-
Notifications
You must be signed in to change notification settings - Fork 191
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into ai-assistant-apis
- Loading branch information
Showing
56 changed files
with
988 additions
and
156 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
78 changes: 78 additions & 0 deletions
78
docs/advanced-entity-analytics/api/asset-criticality-api-bulk-upsert.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
[[asset-criticality-api-bulk-upsert]] | ||
=== Bulk upsert (create or update) asset criticality records | ||
|
||
Create or update asset criticality records for multiple entities. | ||
|
||
If asset criticality records already exist for the entities specified in the request, this API overwrites those records with the specified values. | ||
|
||
If asset criticality records don't exist for the specified entities, new records are created. | ||
|
||
==== Request URL | ||
|
||
`POST <kibana host>:<port>/api/asset_criticality/bulk` | ||
|
||
==== Request body | ||
|
||
A JSON object defining the asset criticality records. | ||
|
||
[width="100%",options="header"] | ||
|============================================== | ||
|Name |Type |Description |Required | ||
|`records` |Array |Array of asset criticality records to be created or updated. The maximum number of records is 1000. | ||
|Yes | ||
|`records.id_field` |String |The field that contains the entity ID. This must be either `user.name` or `host.name`. | ||
|Yes | ||
|`records.id_value` |String |The ID (host name or user name) of the entity specified in the `records.id_field` field. | ||
|Yes | ||
|`records.criticality_level` |String a|The asset criticality level to assign, which must be one of the following: | ||
|
||
* `low_impact` | ||
* `medium_impact` | ||
* `high_impact` | ||
* `extreme_impact` | ||
|
||
For example, you can assign `extreme_impact` to business-critical entities, or `low_impact` to entities that pose minimal risk to your security posture. | ||
|Yes | ||
|============================================== | ||
|
||
===== Example requests | ||
|
||
[source,console] | ||
-------------------------------------------------- | ||
POST /api/asset_criticality/bulk | ||
{ | ||
"records": [ | ||
{ | ||
"id_field": "host.name", | ||
"id_value": "my_host", | ||
"criticality_level": "medium_impact" | ||
}, | ||
{ | ||
"id_field": "host.name", | ||
"id_value": "my_other_host", | ||
"criticality_level": "low_impact" | ||
} | ||
] | ||
} | ||
-------------------------------------------------- | ||
|
||
==== Response code | ||
|
||
`200`:: | ||
Indicates a successful call. | ||
|
||
==== Example response | ||
|
||
Successful response | ||
|
||
[source,json] | ||
-------------------------------------------------- | ||
{ | ||
"errors": [], | ||
"stats": { | ||
"successful": 2, | ||
"failed": 0, | ||
"total": 2 | ||
} | ||
} | ||
-------------------------------------------------- |
64 changes: 64 additions & 0 deletions
64
docs/advanced-entity-analytics/api/asset-criticality-api-delete.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
[[delete-criticality-api-delete]] | ||
=== Delete asset criticality record | ||
|
||
Delete a single asset criticality record by ID field and ID value. | ||
|
||
==== Request URL | ||
|
||
`DELETE <kibana host>:<port>/api/asset_criticality` | ||
|
||
==== URL query parameters | ||
|
||
[width="100%",options="header"] | ||
|============================================== | ||
|Name |Type |Description |Required | ||
|
||
|`id_field` |String |The field that contains the entity ID. This must be either `user.name` or `host.name`. | ||
|Yes | ||
|`id_value` |String |The ID (host name or user name) of the entity specified in the `id_field` field. | ||
|Yes | ||
|
||
|============================================== | ||
|
||
===== Example requests | ||
|
||
[source,console] | ||
-------------------------------------------------- | ||
DELETE /api/asset_criticality?id_field=host.name&id_value=my_host | ||
-------------------------------------------------- | ||
|
||
==== Response code | ||
|
||
`200`:: | ||
Indicates a successful call. Check the response body to see if the record was deleted. | ||
|
||
==== Example responses | ||
|
||
*Example 1* | ||
|
||
If the record was deleted. | ||
|
||
[source,json] | ||
-------------------------------------------------- | ||
{ | ||
"deleted": true, | ||
"record": { | ||
"id_field": "host.name", | ||
"id_value": "my_host", | ||
"criticality_level": "medium_impact", | ||
"@timestamp": "2024-08-05T09:42:11.240Z" | ||
} | ||
} | ||
-------------------------------------------------- | ||
|
||
*Example 2* | ||
|
||
If the record was not found and could not be deleted. | ||
|
||
[source,json] | ||
-------------------------------------------------- | ||
{ | ||
"deleted": false | ||
} | ||
-------------------------------------------------- |
48 changes: 48 additions & 0 deletions
48
docs/advanced-entity-analytics/api/asset-criticality-api-get.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
[[asset-criticality-api-get]] | ||
=== Get asset criticality record | ||
|
||
Retrieve a single asset criticality record by ID field and ID value. | ||
|
||
==== Request URL | ||
|
||
`GET <kibana host>:<port>/api/asset_criticality` | ||
|
||
==== URL query parameters | ||
|
||
[width="100%",options="header"] | ||
|============================================== | ||
|Name |Type |Description |Required | ||
|
||
|`id_field` |String |The field that contains the entity ID. This must be either `user.name` or `host.name`. | ||
|Yes | ||
|`id_value` |String |The ID (host name or user name) of the entity specified in the `id_field` field. | ||
|Yes | ||
|
||
|============================================== | ||
|
||
===== Example requests | ||
|
||
[source,console] | ||
-------------------------------------------------- | ||
GET /api/asset_criticality?id_field=host.name&id_value=my_host | ||
-------------------------------------------------- | ||
|
||
==== Response code | ||
|
||
`200`:: | ||
Indicates a successful call. | ||
`404`:: | ||
Indicates the criticality record was not found. | ||
|
||
==== Example response | ||
|
||
[source,json] | ||
-------------------------------------------------- | ||
{ | ||
"id_field": "host.name", | ||
"id_value": "my_host", | ||
"criticality_level": "high_impact", | ||
"@timestamp": "2024-08-02T11:15:34.290Z" | ||
} | ||
-------------------------------------------------- |
11 changes: 11 additions & 0 deletions
11
docs/advanced-entity-analytics/api/asset-criticality-api-index.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
include::asset-criticality-api-overview.asciidoc[] | ||
|
||
include::asset-criticality-api-upsert.asciidoc[] | ||
|
||
include::asset-criticality-api-bulk-upsert.asciidoc[] | ||
|
||
include::asset-criticality-api-get.asciidoc[] | ||
|
||
include::asset-criticality-api-list.asciidoc[] | ||
|
||
include::asset-criticality-api-delete.asciidoc[] |
Oops, something went wrong.