From 3c69c3f1c45ebdd6761178327d6dd79bdbc9a92e Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Fri, 29 Nov 2024 12:57:39 +0000 Subject: [PATCH 01/10] [DOCS] Adds conceptual content to API docs --- .../scripts/openapi_bundle.js | 24 ++++++- .../scripts/openapi_bundle.js | 70 ++++++++++++++++++- .../scripts/openapi/bundle_detections.js | 12 +++- 3 files changed, 99 insertions(+), 7 deletions(-) diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js index 83c84d91daaf5..58ee0d970b793 100644 --- a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js @@ -33,7 +33,17 @@ const ROOT = resolve(__dirname, '..'); name: 'Security Exceptions API', 'x-displayName': 'Security exceptions', description: - "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", + "Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.\n\n\ +Exceptions are made up of:\n\n\ +* **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.\n\ +* **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert.\n\n\ +For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.\n\ +> info\n\ +> You cannot use lists with endpoint rule exceptions.\n\n\ +> info\n\ +> Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.\n\n\ +## Exceptions requirements\n\n\ +Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui)." }, ], }, @@ -59,7 +69,17 @@ const ROOT = resolve(__dirname, '..'); name: 'Security Exceptions API', 'x-displayName': 'Security exceptions', description: - "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", + "Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.\n\n\ +Exceptions are made up of:\n\n\ +* **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.\n\ +* **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert.\n\n\ +For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.\n\ +> info\n\ +> You cannot use lists with endpoint rule exceptions.\n\n\ +> info\n\ +> Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.\n\n\ +## Exceptions requirements\n\n\ +Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui)." }, ], }, diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js index b8ea2ea2e8377..dd00312df81f7 100644 --- a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js @@ -32,7 +32,40 @@ const ROOT = resolve(__dirname, '..'); name: 'Security Lists API', 'x-displayName': 'Security lists', description: - 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', + "Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts.\n\n\ +Lists are made up of:\n\n\ +* **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used:\n\ + * `boolean`\n\ + * `byte`\n\ + * `date`\n\ + * `date_nanos`\n\ + * `date_range`\n\ + * `double`\n\ + * `double_range`\n\ + * `float`\n\ + * `float_range`\n\ + * `half_float`\n\ + * `integer`\n\ + * `integer_range`\n\ + * `ip`\n\ + * `ip_range`\n\ + * `keyword`\n\ + * `long`\n\ + * `long_range`\n\ + * `short`\n\ + * `text`\n\ +* **List items**: The values used to determine whether the exception prevents an alert from being generated.\n\n\ +All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address:\n\ +1. `192.168.1.1`\n\ +2. `192.168.1.3`\n\ +3. `192.168.1.18`\n\ +4. `192.168.1.12`\n\ +5. `192.168.1.7`\n\n\ +To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to create an exception item that references the `internal-ip-addresses-southport` list.\n\ +> info\n\ +> Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object.\n\n\ +## Lists requirements\n\n\ +Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements." }, ], }, @@ -57,7 +90,40 @@ const ROOT = resolve(__dirname, '..'); name: 'Security Lists API', 'x-displayName': 'Security lists', description: - 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', + "Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts.\n\n\ +Lists are made up of:\n\n\ +* **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used:\n\ + * `boolean`\n\ + * `byte`\n\ + * `date`\n\ + * `date_nanos`\n\ + * `date_range`\n\ + * `double`\n\ + * `double_range`\n\ + * `float`\n\ + * `float_range`\n\ + * `half_float`\n\ + * `integer`\n\ + * `integer_range`\n\ + * `ip`\n\ + * `ip_range`\n\ + * `keyword`\n\ + * `long`\n\ + * `long_range`\n\ + * `short`\n\ + * `text`\n\ +* **List items**: The values used to determine whether the exception prevents an alert from being generated.\n\n\ +All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address:\n\ +1. `192.168.1.1`\n\ +2. `192.168.1.3`\n\ +3. `192.168.1.18`\n\ +4. `192.168.1.12`\n\ +5. `192.168.1.7`\n\n\ +To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to create an exception item that references the `internal-ip-addresses-southport` list.\n\ +> info\n\ +> Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object.\n\n\ +## Lists requirements\n\n\ +Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements." }, ], }, diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js index 2c0e36f3db8ee..03022b8f672a9 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js @@ -24,14 +24,17 @@ const ROOT = resolve(__dirname, '../..'); info: { title: 'Security Detections API (Elastic Cloud Serverless)', description: - 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', + 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the **Detections** page.', }, tags: [ { name: 'Security Detections API', 'x-displayName': 'Security detections', description: - 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', + 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.\n\ +> warn\n\ +> If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.\n\n\ +> If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.', }, ], }, @@ -57,7 +60,10 @@ const ROOT = resolve(__dirname, '../..'); name: 'Security Detections API', 'x-displayName': 'Security detections', description: - 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', + 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the **Detections** page.\n\ +> warn\n\ +> If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.\n\n\ +> If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.', }, ], }, From e85d223e5de6b428c8b989c81d6686e321d76833 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:07:36 +0000 Subject: [PATCH 02/10] [CI] Auto-commit changed files from 'yarn openapi:bundle' --- ...eptions_api_2023_10_31.bundled.schema.yaml | 51 ++++++++++++- ...eptions_api_2023_10_31.bundled.schema.yaml | 51 ++++++++++++- ...n_lists_api_2023_10_31.bundled.schema.yaml | 72 ++++++++++++++++++- ...n_lists_api_2023_10_31.bundled.schema.yaml | 72 ++++++++++++++++++- ...ections_api_2023_10_31.bundled.schema.yaml | 12 +++- ...ections_api_2023_10_31.bundled.schema.yaml | 12 +++- 6 files changed, 260 insertions(+), 10 deletions(-) diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index bf290e872f915..afc00d4248414 100644 --- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -1900,8 +1900,53 @@ security: - BasicAuth: [] tags: - description: >- - Exceptions API allows you to manage detection rule exceptions to prevent a - rule from generating an alert from incoming events even when the rule's - other criteria are met. + Exceptions are associated with detection and endpoint rules, and are used + to prevent a rule from generating an alert from incoming events, even when + the rule's other criteria are met. They can help reduce the number of + false positives and prevent trusted processes and network activity from + generating unnecessary alerts. + + + Exceptions are made up of: + + + * **Exception containers**: A container for related exceptions. Generally, + a single exception container contains all the exception items relevant for + a subset of rules. For example, a container can be used to group together + network-related exceptions that are