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connector_types: - get: - description: You do not need any Kibana feature privileges to run this API. - operationId: '%2Fapi%2Factions%2Fconnector_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id - required: false - schema: - type: string - responses: {} - summary: Get connector types - tags: - - connectors - '/api/actions/connector/{id}': - delete: - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - post: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - connector_type_id: - description: The type of connector. - type: string - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - connector_type_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - put: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - '/api/actions/connector/{id}/_execute': - post: - description: >- - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connectors: - get: - operationId: '%2Fapi%2Factions%2Fconnectors#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/list_action_types: - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Flist_action_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get connector types - tags: - - connectors - '/api/alerting/rule/{id}': - delete: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Delete a rule - tags: - - alerting - get: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Get rule details - tags: - - alerting - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The identifier for the rule. If it is omitted, an ID is randomly - generated. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Conditions that affect whether the action runs. If you - specify multiple conditions, all conditions must be - met for the action to run. For example, if an alert - occurs within the specified time frame and matches the - query, the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, `infrastructure`, - `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, - `siem`, `stackAlerts`, or `uptime`. - type: string - enabled: - default: true - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - rule_type_id: - description: The rule type identifier. - type: string - schedule: - additionalProperties: false - description: >- - The check interval, which specifies how frequently the rule - conditions are checked. - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - description: The tags for the rule. - items: - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - rule_type_id - - consumer - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '409': - description: Indicates that the rule id is already in use. - summary: Create a rule - tags: - - alerting - put: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - items: - description: The tags for the rule. - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update a rule - tags: - - alerting - '/api/alerting/rule/{id}/_disable': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - untrack: - description: Defines whether this rule's alerts should be untracked. - type: boolean - x-oas-optional: true - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Disable a rule - tags: - - alerting - '/api/alerting/rule/{id}/_enable': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Enable a rule - tags: - - alerting - '/api/alerting/rule/{id}/_mute_all': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Mute all alerts - tags: - - alerting - '/api/alerting/rule/{id}/_unmute_all': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Unmute all alerts - tags: - - alerting - '/api/alerting/rule/{id}/_update_api_key': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update the API key for a rule - tags: - - alerting - '/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute': - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Mute an alert - tags: - - alerting - '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute': - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Unmute an alert - tags: - - alerting - /api/alerting/rules/_find: - get: - operationId: '%2Fapi%2Falerting%2Frules%2F_find#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The number of rules to return per page. - in: query - name: per_page - required: false - schema: - default: 10 - minimum: 0 - type: number - - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: number - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. - in: query - name: search - required: false - schema: - type: string - - description: The default operator to use for the simple_query_string. - in: query - name: default_search_operator - required: false - schema: - default: OR - enum: - - OR - - AND - type: string - - description: The fields to perform the simple_query_string parsed query against. - in: query - name: search_fields - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - description: >- - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order. - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - required: false - schema: - additionalProperties: false - nullable: true - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - - in: query - name: fields - required: false - schema: - items: - description: The fields to return in the `attributes` key of the response. - type: string - type: array - - description: >- - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - required: false - schema: - type: string - - in: query - name: filter_consumers - required: false - schema: - items: - description: List of consumers to filter. - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - summary: Get information about rules - tags: - - alerting /api/apm/agent_keys: post: description: Create a new agent key for APM. @@ -15876,264 +10620,27 @@ paths: statusCode: type: number description: Generic Error - summary: Get anonymization fields - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Create a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a model response - tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a new Security AI Assistant conversation. - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Get a list of all conversations for the current user. - operationId: FindConversations - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get conversations - tags: - - Security AI Assistant API - - Conversations API - '/api/security_ai_assistant/current_user/conversations/{id}': - delete: - description: Delete an existing conversation using the conversation ID. - operationId: DeleteConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Delete a conversation - tags: - - Security AI Assistant API - - Conversation API - get: - description: Get the details of an existing conversation using the conversation ID. - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get a conversation + summary: Get anonymization fields tags: - Security AI Assistant API - - Conversations API - put: - description: Update an existing conversation using the conversation ID. - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + - AnonymizationFields API + /api/security_ai_assistant/chat/complete: + post: + description: Create a model response for the given chat conversation. + operationId: ChatComplete requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/octet-stream; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + format: binary + type: string description: Indicates a successful call. '400': content: @@ -16148,52 +10655,28 @@ paths: statusCode: type: number description: Generic Error - summary: Update a conversation + summary: Create a model response tags: - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: + - Chat Complete API + /api/security_ai_assistant/current_user/conversations: post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. - operationId: PerformPromptsBulkAction + description: Create a new Security AI Assistant conversation. + operationId: CreateConversation requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + #/components/schemas/Security_AI_Assistant_API_ConversationResponse description: Indicates a successful call. '400': content: @@ -16208,14 +10691,14 @@ paths: statusCode: type: number description: Generic Error - summary: Apply a bulk action to prompts + summary: Create a conversation tags: - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: + - Conversation API + /api/security_ai_assistant/current_user/conversations/_find: get: - description: Get a list of all prompts. - operationId: FindPrompts + description: Get a list of all conversations for the current user. + operationId: FindConversations parameters: - in: query name: fields @@ -16236,7 +10719,7 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - description: Sort order in: query name: sort_order @@ -16251,7 +10734,7 @@ paths: default: 1 minimum: 1 type: integer - - description: Prompts per page + - description: Conversations per page in: query name: per_page required: false @@ -16269,7 +10752,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse + #/components/schemas/Security_AI_Assistant_API_ConversationResponse type: array page: type: integer @@ -16296,344 +10779,271 @@ paths: statusCode: type: number description: Generic Error - summary: Get prompts + summary: Get conversations tags: - Security AI Assistant API - - Prompts API - /api/spaces/space: - get: - operationId: '%2Fapi%2Fspaces%2Fspace#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: - '200': - description: Indicates a successful call. - summary: Get all spaces - tags: - - spaces - post: - operationId: '%2Fapi%2Fspaces%2Fspace#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Create a space - tags: - - spaces - '/api/spaces/space/{id}': + - Conversations API + '/api/security_ai_assistant/current_user/conversations/{id}': delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' + description: Delete an existing conversation using the conversation ID. + operationId: DeleteConversation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The space identifier. + - description: The conversation's `id` value. in: path name: id required: true schema: - type: string + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse description: Indicates a successful call. - '404': - description: Indicates that the request failed. - summary: Delete a space + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Delete a conversation tags: - - spaces + - Security AI Assistant API + - Conversation API get: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' + description: Get the details of an existing conversation using the conversation ID. + operationId: ReadConversation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The space identifier. + - description: The conversation's `id` value. in: path name: id required: true schema: - type: string + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse description: Indicates a successful call. - summary: Get a space + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get a conversation tags: - - spaces + - Security AI Assistant API + - Conversations API put: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' + description: Update an existing conversation using the conversation ID. + operationId: UpdateConversation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. + - description: The conversation's `id` value. in: path name: id required: true schema: - type: string + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Update a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/prompts/_bulk_action: + post: + description: >- + Apply a bulk action to multiple prompts. The bulk action is applied to + all prompts that match the filter or to the list of prompts by their + IDs. + operationId: PerformPromptsBulkAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] + create: items: - description: The list of features that are turned off in the space. - type: string + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of prompts IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter promps + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse description: Indicates a successful call. - summary: Update a space + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to prompts tags: - - spaces - /api/status: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/prompts/_find: get: - operationId: '%2Fapi%2Fstatus#0' + description: Get a list of all prompts. + operationId: FindPrompts parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: Set to "true" to get the response in v7 format. + - description: Field to sort by in: query - name: v7format + name: sort_field required: false schema: - type: boolean - - description: Set to "true" to get the response in v8 format. + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + - description: Sort order in: query - name: v8format + name: sort_order required: false schema: - type: boolean + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Prompts per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get prompts tags: - - system + - Security AI Assistant API + - Prompts API /api/timeline: delete: operationId: DeleteTimelines @@ -22270,273 +16680,6 @@ components: type: object title: Package policy Upgrade dryrun type: array - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. - type: object - properties: - status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall - required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. - type: object - properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. - type: string - status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins - uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. - type: string - version: - additionalProperties: false - type: object - properties: - build_date: - description: The date and time of this build. - type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. - enum: - - serverless - - traditional - type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. - type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. - type: string - required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date - required: - - name - - uuid - - version - - status - - metrics Machine_learning_APIs_mlSync200Response: properties: datafeedsAdded: @@ -33728,7 +27871,6 @@ components: security: - apiKeyAuth: [] tags: - - name: alerting - description: > Configure APM agent keys to authorize requests from APM agents to the APM Server. @@ -33738,7 +27880,6 @@ tags: Annotations enable you to easily see how events are impacting the performance of your applications. name: APM annotations - - name: connectors - name: Data streams - description: >- Data view APIs enable you to manage data views, formerly known as Kibana @@ -33820,5 +27961,3 @@ tags: x-displayName: Security timeline - description: 'SLO APIs enable you to define, manage and track service-level objectives' name: slo - - name: spaces - - name: system diff --git a/oas_docs/output/kibana.staging.yaml b/oas_docs/output/kibana.staging.yaml index 508148435fbea..435389c57da66 100644 --- a/oas_docs/output/kibana.staging.yaml +++ b/oas_docs/output/kibana.staging.yaml @@ -20401,12 +20401,18 @@ paths: enum: - '2023-10-31' type: string - - in: query + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query name: replaceDeprecatedPrivileges required: false schema: type: boolean - responses: {} + responses: + '200': + description: Indicates a successful call. summary: Get all roles tags: - roles @@ -20435,7 +20441,9 @@ paths: schema: minLength: 1 type: string - responses: {} + responses: + '204': + description: Indicates a successful call. summary: Delete a role tags: - roles @@ -20450,22 +20458,32 @@ paths: enum: - '2023-10-31' type: string - - in: path + - description: The role name. + in: path name: name required: true schema: minLength: 1 type: string - - in: query + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query name: replaceDeprecatedPrivileges required: false schema: type: boolean - responses: {} + responses: + '200': + description: Indicates a successful call. summary: Get a role tags: - roles put: + description: >- + Create a new Kibana role or update the attributes of an existing role. + Kibana roles are stored in the Elasticsearch native realm. operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2' parameters: - description: The version of the API to use @@ -20483,14 +20501,16 @@ paths: schema: example: 'true' type: string - - in: path + - description: The role name. + in: path name: name required: true schema: maxLength: 1024 minLength: 1 type: string - - in: query + - description: 'When true, a role is not overwritten if it already exists.' + in: query name: createOnly required: false schema: @@ -20504,6 +20524,7 @@ paths: type: object properties: description: + description: A description for the role. maxLength: 2048 type: string elasticsearch: @@ -20512,6 +20533,9 @@ paths: properties: cluster: items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. type: string type: array indices: @@ -20520,24 +20544,55 @@ paths: type: object properties: allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + covers the restricted indices too. type: boolean field_security: additionalProperties: items: + description: >- + The document fields that the role members have + read access to. type: string type: array type: object names: items: + description: >- + The data streams, indices, and aliases to which + the permissions in this entry apply. It supports + wildcards (*). type: string minItems: 1 type: array privileges: items: + description: >- + The index level privileges that the role members + have for the data streams and indices. type: string minItems: 1 type: array query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. type: string required: - names @@ -20550,11 +20605,19 @@ paths: properties: clusters: items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. type: string minItems: 1 type: array privileges: items: + description: >- + The cluster level privileges for the remote + cluster. The allowed values are a subset of the + cluster privileges. type: string minItems: 1 type: array @@ -20568,29 +20631,64 @@ paths: type: object properties: allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + will cover the restricted indices too. type: boolean clusters: items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. type: string minItems: 1 type: array field_security: additionalProperties: items: + description: >- + The document fields that the role members have + read access to. type: string type: array type: object names: items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). type: string minItems: 1 type: array privileges: items: + description: >- + The index level privileges that role members + have for the specified indices. type: string minItems: 1 type: array query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. type: string required: - clusters @@ -20599,6 +20697,7 @@ paths: type: array run_as: items: + description: A user name that the role member can impersonate. type: string type: array kibana: @@ -20617,14 +20716,23 @@ paths: nullable: true oneOf: - items: + description: >- + A base privilege that grants applies to all + spaces. type: string type: array - items: + description: >- + A base privilege that applies to specific + spaces. type: string type: array feature: additionalProperties: items: + description: >- + The privileges that the role member has for the + feature. type: string type: array type: object @@ -20638,6 +20746,7 @@ paths: minItems: 1 type: array - items: + description: A space that the privilege applies to. type: string type: array default: @@ -20650,7 +20759,9 @@ paths: type: object required: - elasticsearch - responses: {} + responses: + '204': + description: Indicates a successful call. summary: Create or update a role tags: - roles @@ -20686,6 +20797,7 @@ paths: type: object properties: description: + description: A description for the role. maxLength: 2048 type: string elasticsearch: @@ -20694,6 +20806,9 @@ paths: properties: cluster: items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. type: string type: array indices: @@ -20702,24 +20817,58 @@ paths: type: object properties: allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field covers the restricted + indices too. type: boolean field_security: additionalProperties: items: + description: >- + The document fields that the role + members have read access to. type: string type: array type: object names: items: + description: >- + The data streams, indices, and aliases to + which the permissions in this entry apply. + It supports wildcards (*). type: string minItems: 1 type: array privileges: items: + description: >- + The index level privileges that the role + members have for the data streams and + indices. type: string minItems: 1 type: array query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role members. type: string required: - names @@ -20732,11 +20881,19 @@ paths: properties: clusters: items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. type: string minItems: 1 type: array privileges: items: + description: >- + The cluster level privileges for the + remote cluster. The allowed values are a + subset of the cluster privileges. type: string minItems: 1 type: array @@ -20750,29 +20907,67 @@ paths: type: object properties: allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field will cover the restricted + indices too. type: boolean clusters: items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. type: string minItems: 1 type: array field_security: additionalProperties: items: + description: >- + The document fields that the role + members have read access to. type: string type: array type: object names: items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). type: string minItems: 1 type: array privileges: items: + description: >- + The index level privileges that role + members have for the specified indices. type: string minItems: 1 type: array query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role + members. type: string required: - clusters @@ -20781,6 +20976,9 @@ paths: type: array run_as: items: + description: >- + A user name that the role member can + impersonate. type: string type: array kibana: @@ -20799,14 +20997,23 @@ paths: nullable: true oneOf: - items: + description: >- + A base privilege that grants applies to + all spaces. type: string type: array - items: + description: >- + A base privilege that applies to specific + spaces. type: string type: array feature: additionalProperties: items: + description: >- + The privileges that the role member has for + the feature. type: string type: array type: object @@ -20820,6 +21027,7 @@ paths: minItems: 1 type: array - items: + description: A space that the privilege applies to. type: string type: array default: @@ -20835,7 +21043,9 @@ paths: type: object required: - roles - responses: {} + responses: + '200': + description: Indicates a successful call. summary: Create or update roles tags: - roles diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 508148435fbea..435389c57da66 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -20401,12 +20401,18 @@ paths: enum: - '2023-10-31' type: string - - in: query + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query name: replaceDeprecatedPrivileges required: false schema: type: boolean - responses: {} + responses: + '200': + description: Indicates a successful call. summary: Get all roles tags: - roles @@ -20435,7 +20441,9 @@ paths: schema: minLength: 1 type: string - responses: {} + responses: + '204': + description: Indicates a successful call. summary: Delete a role tags: - roles @@ -20450,22 +20458,32 @@ paths: enum: - '2023-10-31' type: string - - in: path + - description: The role name. + in: path name: name required: true schema: minLength: 1 type: string - - in: query + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query name: replaceDeprecatedPrivileges required: false schema: type: boolean - responses: {} + responses: + '200': + description: Indicates a successful call. summary: Get a role tags: - roles put: + description: >- + Create a new Kibana role or update the attributes of an existing role. + Kibana roles are stored in the Elasticsearch native realm. operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2' parameters: - description: The version of the API to use @@ -20483,14 +20501,16 @@ paths: schema: example: 'true' type: string - - in: path + - description: The role name. + in: path name: name required: true schema: maxLength: 1024 minLength: 1 type: string - - in: query + - description: 'When true, a role is not overwritten if it already exists.' + in: query name: createOnly required: false schema: @@ -20504,6 +20524,7 @@ paths: type: object properties: description: + description: A description for the role. maxLength: 2048 type: string elasticsearch: @@ -20512,6 +20533,9 @@ paths: properties: cluster: items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. type: string type: array indices: @@ -20520,24 +20544,55 @@ paths: type: object properties: allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + covers the restricted indices too. type: boolean field_security: additionalProperties: items: + description: >- + The document fields that the role members have + read access to. type: string type: array type: object names: items: + description: >- + The data streams, indices, and aliases to which + the permissions in this entry apply. It supports + wildcards (*). type: string minItems: 1 type: array privileges: items: + description: >- + The index level privileges that