[SIEM] Update readme for timeline apis #67038
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
angorayc
added
v7.8.0
v8.0.0
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
stephmilovic
reviewed
Jun 9, 2020
x-pack/plugins/security_solution/server/lib/timeline/routes/README.md
Outdated
Show resolved
Hide resolved
stephmilovic
reviewed
Jun 9, 2020
| ##### Request body | ||
| a .ndjson file | ||
| (each json in the file should match this [format](https://github.com/elastic/kibana/blob/master/x-pack/plugins/siem/public/graphql/types.ts#L118-L146)) |
There was a problem hiding this comment.
right, we've change the name of the plugin!!
There was a problem hiding this comment.
I'll remove there link here as we are not going to use graphql, might not be a good idea to refer to that.
stephmilovic
reviewed
Jun 9, 2020
x-pack/plugins/security_solution/server/lib/timeline/routes/README.md
Outdated
Show resolved
Hide resolved
stephmilovic
reviewed
Jun 9, 2020
| ```json | ||
| { | ||
| "timelineType": "default" or "template" |
There was a problem hiding this comment.
if i dont pass a body the error I get is:
"[request body]: Invalid value \"null\" supplied to \"\""
I wish it told me the key timelineType
There was a problem hiding this comment.
Thanks for pointing that out!
I have a PR up for fixing that: #65448
I'll make sure this won't happen after the fix.
stephmilovic
approved these changes
Jun 9, 2020
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
angorayc
added a commit
to angorayc/kibana
that referenced
this pull request
Jun 26, 2020
* update doc * update unit test * remove redundant params * fix types * update readme * update readme Co-authored-by: Elastic Machine <[email protected]>
angorayc
added a commit
that referenced
this pull request
Jun 26, 2020
* update doc * update unit test * remove redundant params * fix types * update readme * update readme Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jun 29, 2020
* master: (59 commits) [Lens] Fix broken test (elastic#70117) [SIEM] Import timeline fix (elastic#65448) [SECURITY SOLUTION][INGEST] UX update for ingest manager edit/create datasource for endpoint (elastic#70079) [Telemetry] Collector Schema (elastic#64942) [Endpoint] Add Endpoint empty states for onboarding (elastic#69626) Hide unused resolver buttons (elastic#70112) [Security] `Investigate in Resolver` Timeline Integration (elastic#70111) [Discover] Improve styling of graphs in sidebar (elastic#69440) [Metrics UI] Fix EuiTheme type issue (elastic#69735) skip failing suite (elastic#70104) (elastic#70103) [ENDPOINT] Hide the Timeline Flyout while on the Management Pages (elastic#69998) [SIEM][CASE] Persist callout when dismissed (elastic#68372) [SIEM][Exceptions] - Cleaned up and updated exception list item comment structure (elastic#69532) [Maps] remove indexing state from redux (elastic#69765) Add API integration test for deleting data streams. (elastic#70020) renames SIEM to Security Solution (elastic#70070) Adding saved_objects_page in OSS (elastic#69900) [Lens] Use accordion menus in field list for available and empty fields (elastic#68871) Dynamic uiActions & license support (elastic#68507) [SIEM] Update readme for timeline apis (elastic#67038) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jun 29, 2020
…bana into alerting/consumer-based-rbac * 'alerting/consumer-based-rbac' of github.com:gmmorris/kibana: (25 commits) [Lens] Fix broken test (elastic#70117) [SIEM] Import timeline fix (elastic#65448) [SECURITY SOLUTION][INGEST] UX update for ingest manager edit/create datasource for endpoint (elastic#70079) [Telemetry] Collector Schema (elastic#64942) [Endpoint] Add Endpoint empty states for onboarding (elastic#69626) Hide unused resolver buttons (elastic#70112) [Security] `Investigate in Resolver` Timeline Integration (elastic#70111) [Discover] Improve styling of graphs in sidebar (elastic#69440) [Metrics UI] Fix EuiTheme type issue (elastic#69735) skip failing suite (elastic#70104) (elastic#70103) [ENDPOINT] Hide the Timeline Flyout while on the Management Pages (elastic#69998) [SIEM][CASE] Persist callout when dismissed (elastic#68372) [SIEM][Exceptions] - Cleaned up and updated exception list item comment structure (elastic#69532) [Maps] remove indexing state from redux (elastic#69765) Add API integration test for deleting data streams. (elastic#70020) renames SIEM to Security Solution (elastic#70070) Adding saved_objects_page in OSS (elastic#69900) [Lens] Use accordion menus in field list for available and empty fields (elastic#68871) Dynamic uiActions & license support (elastic#68507) [SIEM] Update readme for timeline apis (elastic#67038) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Update readme for timeline's api and remove redundant query params
Export timeline api
POST /api/timeline/_export
Authorization
Type: Basic Auth
username: Your Kibana username
password: Your Kibana password
Request header
Request param
file_name ${filename}.ndjson
Request body
{ ids: [ ${timelineId} ] }Import timeline api
POST /api/timeline/_import
Authorization
Type: Basic Auth
username: Your Kibana username
password: Your Kibana password
Request header
Request body
a .ndjson file
(each json in the file should match this format)
example:
Response
Get draft timeline api
GET /api/timeline/_draft
Authorization
Type: Basic Auth
username: Your Kibana username
password: Your Kibana password
Request header
Request param
timelineType
defaultortemplateResponse
{ "data": { "persistTimeline": { "timeline": { "savedObjectId": "ababbd90-99de-11ea-8446-1d7fd9f03ebf", "version": "WzM2MiwzXQ==", "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "description": "", "eventType": "all", "filters": [], "kqlMode": "filter", "timelineType": "default", "kqlQuery": { "filterQuery": null }, "title": "", "sort": { "columnId": "@timestamp", "sortDirection": "desc" }, "status": "draft", "created": 1589899222908, "createdBy": "casetester", "updated": 1589899222908, "updatedBy": "casetester", "templateTimelineId": null, "templateTimelineVersion": null, "favorite": [], "eventIdToNoteIds": [], "noteIds": [], "notes": [], "pinnedEventIds": [], "pinnedEventsSaveObject": [] } } } }Clean draft timeline api
POST /api/timeline/_draft
Authorization
Type: Basic Auth
username: Your Kibana username
password: Your Kibana password
Request header
Request body
{ "timelineType": "default" or "template" }Response
{ "data": { "persistTimeline": { "timeline": { "savedObjectId": "ababbd90-99de-11ea-8446-1d7fd9f03ebf", "version": "WzQyMywzXQ==", "columns": [ { "columnHeaderType": "not-filtered", "id": "@timestamp" }, { "columnHeaderType": "not-filtered", "id": "message" }, { "columnHeaderType": "not-filtered", "id": "event.category" }, { "columnHeaderType": "not-filtered", "id": "event.action" }, { "columnHeaderType": "not-filtered", "id": "host.name" }, { "columnHeaderType": "not-filtered", "id": "source.ip" }, { "columnHeaderType": "not-filtered", "id": "destination.ip" }, { "columnHeaderType": "not-filtered", "id": "user.name" } ], "dataProviders": [], "description": "", "eventType": "all", "filters": [], "kqlMode": "filter", "timelineType": "default", "kqlQuery": { "filterQuery": null }, "title": "", "sort": { "columnId": "@timestamp", "sortDirection": "desc" }, "status": "draft", "created": 1589903306582, "createdBy": "casetester", "updated": 1589903306582, "updatedBy": "casetester", "templateTimelineId": null, "templateTimelineVersion": null, "favorite": [], "eventIdToNoteIds": [], "noteIds": [], "notes": [], "pinnedEventIds": [], "pinnedEventsSaveObject": [] } } } }Checklist
Delete any items that are not applicable to this PR.
[ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support[ ] Unit or functional tests were updated or added to match the most common scenarios[ ] This was checked for keyboard-only and screenreader accessibility[ ] This renders correctly on smaller devices using a responsive layout. (You can test this in your browser[ ] This was checked for cross-browser compatibility, including a check against IE11For maintainers
[ ] This was checked for breaking API changes and was labeled appropriately