relevant for a large number of network + rules. The container can then be associated with all the relevant rules. + + * **Exception items**: The query (fields, values, and logic) used to + prevent rules from generating alerts. When an exception item's query + evaluates to `true`, the rule does not generate an alert. + + + For detection rules, you can also use lists to define rule exceptions. A + list holds multiple values of the same Elasticsearch data type, such as IP + addresses. These values are used to determine when an exception prevents + an alert from being generated. + + > info + + > You cannot use lists with endpoint rule exceptions. + + + > info + + > Only exception containers can be associated with rules. You cannot + directly associate an exception item or a list container with a rule. To + use list exceptions, create an exception item that references the relevant + list container. + + + ## Exceptions requirements + + + Before you can start working with exceptions that use value lists, you + must create the `.lists` and `.items` data streams for the relevant Kibana + space. To do this, use the Create list data streams endpoint. Once these + data streams are created, your role needs privileges to manage rules. For + a complete list of requirements, refer to [Enable and access + detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index 115658261c909..481f1dde3494b 100644 --- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -1900,8 +1900,53 @@ security: - BasicAuth: [] tags: - description: >- - Exceptions API allows you to manage detection rule exceptions to prevent a - rule from generating an alert from incoming events even when the rule's - other criteria are met. + Exceptions are associated with detection and endpoint rules, and are used + to prevent a rule from generating an alert from incoming events, even when + the rule's other criteria are met. They can help reduce the number of + false positives and prevent trusted processes and network activity from + generating unnecessary alerts. + + + Exceptions are made up of: + + + * **Exception containers**: A container for related exceptions. Generally, + a single exception container contains all the exception items relevant for + a subset of rules. For example, a container can be used to group together + network-related exceptions that are relevant for a large number of network + rules. The container can then be associated with all the relevant rules. + + * **Exception items**: The query (fields, values, and logic) used to + prevent rules from generating alerts. When an exception item's query + evaluates to `true`, the rule does not generate an alert. + + + For detection rules, you can also use lists to define rule exceptions. A + list holds multiple values of the same Elasticsearch data type, such as IP + addresses. These values are used to determine when an exception prevents + an alert from being generated. + + > info + + > You cannot use lists with endpoint rule exceptions. + + + > info + + > Only exception containers can be associated with rules. You cannot + directly associate an exception item or a list container with a rule. To + use list exceptions, create an exception item that references the relevant + list container. + + + ## Exceptions requirements + + + Before you can start working with exceptions that use value lists, you + must create the `.lists` and `.items` data streams for the relevant Kibana + space. To do this, use the Create list data streams endpoint. Once these + data streams are created, your role needs privileges to manage rules. For + a complete list of requirements, refer to [Enable and access + detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml index 17eef19505e40..0c07db29611e0 100644 --- a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml @@ -1562,6 +1562,76 @@ components: security: - BasicAuth: [] tags: - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + - description: >- + Lists can be used with detection rule exceptions to define values that + prevent a rule from generating alerts. + + + Lists are made up of: + + + * **List containers**: A container for values of the same Elasticsearch + data type. The following data types can be used: + * `boolean` + * `byte` + * `date` + * `date_nanos` + * `date_range` + * `double` + * `double_range` + * `float` + * `float_range` + * `half_float` + * `integer` + * `integer_range` + * `ip` + * `ip_range` + * `keyword` + * `long` + * `long_range` + * `short` + * `text` + * **List items**: The values used to determine whether the exception + prevents an alert from being generated. + + + All list items in the same list container must be of the same data type, + and each item defines a single value. For example, an IP list container + named `internal-ip-addresses-southport` contains five items, where each + item defines one internal IP address: + + 1. `192.168.1.1` + + 2. `192.168.1.3` + + 3. `192.168.1.18` + + 4. `192.168.1.12` + + 5. `192.168.1.7` + + + To use these IP addresses as values for defining rule exceptions, use the + Security exceptions API to create an exception item that references the + `internal-ip-addresses-southport` list. + + > info + + > Lists cannot be added directly to rules, nor do they define the + operators used to determine when exceptions are applied (`is in list`, `is + not in list`). Use an exception item to define the operator and associate + it with an exception container. You can then add the exception container + to a rule's `exceptions_list` object. + + + ## Lists requirements + + + Before you can start using lists, you must create the `.lists` and + `.items` data streams for the relevant Kibana space. To do this, use the + Create list data streams endpoint. Once these data streams are created, + your role needs privileges to manage rules. Refer to [Enable and access + detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui) + for a complete list of requirements. name: Security Lists API x-displayName: Security lists diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml index 5348d9404a0e3..9773d16a4ddd8 100644 --- a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml @@ -1562,6 +1562,76 @@ components: security: - BasicAuth: [] tags: - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + - description: >- + Lists can be used with detection rule exceptions to define values that + prevent a rule from generating alerts. + + + Lists are made up of: + + + * **List containers**: A container for values of the same Elasticsearch + data type. The following data types can be used: + * `boolean` + * `byte` + * `date` + * `date_nanos` + * `date_range` + * `double` + * `double_range` + * `float` + * `float_range` + * `half_float` + * `integer` + * `integer_range` + * `ip` + * `ip_range` + * `keyword` + * `long` + * `long_range` + * `short` + * `text` + * **List items**: The values used to determine whether the exception + prevents an alert from being generated. + + + All list items in the same list container must be of the same data type, + and each item defines a single value. For example, an IP list container + named `internal-ip-addresses-southport` contains five items, where each + item defines one internal IP address: + + 1. `192.168.1.1` + + 2. `192.168.1.3` + + 3. `192.168.1.18` + + 4. `192.168.1.12` + + 5. `192.168.1.7` + + + To use these IP addresses as values for defining rule exceptions, use the + Security exceptions API to create an exception item that references the + `internal-ip-addresses-southport` list. + + > info + + > Lists cannot be added directly to rules, nor do they define the + operators used to determine when exceptions are applied (`is in list`, `is + not in list`). Use an exception item to define the operator and associate + it with an exception container. You can then add the exception container + to a rule's `exceptions_list` object. + + + ## Lists requirements + + + Before you can start using lists, you must create the `.lists` and + `.items` data streams for the relevant Kibana space. To do this, use the + Create list data streams endpoint. Once these data streams are created, + your role needs privileges to manage rules. Refer to [Enable and access + detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) + for a complete list of requirements. name: Security Lists API x-displayName: Security lists diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 7e8d7a61bff2c..3559f007c121f 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -7109,6 +7109,16 @@ tags: - description: >- You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed - on the Detections page. + on the **Detections** page. + + > warn + + > If the API key used for authorization has different privileges than the + key that created or most recently updated a rule, the rule behavior might + change. + + + > If the API key that created a rule is deleted, or the user that created + the rule becomes inactive, the rule will stop running. name: Security Detections API x-displayName: Security detections diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 58456e71140a0..ca5e9f54c6e75 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -3,7 +3,7 @@ info: description: >- You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the - Detections page. + **Detections** page. title: Security Detections API (Elastic Cloud Serverless) version: '2023-10-31' servers: @@ -6256,5 +6256,15 @@ tags: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. + + > warn + + > If the API key used for authorization has different privileges than the + key that created or most recently updated a rule, the rule behavior might + change. + + + > If the API key that created a rule is deleted, or the user that created + the rule becomes inactive, the rule will stop running. name: Security Detections API x-displayName: Security detections From 3027db4653231f19b76d1478a7eedbcc7155c415 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:38:15 +0000 Subject: [PATCH 03/10] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 68 ++++++++++++++++++++++++-- oas_docs/output/kibana.yaml | 68 ++++++++++++++++++++++++-- 2 files changed, 130 insertions(+), 6 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index b605ab09de62f..f18bd86422a5b 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -113,7 +113,12 @@ tags: - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API x-displayName: Security AI assistant - - description: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. + - description: |- + You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. + > warn + > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change. + + > If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running. name: Security Detections API x-displayName: Security detections - description: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. @@ -125,10 +130,67 @@ tags: - description: '' name: Security Entity Analytics API x-displayName: Security entity analytics - - description: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. + - description: |- + Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts. + + Exceptions are made up of: + + * **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules. + * **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert. + + For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated. + > info + > You cannot use lists with endpoint rule exceptions. + + > info + > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container. + + ## Exceptions requirements + + Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + - description: |- + Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. + + Lists are made up of: + + * **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used: + * `boolean` + * `byte` + * `date` + * `date_nanos` + * `date_range` + * `double` + * `double_range` + * `float` + * `float_range` + * `half_float` + * `integer` + * `integer_range` + * `ip` + * `ip_range` + * `keyword` + * `long` + * `long_range` + * `short` + * `text` + * **List items**: The values used to determine whether the exception prevents an alert from being generated. + + All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address: + 1. `192.168.1.1` + 2. `192.168.1.3` + 3. `192.168.1.18` + 4. `192.168.1.12` + 5. `192.168.1.7` + + To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to create an exception item that references the `internal-ip-addresses-southport` list. + > info + > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object. + + ## Lists requirements + + Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements. name: Security Lists API x-displayName: Security lists - description: Run live queries, manage packs and saved queries. diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index b1f2186262365..ae76d84a5862d 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -129,7 +129,12 @@ tags: - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API x-displayName: Security AI assistant - - description: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. + - description: |- + You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the **Detections** page. + > warn + > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change. + + > If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running. name: Security Detections API x-displayName: Security detections - description: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. @@ -141,10 +146,67 @@ tags: - description: '' name: Security Entity Analytics API x-displayName: Security entity analytics - - description: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. + - description: |- + Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts. + + Exceptions are made up of: + + * **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules. + * **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert. + + For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated. + > info + > You cannot use lists with endpoint rule exceptions. + + > info + > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container. + + ## Exceptions requirements + + Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + - description: |- + Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. + + Lists are made up of: + + * **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used: + * `boolean` + * `byte` + * `date` + * `date_nanos` + * `date_range` + * `double` + * `double_range` + * `float` + * `float_range` + * `half_float` + * `integer` + * `integer_range` + * `ip` + * `ip_range` + * `keyword` + * `long` + * `long_range` + * `short` + * `text` + * **List items**: The values used to determine whether the exception prevents an alert from being generated. + + All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address: + 1. `192.168.1.1` + 2. `192.168.1.3` + 3. `192.168.1.18` + 4. `192.168.1.12` + 5. `192.168.1.7` + + To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to create an exception item that references the `internal-ip-addresses-southport` list. + > info + > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object. + + ## Lists requirements + + Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements. name: Security Lists API x-displayName: Security lists - description: Run live queries, manage packs and saved queries. From 1d2f917300090d49976d1c0a5738450df1512e92 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 3 Dec 2024 18:28:24 +0000 Subject: [PATCH 04/10] [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' --- .../scripts/openapi_bundle.js | 4 ++-- .../scripts/openapi_bundle.