the role members + have for the data streams and indices. type: string minItems: 1 type: array query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. type: string required: - names @@ -20550,11 +20605,19 @@ paths: properties: clusters: items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. type: string minItems: 1 type: array privileges: items: + description: >- + The cluster level privileges for the remote + cluster. The allowed values are a subset of the + cluster privileges. type: string minItems: 1 type: array @@ -20568,29 +20631,64 @@ paths: type: object properties: allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + will cover the restricted indices too. type: boolean clusters: items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. type: string minItems: 1 type: array field_security: additionalProperties: items: + description: >- + The document fields that the role members have + read access to. type: string type: array type: object names: items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). type: string minItems: 1 type: array privileges: items: + description: >- + The index level privileges that role members + have for the specified indices. type: string minItems: 1 type: array query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. type: string required: - clusters @@ -20599,6 +20697,7 @@ paths: type: array run_as: items: + description: A user name that the role member can impersonate. type: string type: array kibana: @@ -20617,14 +20716,23 @@ paths: nullable: true oneOf: - items: + description: >- + A base privilege that grants applies to all + spaces. type: string type: array - items: + description: >- + A base privilege that applies to specific + spaces. type: string type: array feature: additionalProperties: items: + description: >- + The privileges that the role member has for the + feature. type: string type: array type: object @@ -20638,6 +20746,7 @@ paths: minItems: 1 type: array - items: + description: A space that the privilege applies to. type: string type: array default: @@ -20650,7 +20759,9 @@ paths: type: object required: - elasticsearch - responses: {} + responses: + '204': + description: Indicates a successful call. summary: Create or update a role tags: - roles @@ -20686,6 +20797,7 @@ paths: type: object properties: description: + description: A description for the role. maxLength: 2048 type: string elasticsearch: @@ -20694,6 +20806,9 @@ paths: properties: cluster: items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. type: string type: array indices: @@ -20702,24 +20817,58 @@ paths: type: object properties: allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field covers the restricted + indices too. type: boolean field_security: additionalProperties: items: + description: >- + The document fields that the role + members have read access to. type: string type: array type: object names: items: + description: >- + The data streams, indices, and aliases to + which the permissions in this entry apply. + It supports wildcards (*). type: string minItems: 1 type: array privileges: items: + description: >- + The index level privileges that the role + members have for the data streams and + indices. type: string minItems: 1 type: array query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role members. type: string required: - names @@ -20732,11 +20881,19 @@ paths: properties: clusters: items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. type: string minItems: 1 type: array privileges: items: + description: >- + The cluster level privileges for the + remote cluster. The allowed values are a + subset of the cluster privileges. type: string minItems: 1 type: array @@ -20750,29 +20907,67 @@ paths: type: object properties: allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field will cover the restricted + indices too. type: boolean clusters: items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. type: string minItems: 1 type: array field_security: additionalProperties: items: + description: >- + The document fields that the role + members have read access to. type: string type: array type: object names: items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). type: string minItems: 1 type: array privileges: items: + description: >- + The index level privileges that role + members have for the specified indices. type: string minItems: 1 type: array query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role + members. type: string required: - clusters @@ -20781,6 +20976,9 @@ paths: type: array run_as: items: + description: >- + A user name that the role member can + impersonate. type: string type: array kibana: @@ -20799,14 +20997,23 @@ paths: nullable: true oneOf: - items: + description: >- + A base privilege that grants applies to + all spaces. type: string type: array - items: + description: >- + A base privilege that applies to specific + spaces. type: string type: array feature: additionalProperties: items: + description: >- + The privileges that the role member has for + the feature. type: string type: array type: object @@ -20820,6 +21027,7 @@ paths: minItems: 1 type: array - items: + description: A space that the privilege applies to. type: string type: array default: @@ -20835,7 +21043,9 @@ paths: type: object required: - roles - responses: {} + responses: + '200': + description: Indicates a successful call. summary: Create or update roles tags: - roles diff --git a/oas_docs/overlays/kibana.overlays.serverless.yaml b/oas_docs/overlays/kibana.overlays.serverless.yaml deleted file mode 100644 index 64040383ae38c..0000000000000 --- a/oas_docs/overlays/kibana.overlays.serverless.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# overlays.yaml -overlay: 1.0.0 -info: - title: Overlays for the Kibana API document - version: 0.0.1 -actions: - # Clean up server definitions - - target: '$.servers.*' - description: Remove all servers so we can add our own. - remove: true - - target: '$.servers' - description: Add server into the now empty server array. - update: - - url: https://{kibana_url} - variables: - kibana_url: - default: localhost:5601 - # Mark all operations as beta - - target: "$.paths[*]['get','put','post','delete','options','head','patch','trace']" - description: Add x-beta - update: - x-beta: true - # Add some tag descriptions and displayNames - - target: '$.tags[?