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js index 58ee0d970b793..d2896a37fdaa3 100644 --- a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js @@ -43,7 +43,7 @@ For detection rules, you can also use lists to define rule exceptions. A list ho > info\n\ > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.\n\n\ ## Exceptions requirements\n\n\ -Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui)." +Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui).", }, ], }, @@ -79,7 +79,7 @@ For detection rules, you can also use lists to define rule exceptions. A list ho > info\n\ > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.\n\n\ ## Exceptions requirements\n\n\ -Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui)." +Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui).", }, ], }, diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js index dd00312df81f7..36d8bcf25c6c3 100644 --- a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js @@ -65,7 +65,7 @@ To use these IP addresses as values for defining rule exceptions, use the Securi > info\n\ > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object.\n\n\ ## Lists requirements\n\n\ -Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements." +Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements.", }, ], }, @@ -123,7 +123,7 @@ To use these IP addresses as values for defining rule exceptions, use the Securi > info\n\ > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object.\n\n\ ## Lists requirements\n\n\ -Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements." +Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements.", }, ], }, From e26344320baa345ad796e5e2e81d80a3897a8cd4 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Mon, 9 Dec 2024 14:35:05 +0000 Subject: [PATCH 05/10] Address feedback --- .../openapi/exceptions_prototype_ess.yaml | 26 +++++ .../exceptions_prototype_serverless.yaml | 26 +++++ .../scripts/openapi_bundle.js | 58 ++-------- .../docs/openapi/lists_prototype_ess.yaml | 49 +++++++++ .../openapi/lists_prototype_serverless.yaml | 49 +++++++++ .../scripts/openapi_bundle.js | 102 ++---------------- .../openapi/detections_prototype_ess.yaml | 14 +++ .../detections_prototype_serverless.yaml | 14 +++ .../scripts/openapi/bundle_detections.js | 44 ++------ 9 files changed, 202 insertions(+), 180 deletions(-) create mode 100644 packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_ess.yaml create mode 100644 packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_serverless.yaml create mode 100644 packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_ess.yaml create mode 100644 packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_serverless.yaml create mode 100644 x-pack/plugins/security_solution/docs/openapi/detections_prototype_ess.yaml create mode 100644 x-pack/plugins/security_solution/docs/openapi/detections_prototype_serverless.yaml diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_ess.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_ess.yaml new file mode 100644 index 0000000000000..855870c444c7c --- /dev/null +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_ess.yaml @@ -0,0 +1,26 @@ +openapi: 3.0.3 +info: + title: "Security Exceptions API (Elastic Cloud and self-hosted)" + description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met." + +tags: + - name: "Security Exceptions API" + x-displayName: "Security exceptions" + description: | + Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts. + + Exceptions are made up of: + + * **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules. + * **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert. + + For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated. + > info + > You cannot use lists with endpoint rule exceptions. + + > info + > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container. + + ## Exceptions requirements + + Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui). diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_serverless.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_serverless.yaml new file mode 100644 index 0000000000000..a8894d997be98 --- /dev/null +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_serverless.yaml @@ -0,0 +1,26 @@ +openapi: 3.0.3 +info: + title: "Security Exceptions API (Elastic Cloud Serverless)" + description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met." + +tags: + - name: "Security Exceptions API" + x-displayName: "Security exceptions" + description: | + Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts. + + Exceptions are made up of: + + * **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules. + * **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert. + + For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated. + > info + > You cannot use lists with endpoint rule exceptions. + + > info + > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container. + + ## Exceptions requirements + + Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui). diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js index d2896a37fdaa3..ea2bd3d4f4a41 100644 --- a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js @@ -22,31 +22,10 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: { - info: { - title: 'Security Exceptions API (Elastic Cloud Serverless)', - description: - "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", - }, - tags: [ - { - name: 'Security Exceptions API', - 'x-displayName': 'Security exceptions', - description: - "Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.\n\n\ -Exceptions are made up of:\n\n\ -* **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.\n\ -* **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert.\n\n\ -For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.\n\ -> info\n\ -> You cannot use lists with endpoint rule exceptions.\n\n\ -> info\n\ -> Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.\n\n\ -## Exceptions requirements\n\n\ -Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui).", - }, - ], - }, + prototypeDocument: join( + ROOT, + 'docs/openapi/exceptions_prototype_serverless.yaml' + ), }, }); @@ -58,31 +37,10 @@ Before you can start working with exceptions that use value lists, you must crea ), options: { includeLabels: ['ess'], - prototypeDocument: { - info: { - title: 'Security Exceptions API (Elastic Cloud and self-hosted)', - description: - "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", - }, - tags: [ - { - name: 'Security Exceptions API', - 'x-displayName': 'Security exceptions', - description: - "Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.\n\n\ -Exceptions are made up of:\n\n\ -* **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.\n\ -* **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert.\n\n\ -For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.\n\ -> info\n\ -> You cannot use lists with endpoint rule exceptions.\n\n\ -> info\n\ -> Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.\n\n\ -## Exceptions requirements\n\n\ -Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui).", - }, - ], - }, + prototypeDocument: join( + ROOT, + 'docs/openapi/exceptions_prototype_ess.yaml' + ), }, }); })(); diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_ess.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_ess.yaml new file mode 100644 index 0000000000000..f2f528c8d7ba7 --- /dev/null +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_ess.yaml @@ -0,0 +1,49 @@ +openapi: 3.0.3 +info: + title: "Security Lists API (Elastic Cloud and self-hosted)" + description: "Lists API allows you to manage lists of keywords, IPs or IP ranges items." + +tags: + - name: "Security Lists API" + x-displayName: "Security lists" + description: | + Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. + + Lists are made up of: + + * **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used: + * `boolean` + * `byte` + * `date` + * `date_nanos` + * `date_range` + * `double` + * `double_range` + * `float` + * `float_range` + * `half_float` + * `integer` + * `integer_range` + * `ip` + * `ip_range` + * `keyword` + * `long` + * `long_range` + * `short` + * `text` + * **List items**: The values used to determine whether the exception prevents an alert from being generated. + + All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address: + 1. `192.168.1.1` + 2. `192.168.1.3` + 3. `192.168.1.18` + 4. `192.168.1.12` + 5. `192.168.1.7` + + To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list. + > info + > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object. + + ## Lists requirements + + Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements. diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_serverless.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_serverless.yaml new file mode 100644 index 0000000000000..8f3245db29a99 --- /dev/null +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_serverless.yaml @@ -0,0 +1,49 @@ +openapi: 3.0.3 +info: + title: "Security Lists API (Elastic Cloud Serverless)" + description: "Lists API allows you to manage lists of keywords, IPs or IP ranges items." + +tags: + - name: "Security Lists API" + x-displayName: "Security lists" + description: | + Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. + + Lists are made up of: + + * **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used: + * `boolean` + * `byte` + * `date` + * `date_nanos` + * `date_range` + * `double` + * `double_range` + * `float` + * `float_range` + * `half_float` + * `integer` + * `integer_range` + * `ip` + * `ip_range` + * `keyword` + * `long` + * `long_range` + * `short` + * `text` + * **List items**: The values used to determine whether the exception prevents an alert from being generated. + + All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address: + 1. `192.168.1.1` + 2. `192.168.1.3` + 3. `192.168.1.18` + 4. `192.168.1.12` + 5. `192.168.1.7` + + To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list. + > info + > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object. + + ## Lists requirements + + Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements. diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js index 36d8bcf25c6c3..62d109bde0b44 100644 --- a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js @@ -22,53 +22,10 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: { - info: { - title: 'Security Lists API (Elastic Cloud Serverless)', - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', - }, - tags: [ - { - name: 'Security Lists API', - 'x-displayName': 'Security lists', - description: - "Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts.\n\n\ -Lists are made up of:\n\n\ -* **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used:\n\ - * `boolean`\n\ - * `byte`\n\ - * `date`\n\ - * `date_nanos`\n\ - * `date_range`\n\ - * `double`\n\ - * `double_range`\n\ - * `float`\n\ - * `float_range`\n\ - * `half_float`\n\ - * `integer`\n\ - * `integer_range`\n\ - * `ip`\n\ - * `ip_range`\n\ - * `keyword`\n\ - * `long`\n\ - * `long_range`\n\ - * `short`\n\ - * `text`\n\ -* **List items**: The values used to determine whether the exception prevents an alert from being generated.\n\n\ -All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address:\n\ -1. `192.168.1.1`\n\ -2. `192.168.1.3`\n\ -3. `192.168.1.18`\n\ -4. `192.168.1.12`\n\ -5. `192.168.1.7`\n\n\ -To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to create an exception item that references the `internal-ip-addresses-southport` list.\n\ -> info\n\ -> Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object.\n\n\ -## Lists requirements\n\n\ -Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements.", - }, - ], - }, + prototypeDocument: join( + ROOT, + 'docs/openapi/lists_prototype_serverless.yaml' + ), }, }); @@ -80,53 +37,10 @@ Before you can start using lists, you must create the `.lists` and `.items` data ), options: { includeLabels: ['ess'], - prototypeDocument: { - info: { - title: 'Security Lists API (Elastic Cloud and self-hosted)', - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', - }, - tags: [ - { - name: 'Security Lists API', - 'x-displayName': 'Security lists', - description: - "Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts.\n\n\ -Lists are made up of:\n\n\ -* **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used:\n\ - * `boolean`\n\ - * `byte`\n\ - * `date`\n\ - * `date_nanos`\n\ - * `date_range`\n\ - * `double`\n\ - * `double_range`\n\ - * `float`\n\ - * `float_range`\n\ - * `half_float`\n\ - * `integer`\n\ - * `integer_range`\n\ - * `ip`\n\ - * `ip_range`\n\ - * `keyword`\n\ - * `long`\n\ - * `long_range`\n\ - * `short`\n\ - * `text`\n\ -* **List items**: The values used to determine whether the exception prevents an alert from being generated.\n\n\ -All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address:\n\ -1. `192.168.1.1`\n\ -2. `192.168.1.3`\n\ -3. `192.168.1.18`\n\ -4. `192.168.1.12`\n\ -5. `192.168.1.7`\n\n\ -To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to create an exception item that references the `internal-ip-addresses-southport` list.\n\ -> info\n\ -> Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object.\n\n\ -## Lists requirements\n\n\ -Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements.", - }, - ], - }, + prototypeDocument: join( + ROOT, + 'docs/openapi/lists_prototype_ess.yaml' + ), }, }); })(); diff --git a/x-pack/plugins/security_solution/docs/openapi/detections_prototype_ess.yaml b/x-pack/plugins/security_solution/docs/openapi/detections_prototype_ess.yaml new file mode 100644 index 0000000000000..bb3f8830dc35a --- /dev/null +++ b/x-pack/plugins/security_solution/docs/openapi/detections_prototype_ess.yaml @@ -0,0 +1,14 @@ +openapi: 3.0.3 +info: + title: "Security Detections API (Elastic Cloud and self-hosted)" + description: "Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged." + +tags: + - name: "Security Detections API" + x-displayName: "Security detections" + description: | + Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged. + > warn + > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change. + + > If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running. \ No newline at end of file diff --git a/x-pack/plugins/security_solution/docs/openapi/detections_prototype_serverless.yaml b/x-pack/plugins/security_solution/docs/openapi/detections_prototype_serverless.yaml new file mode 100644 index 0000000000000..a90f669b4ed28 --- /dev/null +++ b/x-pack/plugins/security_solution/docs/openapi/detections_prototype_serverless.yaml @@ -0,0 +1,14 @@ +openapi: 3.0.3 +info: + title: "Security Detections API (Elastic Cloud Serverless)" + description: "Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged." + +tags: + - name: "Security Detections API" + x-displayName: "Security detections" + description: | + Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged. + > warn + > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change. + + > If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running. \ No newline at end of file diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js index 03022b8f672a9..cb2f99b199872 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js @@ -20,24 +20,10 @@ const ROOT = resolve(__dirname, '../..