(@.name=="alerting")]' - description: Change tag description and displayName - update: - description: > - Alerting enables you to define rules, which detect complex conditions within your data. - When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. - Actions typically involve the use of connectors to interact with Kibana services or third party integrations. - externalDocs: - description: Alerting documentation - url: https://www.elastic.co/docs/current/serverless/rules - x-displayName: "Alerting" - - target: '$.tags[?(@.name=="connectors")]' - description: Change tag description and displayName - update: - description: > - Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. - Alerting rules can use connectors to run actions when rule conditions are met. - externalDocs: - description: Connector documentation - url: https://www.elastic.co/docs/current/serverless/action-connectors - x-displayName: "Connectors" - - target: '$.tags[?(@.name=="data views")]' - description: Change displayName - update: - x-displayName: "Data views" - - target: '$.tags[?(@.name=="ml")]' - description: Change displayName - update: - x-displayName: "Machine learning" - - target: '$.tags[?(@.name=="slo")]' - description: Change displayName - update: - x-displayName: "Service level objectives" - - target: '$.tags[?(@.name=="spaces")]' - description: Change displayName - update: - x-displayName: "Spaces" - description: Manage your Kibana spaces. - - target: '$.tags[?(@.name=="system")]' - description: Change displayName and description - update: - x-displayName: "System" - description: > - Get information about the system status, resource usage, and installed plugins. - # Remove extra tags from operations - - target: "$.paths[*][*].tags[1:]" - description: Remove all but first tag from operations - remove: true \ No newline at end of file diff --git a/oas_docs/overlays/kibana.overlays.yaml b/oas_docs/overlays/kibana.overlays.yaml index 4a21c029ef80a..3deb9c932bdee 100644 --- a/oas_docs/overlays/kibana.overlays.yaml +++ b/oas_docs/overlays/kibana.overlays.yaml @@ -23,7 +23,7 @@ actions: If you use the Kibana console to send API requests, it automatically adds the appropriate space identifier. - To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html). + To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/8.16/xpack-spaces.html). # Add some tag descriptions and displayNames - target: '$.tags[?(@.name=="alerting")]' description: Change tag description and displayName @@ -34,7 +34,7 @@ actions: Actions typically involve the use of connectors to interact with Kibana services or third party integrations. externalDocs: description: Alerting documentation - url: https://www.elastic.co/guide/en/kibana/master/alerting-getting-started.html + url: https://www.elastic.co/guide/en/kibana/8.16/alerting-getting-started.html x-displayName: "Alerting" - target: '$.tags[?(@.name=="cases")]' description: Change tag description and displayName @@ -45,7 +45,7 @@ actions: You can also send cases to external incident management systems by configuring connectors. externalDocs: description: Cases documentation - url: https://www.elastic.co/guide/en/kibana/master/cases.html + url: https://www.elastic.co/guide/en/kibana/8.16/cases.html x-displayName: "Cases" - target: '$.tags[?(@.name=="connectors")]' description: Change tag description and displayName @@ -55,7 +55,7 @@ actions: Alerting rules can use connectors to run actions when rule conditions are met. externalDocs: description: Connector documentation - url: https://www.elastic.co/guide/en/kibana/current/action-types.html + url: https://www.elastic.co/guide/en/kibana/8.x/action-types.html x-displayName: "Connectors" - target: '$.tags[?(@.name=="data views")]' description: Change displayName @@ -72,7 +72,7 @@ actions: description: Manage the roles that grant Elasticsearch and Kibana privileges. externalDocs: description: Kibana role management - url: https://www.elastic.co/guide/en/kibana/master/kibana-role-management.html + url: https://www.elastic.co/guide/en/kibana/8.16/kibana-role-management.html - target: '$.tags[?(@.name=="slo")]' description: Change displayName update: @@ -83,7 +83,7 @@ actions: x-displayName: "Spaces" description: Manage your Kibana spaces. externalDocs: - url: https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html + url: https://www.elastic.co/guide/en/kibana/8.16/xpack-spaces.html description: Space overview - target: '$.tags[?(@.name=="system")]' description: Change displayName and description @@ -164,4 +164,39 @@ actions: application/json; Elastic-Api-Version=2023-10-31: examples: updateObjectSpacesResponseExample1: - $ref: "../examples/update_saved_objects_spaces_response1.yaml" \ No newline at end of file + $ref: "../examples/update_saved_objects_spaces_response1.yaml" + - target: "$.paths['/api/security/role/{name}']['put']" + description: "Add examples to create role API" + update: + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createRoleRequest1: + $ref: "../examples/create_role_request1.yaml" + createRoleRequest2: + $ref: "../examples/create_role_request2.yaml" + createRoleRequest3: + $ref: "../examples/create_role_request3.yaml" + createRoleRequest4: + $ref: "../examples/create_role_request4.yaml" + - target: "$.paths['/api/security/role/{name}']['get']" + description: "Add example to get role API" + update: + responses: + 200: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getRoleResponse1: + $ref: '../examples/get_role_response1.yaml' + - target: "$.paths['/api/security/role']['get']" + description: "Add example to get roles API" + update: + responses: + 200: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getRolesResponse1: + $ref: '../examples/get_roles_response1.yaml' diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/role_schema.ts b/x-pack/packages/security/plugin_types_server/src/authorization/role_schema.ts index 3d673fa25dc5f..6a10b3a4ee2ad 100644 --- a/x-pack/packages/security/plugin_types_server/src/authorization/role_schema.ts +++ b/x-pack/packages/security/plugin_types_server/src/authorization/role_schema.ts @@ -20,8 +20,16 @@ export const elasticsearchRoleSchema = schema.object({ * An optional list of cluster privileges. These privileges define the cluster level actions that * users with this role are able to execute */ - cluster: schema.maybe(schema.arrayOf(schema.string())), - + cluster: schema.maybe( + schema.arrayOf( + schema.string({ + meta: { + description: + 'Cluster privileges that define the cluster level actions that users can perform.', + }, + }) + ) + ), /** * An optional list of remote cluster privileges. These privileges define the remote cluster level actions that * users with this role are able to execute @@ -29,8 +37,24 @@ export const elasticsearchRoleSchema = schema.object({ remote_cluster: schema.maybe( schema.arrayOf( schema.object({ - privileges: schema.arrayOf(schema.string(), { minSize: 1 }), - clusters: schema.arrayOf(schema.string(), { minSize: 1 }), + privileges: schema.arrayOf( + schema.string({ + meta: { + description: + 'The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.', + }, + }), + { minSize: 1 } + ), + clusters: schema.arrayOf( + schema.string({ + meta: { + description: + 'A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.', + }, + }), + { minSize: 1 } + ), }) ) ), @@ -45,7 +69,15 @@ export const elasticsearchRoleSchema = schema.object({ * Required list of indices (or index name patterns) to which the permissions in this * entry apply. */ - names: schema.arrayOf(schema.string(), { minSize: 1 }), + names: schema.arrayOf( + schema.string({ + meta: { + description: + 'The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).', + }, + }), + { minSize: 1 } + ), /** * An optional set of the document fields that the owners of the role have read access to. @@ -53,7 +85,13 @@ export const elasticsearchRoleSchema = schema.object({ field_security: schema.maybe( schema.recordOf( schema.oneOf([schema.literal('grant'), schema.literal('except')]), - schema.arrayOf(schema.string()) + schema.arrayOf( + schema.string({ + meta: { + description: 'The document fields that the role members have read access to.', + }, + }) + ) ) ), @@ -61,20 +99,42 @@ export const elasticsearchRoleSchema = schema.object({ * Required list of the index level privileges that the owners of the role have on the * specified indices. */ - privileges: schema.arrayOf(schema.string(), { minSize: 1 }), + privileges: schema.arrayOf( + schema.string({ + meta: { + description: + 'The index level privileges that the role members have for the data streams and indices.', + }, + }), + { minSize: 1 } + ), /** * An optional search query that defines the documents the owners of the role have read access * to. A document within the specified indices must match this query in order for it to be * accessible by the owners of the role. */ - query: schema.maybe(schema.string()), + query: schema.maybe( + schema.string({ + meta: { + description: + 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.', + }, + }) + ), /** * An optional flag used to indicate if index pattern wildcards or regexps should cover * restricted indices. */ - allow_restricted_indices: schema.maybe(schema.boolean()), + allow_restricted_indices: schema.maybe( + schema.boolean({ + meta: { + description: + 'Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.', + }, + }) + ), }) ) ), @@ -88,13 +148,29 @@ export const elasticsearchRoleSchema = schema.object({ /** * Required list of remote clusters to which the permissions in this entry apply. */ - clusters: schema.arrayOf(schema.string(), { minSize: 1 }), + clusters: schema.arrayOf( + schema.string({ + meta: { + description: + 'A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.', + }, + }), + { minSize: 1 } + ), /** * Required list of remote indices (or index name patterns) to which the permissions in this * entry apply. */ - names: schema.arrayOf(schema.string(), { minSize: 1 }), + names: schema.arrayOf( + schema.string({ + meta: { + description: + 'A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).', + }, + }), + { minSize: 1 } + ), /** * An optional set of the document fields that the owners of the role have read access to. @@ -102,7 +178,13 @@ export const elasticsearchRoleSchema = schema.object({ field_security: schema.maybe( schema.recordOf( schema.oneOf([schema.literal('grant'), schema.literal('except')]), - schema.arrayOf(schema.string()) + schema.arrayOf( + schema.string({ + meta: { + description: 'The document fields that the role members have read access to.', + }, + }) + ) ) ), @@ -110,20 +192,42 @@ export const elasticsearchRoleSchema = schema.object({ * Required list of the index level privileges that the owners of the role have on the * specified indices. */ - privileges: schema.arrayOf(schema.string(), { minSize: 1 }), + privileges: schema.arrayOf( + schema.string({ + meta: { + description: + 'The index level privileges that role members have for the specified indices.', + }, + }), + { minSize: 1 } + ), /** * An optional search query that defines the documents the owners of the role have read access * to. A document within the specified indices must match this query in order for it to be * accessible by the owners of the role. */ - query: schema.maybe(schema.string()), + query: schema.maybe( + schema.string({ + meta: { + description: + 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ', + }, + }) + ), /** * An optional flag used to indicate if index pattern wildcards or regexps should cover * restricted indices. */ - allow_restricted_indices: schema.maybe(schema.boolean()), + allow_restricted_indices: schema.maybe( + schema.boolean({ + meta: { + description: + 'Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.', + }, + }) + ), }) ) ), @@ -131,7 +235,13 @@ export const elasticsearchRoleSchema = schema.object({ /** * An optional list of users that the owners of this role can impersonate. */ - run_as: schema.maybe(schema.arrayOf(schema.string())), + run_as: schema.maybe( + schema.arrayOf( + schema.string({ + meta: { description: 'A user name that the role member can impersonate.' }, + }) + ) + ), }); const allSpacesSchema = schema.arrayOf(schema.literal(GLOBAL_RESOURCE), { @@ -147,6 +257,7 @@ const spacesSchema = schema.oneOf( allSpacesSchema, schema.arrayOf( schema.string({ + meta: { description: 'A space that the privilege applies to.' }, validate(value) { if (!