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: { - info: { - title: 'Security Detections API (Elastic Cloud Serverless)', - description: - 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the **Detections** page.', - }, - tags: [ - { - name: 'Security Detections API', - 'x-displayName': 'Security detections', - description: - 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.\n\ -> warn\n\ -> If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.\n\n\ -> If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.', - }, - ], - }, + prototypeDocument: join( + ROOT, + 'docs/openapi/detections_prototype_serverless.yaml' + ), }, }); @@ -49,24 +35,10 @@ const ROOT = resolve(__dirname, '../..'); ), options: { includeLabels: ['ess'], - prototypeDocument: { - info: { - title: 'Security Detections API (Elastic Cloud and self-hosted)', - description: - 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', - }, - tags: [ - { - name: 'Security Detections API', - 'x-displayName': 'Security detections', - description: - 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the **Detections** page.\n\ -> warn\n\ -> If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.\n\n\ -> If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.', - }, - ], - }, + prototypeDocument: join( + ROOT, + 'docs/openapi/detections_prototype_ess.yaml' + ), }, }); })(); From bf77e24129c11af737777aa53faea4b6ff8da699 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 9 Dec 2024 14:52:48 +0000 Subject: [PATCH 06/10] [CI] Auto-commit changed files from 'yarn openapi:bundle' --- ...ceptions_api_2023_10_31.bundled.schema.yaml | 11 ++++++----- ...ceptions_api_2023_10_31.bundled.schema.yaml | 9 +++++---- ...on_lists_api_2023_10_31.bundled.schema.yaml | 17 ++++++++++------- ...on_lists_api_2023_10_31.bundled.schema.yaml | 15 +++++++++------ ...tections_api_2023_10_31.bundled.schema.yaml | 18 +++++++++++------- ...tections_api_2023_10_31.bundled.schema.yaml | 18 +++++++++++------- 6 files changed, 52 insertions(+), 36 deletions(-) diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index afc00d4248414..50ad268eab89f 100644 --- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -1899,7 +1899,7 @@ components: security: - BasicAuth: [] tags: - - description: >- + - description: > Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of @@ -1944,9 +1944,10 @@ tags: Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana - space. To do this, use the Create list data streams endpoint. Once these - data streams are created, your role needs privileges to manage rules. For - a complete list of requirements, refer to [Enable and access - detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui). + space. To do this, use the [Create list data + streams](../operation/operation-createlistindex) endpoint. Once these data + streams are created, your role needs privileges to manage rules. For a + complete list of requirements, refer to [Enable and access + detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index 481f1dde3494b..46360922b9cbc 100644 --- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -1899,7 +1899,7 @@ components: security: - BasicAuth: [] tags: - - description: >- + - description: > Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of @@ -1944,9 +1944,10 @@ tags: Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana - space. To do this, use the Create list data streams endpoint. Once these - data streams are created, your role needs privileges to manage rules. For - a complete list of requirements, refer to [Enable and access + space. To do this, use the [Create list data + streams](../operation/operation-createlistindex) endpoint. Once these data + streams are created, your role needs privileges to manage rules. For a + complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml index 0c07db29611e0..60f9e911017b3 100644 --- a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml @@ -1562,7 +1562,7 @@ components: security: - BasicAuth: [] tags: - - description: >- + - description: > Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. @@ -1612,7 +1612,8 @@ tags: To use these IP addresses as values for defining rule exceptions, use the - Security exceptions API to create an exception item that references the + Security exceptions API to [create an exception list + item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list. > info @@ -1620,8 +1621,9 @@ tags: > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate - it with an exception container. You can then add the exception container - to a rule's `exceptions_list` object. + it with an [exception + container](../operation/operation-createexceptionlist). You can then add + the exception container to a rule's `exceptions_list` object. ## Lists requirements @@ -1629,9 +1631,10 @@ tags: Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the - Create list data streams endpoint. Once these data streams are created, - your role needs privileges to manage rules. Refer to [Enable and access - detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui) + [Create list data streams](../operation/operation-createlistindex) + endpoint. Once these data streams are created, your role needs privileges + to manage rules. Refer to [Enable and access + detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements. name: Security Lists API x-displayName: Security lists diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml index 9773d16a4ddd8..35eb811a3bdd4 100644 --- a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml @@ -1562,7 +1562,7 @@ components: security: - BasicAuth: [] tags: - - description: >- + - description: > Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. @@ -1612,7 +1612,8 @@ tags: To use these IP addresses as values for defining rule exceptions, use the - Security exceptions API to create an exception item that references the + Security exceptions API to [create an exception list + item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list. > info @@ -1620,8 +1621,9 @@ tags: > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate - it with an exception container. You can then add the exception container - to a rule's `exceptions_list` object. + it with an [exception + container](../operation/operation-createexceptionlist). You can then add + the exception container to a rule's `exceptions_list` object. ## Lists requirements @@ -1629,8 +1631,9 @@ tags: Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the - Create list data streams endpoint. Once these data streams are created, - your role needs privileges to manage rules. Refer to [Enable and access + [Create list data streams](../operation/operation-createlistindex) + endpoint. Once these data streams are created, your role needs privileges + to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements. name: Security Lists API diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 3559f007c121f..80109c39d5396 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -1,9 +1,11 @@ openapi: 3.0.3 info: description: >- - You can create rules that automatically turn events and external alerts sent - to Elastic Security into detection alerts. These alerts are displayed on the - Detections page. + Use the detections APIs to create and manage detection rules. Detection + rules search events and external alerts sent to Elastic Security and + generate detection alerts from any hits. Alerts are displayed on the + **Alerts** page and can be assigned and triaged, using the alert status to + mark them as open, closed, or acknowledged. title: Security Detections API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: @@ -7106,10 +7108,12 @@ components: security: - BasicAuth: [] tags: - - description: >- - You can create rules that automatically turn events and external alerts - sent to Elastic Security into detection alerts. These alerts are displayed - on the **Detections** page. + - description: > + Use the detections APIs to create and manage detection rules. Detection + rules search events and external alerts sent to Elastic Security and + generate detection alerts from any hits. Alerts are displayed on the + **Alerts** page and can be assigned and triaged, using the alert status to + mark them as open, closed, or acknowledged. > warn diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml index ca5e9f54c6e75..aec104d7ca136 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -1,9 +1,11 @@ openapi: 3.0.3 info: description: >- - You can create rules that automatically turn events and external alerts sent - to Elastic Security into detection alerts. These alerts are displayed on the - **Detections** page. + Use the detections APIs to create and manage detection rules. Detection + rules search events and external alerts sent to Elastic Security and + generate detection alerts from any hits. Alerts are displayed on the + **Alerts** page and can be assigned and triaged, using the alert status to + mark them as open, closed, or acknowledged. title: Security Detections API (Elastic Cloud Serverless) version: '2023-10-31' servers: @@ -6252,10 +6254,12 @@ components: security: - BasicAuth: [] tags: - - description: >- - You can create rules that automatically turn events and external alerts - sent to Elastic Security into detection alerts. These alerts are displayed - on the Detections page. + - description: > + Use the detections APIs to create and manage detection rules. Detection + rules search events and external alerts sent to Elastic Security and + generate detection alerts from any hits. Alerts are displayed on the + **Alerts** page and can be assigned and triaged, using the alert status to + mark them as open, closed, or acknowledged. > warn From 9ffe848bfc8e1ce9ff1cfa56c6e39c8083b83820 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 9 Dec 2024 15:10:25 +0000 Subject: [PATCH 07/10] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 16 ++++++++-------- oas_docs/output/kibana.yaml | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index c7d7f3f997d23..d12e3e47dc7c3 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -114,8 +114,8 @@ tags: - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API x-displayName: Security AI assistant - - description: |- - You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. + - description: | + Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged. > warn > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change. @@ -131,7 +131,7 @@ tags: - description: '' name: Security Entity Analytics API x-displayName: Security entity analytics - - description: |- + - description: | Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts. Exceptions are made up of: @@ -148,10 +148,10 @@ tags: ## Exceptions requirements - Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui). + Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions - - description: |- + - description: | Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. Lists are made up of: @@ -185,13 +185,13 @@ tags: 4. `192.168.1.12` 5. `192.168.1.7` - To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to create an exception item that references the `internal-ip-addresses-southport` list. + To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list. > info - > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object. + > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object. ## Lists requirements - Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements. + Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements. name: Security Lists API x-displayName: Security lists - description: Run live queries, manage packs and saved queries. diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 9f8016c389ead..3ea7d09c87613 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -130,8 +130,8 @@ tags: - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API x-displayName: Security AI assistant - - description: |- - You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the **Detections** page. + - description: | + Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged. > warn > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change. @@ -147,7 +147,7 @@ tags: - description: '' name: Security Entity Analytics API x-displayName: Security entity analytics - - description: |- + - description: | Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts. Exceptions are made up of: @@ -164,10 +164,10 @@ tags: ## Exceptions requirements - Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui). + Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions - - description: |- + - description: | Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. Lists are made up of: @@ -201,13 +201,13 @@ tags: 4. `192.168.1.12` 5. `192.168.1.7` - To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to create an exception item that references the `internal-ip-addresses-southport` list. + To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list. > info - > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an exception container. You can then add the exception container to a rule's `exceptions_list` object. + > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object. ## Lists requirements - Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the Create list data streams endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/master/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements. + Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements. name: Security Lists API x-displayName: Security lists - description: Run live queries, manage packs and saved queries. From 4a5294740e0103eee9af4187ae1b2aa2adf2fd44 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 9 Dec 2024 15:32:39 +0000 Subject: [PATCH 08/10] [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' --- .../scripts/openapi_bundle.js | 10 ++-------- .../scripts/openapi_bundle.js | 10 ++-------- .../scripts/openapi/bundle_detections.js | 10 ++-------- 3 files changed, 6 insertions(+), 24 deletions(-) diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js index ea2bd3d4f4a41..8989d5b6c7057 100644 --- a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js @@ -22,10 +22,7 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: join( - ROOT, - 'docs/openapi/exceptions_prototype_serverless.yaml' - ), + prototypeDocument: join(ROOT, 'docs/openapi/exceptions_prototype_serverless.yaml'), }, }); @@ -37,10 +34,7 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['ess'], - prototypeDocument: join( - ROOT, - 'docs/openapi/exceptions_prototype_ess.yaml' - ), + prototypeDocument: join(ROOT, 'docs/openapi/exceptions_prototype_ess.yaml'), }, }); })(); diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js index 62d109bde0b44..d74cc3331e892 100644 --- a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js @@ -22,10 +22,7 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: join( - ROOT, - 'docs/openapi/lists_prototype_serverless.yaml' - ), + prototypeDocument: join(ROOT, 'docs/openapi/lists_prototype_serverless.yaml'), }, }); @@ -37,10 +34,7 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['ess'], - prototypeDocument: join( - ROOT, - 'docs/openapi/lists_prototype_ess.yaml' - ), + prototypeDocument: join(ROOT, 'docs/openapi/lists_prototype_ess.yaml'), }, }); })(); diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js index cb2f99b199872..5160e6455b78c 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js @@ -20,10 +20,7 @@ const ROOT = resolve(__dirname, '../..