/^[a-z0-9_-]+$/.test(value)) { return `must be lower case, a-z, 0-9, '_', and '-' are allowed`; @@ -188,6 +299,7 @@ export const getKibanaRoleSchema = ( allSpacesSchema, schema.arrayOf( schema.string({ + meta: { description: 'A base privilege that grants applies to all spaces.' }, validate(value) { const globalPrivileges = getBasePrivilegeNames().global; if (!globalPrivileges.some((privilege) => privilege === value)) { @@ -198,6 +310,7 @@ export const getKibanaRoleSchema = ( ), schema.arrayOf( schema.string({ + meta: { description: 'A base privilege that applies to specific spaces.' }, validate(value) { const spacePrivileges = getBasePrivilegeNames().space; if (!spacePrivileges.some((privilege) => privilege === value)) { @@ -218,6 +331,7 @@ export const getKibanaRoleSchema = ( feature: schema.maybe( schema.recordOf( schema.string({ + meta: { description: 'The name of a feature.' }, validate(value) { if (!FEATURE_NAME_VALUE_REGEX.test(value)) { return `only a-z, A-Z, 0-9, '_', and '-' are allowed`; @@ -226,6 +340,7 @@ export const getKibanaRoleSchema = ( }), schema.arrayOf( schema.string({ + meta: { description: 'The privileges that the role member has for the feature.' }, validate(value) { if (!FEATURE_NAME_VALUE_REGEX.test(value)) { return `only a-z, A-Z, 0-9, '_', and '-' are allowed`; diff --git a/x-pack/plugins/security/server/routes/authorization/roles/delete.ts b/x-pack/plugins/security/server/routes/authorization/roles/delete.ts index fe7c97b32d27b..07f314da4232b 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/delete.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/delete.ts @@ -29,6 +29,11 @@ export function defineDeleteRolesRoutes({ router }: RouteDefinitionParams) { request: { params: schema.object({ name: schema.string({ minLength: 1 }) }), }, + response: { + 204: { + description: 'Indicates a successful call.', + }, + }, }, }, createLicensedRouteHandler(async (context, request, response) => { diff --git a/x-pack/plugins/security/server/routes/authorization/roles/get.ts b/x-pack/plugins/security/server/routes/authorization/roles/get.ts index 4159dd7ac62dc..63bfa38b76221 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/get.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/get.ts @@ -34,11 +34,30 @@ export function defineGetRolesRoutes({ version: API_VERSIONS.roles.public.v1, validate: { request: { - params: schema.object({ name: schema.string({ minLength: 1 }) }), + params: schema.object({ + name: schema.string({ + minLength: 1, + meta: { description: 'The role name.' }, + }), + }), query: schema.maybe( - schema.object({ replaceDeprecatedPrivileges: schema.maybe(schema.boolean()) }) + schema.object({ + replaceDeprecatedPrivileges: schema.maybe( + schema.boolean({ + meta: { + description: + 'If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.', + }, + }) + ), + }) ), }, + response: { + 200: { + description: 'Indicates a successful call.', + }, + }, }, }, createLicensedRouteHandler(async (context, request, response) => { diff --git a/x-pack/plugins/security/server/routes/authorization/roles/get_all.ts b/x-pack/plugins/security/server/routes/authorization/roles/get_all.ts index 69acdc24a317c..ef4a008ecb708 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/get_all.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/get_all.ts @@ -36,9 +36,23 @@ export function defineGetAllRolesRoutes({ validate: { request: { query: schema.maybe( - schema.object({ replaceDeprecatedPrivileges: schema.maybe(schema.boolean()) }) + schema.object({ + replaceDeprecatedPrivileges: schema.maybe( + schema.boolean({ + meta: { + description: + 'If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.', + }, + }) + ), + }) ), }, + response: { + 200: { + description: 'Indicates a successful call.', + }, + }, }, }, createLicensedRouteHandler(async (context, request, response) => { diff --git a/x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts b/x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts index 52c8178a651a7..4022098b9fd56 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts @@ -53,13 +53,28 @@ export function getPutPayloadSchema( /** * Optional text to describe the Role */ - description: schema.maybe(schema.string({ maxLength: 2048 })), + description: schema.maybe( + schema.string({ + maxLength: 2048, + meta: { description: 'A description for the role.' }, + }) + ), /** * An optional meta-data dictionary. Within the metadata, keys that begin with _ are reserved * for system usage. */ - metadata: schema.maybe(schema.recordOf(schema.string(), schema.any())), + metadata: schema.maybe( + schema.recordOf( + schema.string({ + meta: { + description: + 'A metadata dictionary. Keys that begin with `_` are reserved for system usage.', + }, + }), + schema.any() + ) + ), /** * Elasticsearch specific portion of the role definition. diff --git a/x-pack/plugins/security/server/routes/authorization/roles/post.ts b/x-pack/plugins/security/server/routes/authorization/roles/post.ts index 0fe918ee5cc3e..949553e960c9b 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/post.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/post.ts @@ -62,6 +62,11 @@ export function defineBulkCreateOrUpdateRolesRoutes({ }; }), }, + response: { + 200: { + description: 'Indicates a successful call.', + }, + }, }, }, createLicensedRouteHandler(async (context, request, response) => { diff --git a/x-pack/plugins/security/server/routes/authorization/roles/put.ts b/x-pack/plugins/security/server/routes/authorization/roles/put.ts index 16e2ab819e781..268c84ff7420e 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/put.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/put.ts @@ -26,6 +26,8 @@ export function definePutRolesRoutes({ path: '/api/security/role/{name}', access: 'public', summary: `Create or update a role`, + description: + 'Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.', options: { tags: ['oas-tag:roles'], }, @@ -35,8 +37,19 @@ export function definePutRolesRoutes({ version: API_VERSIONS.roles.public.v1, validate: { request: { - params: schema.object({ name: schema.string({ minLength: 1, maxLength: 1024 }) }), - query: schema.object({ createOnly: schema.boolean({ defaultValue: false }) }), + params: schema.object({ + name: schema.string({ + minLength: 1, + maxLength: 1024, + meta: { description: 'The role name.' }, + }), + }), + query: schema.object({ + createOnly: schema.boolean({ + defaultValue: false, + meta: { description: 'When true, a role is not overwritten if it already exists.' }, + }), + }), body: getPutPayloadSchema(() => { const privileges = authz.privileges.get(); return { @@ -45,6 +58,11 @@ export function definePutRolesRoutes({ }; }), }, + response: { + 204: { + description: 'Indicates a successful call.', + }, + }, }, }, createLicensedRouteHandler(async (context, request, response) => {