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: join( - ROOT, - 'docs/openapi/detections_prototype_serverless.yaml' - ), + prototypeDocument: join(ROOT, 'docs/openapi/detections_prototype_serverless.yaml'), }, }); @@ -35,10 +32,7 @@ const ROOT = resolve(__dirname, '../..'); ), options: { includeLabels: ['ess'], - prototypeDocument: join( - ROOT, - 'docs/openapi/detections_prototype_ess.yaml' - ), + prototypeDocument: join(ROOT, 'docs/openapi/detections_prototype_ess.yaml'), }, }); })(); From ffbbfc881a90ced4fb100b23cd22690d5520f628 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Wed, 11 Dec 2024 13:37:32 +0000 Subject: [PATCH 09/10] Address feedback --- .../scripts/openapi_bundle.js | 4 ++-- .../openapi_bundle_info/exceptions_ess.info.yaml} | 0 .../openapi_bundle_info/exceptions_serverless.info.yaml} | 0 .../scripts/openapi_bundle.js | 4 ++-- .../openapi_bundle_info/lists_ess.info.yaml} | 0 .../openapi_bundle_info/lists_serverless.info.yaml} | 0 .../security_solution/scripts/openapi/bundle_detections.js | 4 ++-- .../openapi/bundle_detections_info/detections_ess.info.yaml} | 0 .../bundle_detections_info/detections_serverless.info.yaml} | 0 9 files changed, 6 insertions(+), 6 deletions(-) rename packages/kbn-securitysolution-exceptions-common/{docs/openapi/exceptions_prototype_ess.yaml => scripts/openapi_bundle_info/exceptions_ess.info.yaml} (100%) rename packages/kbn-securitysolution-exceptions-common/{docs/openapi/exceptions_prototype_serverless.yaml => scripts/openapi_bundle_info/exceptions_serverless.info.yaml} (100%) rename packages/kbn-securitysolution-lists-common/{docs/openapi/lists_prototype_ess.yaml => scripts/openapi_bundle_info/lists_ess.info.yaml} (100%) rename packages/kbn-securitysolution-lists-common/{docs/openapi/lists_prototype_serverless.yaml => scripts/openapi_bundle_info/lists_serverless.info.yaml} (100%) rename x-pack/plugins/security_solution/{docs/openapi/detections_prototype_ess.yaml => scripts/openapi/bundle_detections_info/detections_ess.info.yaml} (100%) rename x-pack/plugins/security_solution/{docs/openapi/detections_prototype_serverless.yaml => scripts/openapi/bundle_detections_info/detections_serverless.info.yaml} (100%) diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js index 8989d5b6c7057..70299e56eac2e 100644 --- a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js @@ -22,7 +22,7 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: join(ROOT, 'docs/openapi/exceptions_prototype_serverless.yaml'), + prototypeDocument: join(ROOT, 'scripts/openapi_bundle_info/exceptions_serverless.info.yaml'), }, }); @@ -34,7 +34,7 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['ess'], - prototypeDocument: join(ROOT, 'docs/openapi/exceptions_prototype_ess.yaml'), + prototypeDocument: join(ROOT, 'scripts/openapi_bundle_info/exceptions_ess.info.yaml'), }, }); })(); diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_ess.yaml b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_ess.info.yaml similarity index 100% rename from packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_ess.yaml rename to packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_ess.info.yaml diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_serverless.yaml b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_serverless.info.yaml similarity index 100% rename from packages/kbn-securitysolution-exceptions-common/docs/openapi/exceptions_prototype_serverless.yaml rename to packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_serverless.info.yaml diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js index d74cc3331e892..7a61724759178 100644 --- a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js @@ -22,7 +22,7 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: join(ROOT, 'docs/openapi/lists_prototype_serverless.yaml'), + prototypeDocument: join(ROOT, 'scripts/openapi_bundle_info/lists_serverless.info.yaml'), }, }); @@ -34,7 +34,7 @@ const ROOT = resolve(__dirname, '..'); ), options: { includeLabels: ['ess'], - prototypeDocument: join(ROOT, 'docs/openapi/lists_prototype_ess.yaml'), + prototypeDocument: join(ROOT, 'scripts/openapi_bundle_info/lists_ess.info.yaml'), }, }); })(); diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_ess.yaml b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_ess.info.yaml similarity index 100% rename from packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_ess.yaml rename to packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_ess.info.yaml diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_serverless.yaml b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_serverless.info.yaml similarity index 100% rename from packages/kbn-securitysolution-lists-common/docs/openapi/lists_prototype_serverless.yaml rename to packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_serverless.info.yaml diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js index 5160e6455b78c..f9aff2104b180 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js @@ -20,7 +20,7 @@ const ROOT = resolve(__dirname, '../..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: join(ROOT, 'docs/openapi/detections_prototype_serverless.yaml'), + prototypeDocument: join(ROOT, 'scripts/openapi/bundle_detections_info/detections_serverless.info.yaml'), }, }); @@ -32,7 +32,7 @@ const ROOT = resolve(__dirname, '../..'); ), options: { includeLabels: ['ess'], - prototypeDocument: join(ROOT, 'docs/openapi/detections_prototype_ess.yaml'), + prototypeDocument: join(ROOT, 'scripts/openapi/bundle_detections_info/detections_ess.info.yaml'), }, }); })(); diff --git a/x-pack/plugins/security_solution/docs/openapi/detections_prototype_ess.yaml b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_ess.info.yaml similarity index 100% rename from x-pack/plugins/security_solution/docs/openapi/detections_prototype_ess.yaml rename to x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_ess.info.yaml diff --git a/x-pack/plugins/security_solution/docs/openapi/detections_prototype_serverless.yaml b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_serverless.info.yaml similarity index 100% rename from x-pack/plugins/security_solution/docs/openapi/detections_prototype_serverless.yaml rename to x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_serverless.info.yaml From 704ca737600cfccf991704c11c6552195f5740c7 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 11 Dec 2024 13:58:03 +0000 Subject: [PATCH 10/10] [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' --- .../scripts/openapi/bundle_detections.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js index f9aff2104b180..7bfd659927ec3 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js @@ -20,7 +20,10 @@ const ROOT = resolve(__dirname, '../..'); ), options: { includeLabels: ['serverless'], - prototypeDocument: join(ROOT, 'scripts/openapi/bundle_detections_info/detections_serverless.info.yaml'), + prototypeDocument: join( + ROOT, + 'scripts/openapi/bundle_detections_info/detections_serverless.info.yaml' + ), }, }); @@ -32,7 +35,10 @@ const ROOT = resolve(__dirname, '../..'); ), options: { includeLabels: ['ess'], - prototypeDocument: join(ROOT, 'scripts/openapi/bundle_detections_info/detections_ess.info.yaml'), + prototypeDocument: join( + ROOT, + 'scripts/openapi/bundle_detections_info/detections_ess.info.yaml' + ), }, }); })();