diff --git a/docs/cases/api/actions-api/cases-actions-api-intro.asciidoc b/docs/cases/api/actions-api/cases-actions-api-intro.asciidoc index b845f6ba72..dc65fa278a 100644 --- a/docs/cases/api/actions-api/cases-actions-api-intro.asciidoc +++ b/docs/cases/api/actions-api/cases-actions-api-intro.asciidoc @@ -9,7 +9,6 @@ You can push {es-sec} cases to these third-party systems: * {ibm-r} * {swimlane} -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. To push cases, you need to create a connector using the {kib} Actions API, which stores the information required to interface with the external system. @@ -18,7 +17,7 @@ which stores the information required to interface with the external system. * {sn}: https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/c_ImportSetAPI[Import Set API] + -IMPORTANT: {sn} ITSM and SecOps connectors created in {stack} version 7.15.0 or earlier use the https://developer.servicenow.com/dev.do#!/reference/api/quebec/rest/c_TableAPI[Table API]. They are marked as deprecated after you upgrade to version 7.16.0 or later and must be <> to ensure you have access to new connector enhancements. For example, you can push incident updates from cases using connectors created in version 7.15.0 or earlier. However, pushing incident updates from rules is a newer enhancement and you must update your connector or create a new one to use it. +IMPORTANT: {sn} ITSM and SecOps connectors created in {stack} version 7.15.0 or earlier use the https://developer.servicenow.com/dev.do#!/reference/api/quebec/rest/c_TableAPI[Table API]. They are marked as deprecated after you upgrade to version 7.16.0 or later and must be <> to ensure you have access to new connector enhancements. For example, you can push incident updates from cases using connectors created in version 7.15.0 or earlier. However, pushing incident updates from rules is a newer enhancement and you must update your connector or create a new one to use it. * {jira}: https://developer.atlassian.com/cloud/jira/platform/rest/v2/[REST API v2] * {ibm-r}: https://developer.ibm.com/security/resilient/rest/[Resilient REST API] @@ -36,7 +35,6 @@ To send cases to an external system and keep the {es-sec-ui} updated: Creates a connector, which can then be used to open and update cases in external systems. Note that data from mapped case fields can be pushed to external systems but cannot be pulled in. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. ==== Request URL @@ -306,7 +304,6 @@ A JSON object with a connector `id` that is required to push cases to {sn}. Updates a connector. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. ==== Request URL @@ -449,7 +446,6 @@ The updated JSON connector object. Creates a new or updates an existing external incident from a {es-sec} case. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. NOTE: You can only send cases to external systems after you have <> a connector. diff --git a/docs/cases/api/cases-api/cases-api.asciidoc b/docs/cases/api/cases-api/cases-api.asciidoc index c67842bb16..8a3f4ea74a 100644 --- a/docs/cases/api/cases-api/cases-api.asciidoc +++ b/docs/cases/api/cases-api/cases-api.asciidoc @@ -4,8 +4,6 @@ You can create, manage, configure, and send cases to external systems with these APIs: -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - NOTE: Cases return a warning header for deprecated endpoints. The value of the warning header is in the form `299 Kibana-{kibana_version} "{warning_text}"` * {kibana-ref}/cases-api.html[Cases API]: Used to open and manage security action items. diff --git a/docs/detections/api/exceptions/api-create-exception-container.asciidoc b/docs/detections/api/exceptions/api-create-exception-container.asciidoc index ba3857b105..3dadd40a0f 100644 --- a/docs/detections/api/exceptions/api-create-exception-container.asciidoc +++ b/docs/detections/api/exceptions/api-create-exception-container.asciidoc @@ -3,8 +3,6 @@ Creates an exception container. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - An exception container groups <> and can be associated with rules. When an exception item's query evaluates to `true`, rules do *not* issue alerts even when the rule's other criteria are met. diff --git a/docs/detections/api/exceptions/api-create-exception-item.asciidoc b/docs/detections/api/exceptions/api-create-exception-item.asciidoc index a727fcf7c3..6f994935fc 100644 --- a/docs/detections/api/exceptions/api-create-exception-item.asciidoc +++ b/docs/detections/api/exceptions/api-create-exception-item.asciidoc @@ -4,8 +4,6 @@ Creates an exception item and associates it with the specified <>. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - See <> for information about creating exception items from lists, such as a list of IP addresses or host names. diff --git a/docs/detections/api/exceptions/api-delete-exception-container.asciidoc b/docs/detections/api/exceptions/api-delete-exception-container.asciidoc index beec7dc0ca..a11ee7d98b 100644 --- a/docs/detections/api/exceptions/api-delete-exception-container.asciidoc +++ b/docs/detections/api/exceptions/api-delete-exception-container.asciidoc @@ -3,8 +3,6 @@ Deletes an exception container. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `DELETE :/api/exception_lists` diff --git a/docs/detections/api/exceptions/api-delete-exception-item.asciidoc b/docs/detections/api/exceptions/api-delete-exception-item.asciidoc index 5c71dbd2a6..e9291409f7 100644 --- a/docs/detections/api/exceptions/api-delete-exception-item.asciidoc +++ b/docs/detections/api/exceptions/api-delete-exception-item.asciidoc @@ -3,8 +3,6 @@ Deletes an exception item. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `DELETE :/api/exception_lists/items` diff --git a/docs/detections/api/exceptions/api-find-exception-containers.asciidoc b/docs/detections/api/exceptions/api-find-exception-containers.asciidoc index f95759e020..a0b6e8dfd5 100644 --- a/docs/detections/api/exceptions/api-find-exception-containers.asciidoc +++ b/docs/detections/api/exceptions/api-find-exception-containers.asciidoc @@ -4,8 +4,6 @@ Retrieves a paginated subset of exception containers. By default, the first page is returned with 20 results per page. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/exception_lists/_find` diff --git a/docs/detections/api/exceptions/api-find-exception-items.asciidoc b/docs/detections/api/exceptions/api-find-exception-items.asciidoc index 7244e5f8dc..eacf871ef9 100644 --- a/docs/detections/api/exceptions/api-find-exception-items.asciidoc +++ b/docs/detections/api/exceptions/api-find-exception-items.asciidoc @@ -4,8 +4,6 @@ Retrieves a paginated subset of exception items in the specified container. By default, the first page is returned with 20 results per page. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/exception_lists/items/_find` diff --git a/docs/detections/api/exceptions/api-get-exception-containers.asciidoc b/docs/detections/api/exceptions/api-get-exception-containers.asciidoc index d0555e056a..ef77d442b8 100644 --- a/docs/detections/api/exceptions/api-get-exception-containers.asciidoc +++ b/docs/detections/api/exceptions/api-get-exception-containers.asciidoc @@ -3,8 +3,6 @@ Retrieves an exception container using its `id` or `list_id` field. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/exception_lists` diff --git a/docs/detections/api/exceptions/api-get-exception-items.asciidoc b/docs/detections/api/exceptions/api-get-exception-items.asciidoc index 3c8ee88e9e..bc29508f87 100644 --- a/docs/detections/api/exceptions/api-get-exception-items.asciidoc +++ b/docs/detections/api/exceptions/api-get-exception-items.asciidoc @@ -3,8 +3,6 @@ Retrieves an exception item using its `id` or `item_id` field. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/exception_lists/items` diff --git a/docs/detections/api/exceptions/api-summary-exception-container.asciidoc b/docs/detections/api/exceptions/api-summary-exception-container.asciidoc index 333d3947a2..282309f701 100644 --- a/docs/detections/api/exceptions/api-summary-exception-container.asciidoc +++ b/docs/detections/api/exceptions/api-summary-exception-container.asciidoc @@ -3,8 +3,6 @@ Retrieves an exception container summary. -NOTE: Console supports only Elasticsearch APIs. You cannot interact with {kib} APIs with Console and must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `POST :/api/exception_lists/summary` @@ -65,7 +63,7 @@ A summary of the exception container: } -------------------------------------------------- -NOTE: For a host isolation exception, the values for `windows`, `linux`, `macos`, and `total` are all the same, as each host isolation exception entry applies to all operating systems. +NOTE: For a host isolation exception, the values for `windows`, `linux`, `macos`, and `total` are all the same, as each host isolation exception entry applies to all operating systems. For example: [source,json] @@ -77,4 +75,3 @@ For example: total: 5, } -------------------------------------------------- - diff --git a/docs/detections/api/exceptions/api-update-exception-container.asciidoc b/docs/detections/api/exceptions/api-update-exception-container.asciidoc index 28f1a7eda6..73a797c908 100644 --- a/docs/detections/api/exceptions/api-update-exception-container.asciidoc +++ b/docs/detections/api/exceptions/api-update-exception-container.asciidoc @@ -3,8 +3,6 @@ Updates an existing exception container. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `PUT :/api/lists` diff --git a/docs/detections/api/exceptions/api-update-exception-item.asciidoc b/docs/detections/api/exceptions/api-update-exception-item.asciidoc index 4cb6a8ea32..1a9a363869 100644 --- a/docs/detections/api/exceptions/api-update-exception-item.asciidoc +++ b/docs/detections/api/exceptions/api-update-exception-item.asciidoc @@ -3,8 +3,6 @@ Updates an existing exception item. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `PUT :/api/exception_lists/items` diff --git a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc index b0bc68d936..29bb71deb6 100644 --- a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc +++ b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc @@ -7,8 +7,6 @@ rule's other criteria are met. They can be used to reduce the number of false positives, and to prevent trusted processes and network activity from generating unnecessary alerts. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - Exceptions are made up of: * *Exception containers*: A container for related exceptions. In general, a diff --git a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc index 5a73e29977..a5840132a8 100644 --- a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc +++ b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc @@ -8,8 +8,6 @@ and `.items` system indices in the relevant For information about the permissions and privileges required to create `.lists` and `.items` indices, see <>. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - [discrete] === Create index diff --git a/docs/detections/api/lists/api-create-list-container.asciidoc b/docs/detections/api/lists/api-create-list-container.asciidoc index a53a929be0..98e1007bf3 100644 --- a/docs/detections/api/lists/api-create-list-container.asciidoc +++ b/docs/detections/api/lists/api-create-list-container.asciidoc @@ -3,8 +3,6 @@ Creates a list container. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - A list container groups common <> that define exceptions for when detection rule alerts are *not* generated even when a rule's other criteria are met. diff --git a/docs/detections/api/lists/api-create-list-item.asciidoc b/docs/detections/api/lists/api-create-list-item.asciidoc index bd7e3ed6be..83e1a1971e 100644 --- a/docs/detections/api/lists/api-create-list-item.asciidoc +++ b/docs/detections/api/lists/api-create-list-item.asciidoc @@ -4,8 +4,6 @@ Creates a list item and associates it with the specified <>. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - All list items in the same list container must be the same type. For example, each list item in an `ip` list container must define a specific IP address. diff --git a/docs/detections/api/lists/api-delete-list-container.asciidoc b/docs/detections/api/lists/api-delete-list-container.asciidoc index f66bd3835e..2ecee2ea78 100644 --- a/docs/detections/api/lists/api-delete-list-container.asciidoc +++ b/docs/detections/api/lists/api-delete-list-container.asciidoc @@ -3,8 +3,6 @@ Deletes a list container. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - NOTE: When you delete a list container, all of its list items are also deleted. ==== Request URL diff --git a/docs/detections/api/lists/api-delete-list-item.asciidoc b/docs/detections/api/lists/api-delete-list-item.asciidoc index 0b08430708..f3d3bb2816 100644 --- a/docs/detections/api/lists/api-delete-list-item.asciidoc +++ b/docs/detections/api/lists/api-delete-list-item.asciidoc @@ -3,8 +3,6 @@ Deletes list items. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `DELETE :/api/lists/items` diff --git a/docs/detections/api/lists/api-export-list-item.asciidoc b/docs/detections/api/lists/api-export-list-item.asciidoc index c99bf38941..3740c2a0f9 100644 --- a/docs/detections/api/lists/api-export-list-item.asciidoc +++ b/docs/detections/api/lists/api-export-list-item.asciidoc @@ -3,8 +3,6 @@ Exports list item values from the specified list container. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `POST :/api/lists/items/_export` diff --git a/docs/detections/api/lists/api-find-list-containers.asciidoc b/docs/detections/api/lists/api-find-list-containers.asciidoc index 1bc4b6362f..06f8eb703b 100644 --- a/docs/detections/api/lists/api-find-list-containers.asciidoc +++ b/docs/detections/api/lists/api-find-list-containers.asciidoc @@ -4,8 +4,6 @@ Retrieves a paginated subset of list containers. By default, the first page is returned with 20 results per page. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/lists/_find` diff --git a/docs/detections/api/lists/api-find-list-items.asciidoc b/docs/detections/api/lists/api-find-list-items.asciidoc index 3d22287592..4076436093 100644 --- a/docs/detections/api/lists/api-find-list-items.asciidoc +++ b/docs/detections/api/lists/api-find-list-items.asciidoc @@ -4,8 +4,6 @@ Retrieves a paginated subset of list items in the specified container. By default, the first page is returned with 20 results per page. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/lists/items/_find` diff --git a/docs/detections/api/lists/api-get-list-containers.asciidoc b/docs/detections/api/lists/api-get-list-containers.asciidoc index bc9ea19f37..6b44a26571 100644 --- a/docs/detections/api/lists/api-get-list-containers.asciidoc +++ b/docs/detections/api/lists/api-get-list-containers.asciidoc @@ -3,8 +3,6 @@ Retrieves a list container using its `id` field. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/lists` diff --git a/docs/detections/api/lists/api-get-list-items.asciidoc b/docs/detections/api/lists/api-get-list-items.asciidoc index 14b6c58a83..8d796b23e9 100644 --- a/docs/detections/api/lists/api-get-list-items.asciidoc +++ b/docs/detections/api/lists/api-get-list-items.asciidoc @@ -3,8 +3,6 @@ Retrieves list items using its `id`, or its `list_id` and `value` fields. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - IMPORTANT: For `ip` and `ip_range` list containers, you can retrieve up to 10,000 list items. diff --git a/docs/detections/api/lists/api-import-list-items.asciidoc b/docs/detections/api/lists/api-import-list-items.asciidoc index 330c454240..9ba6924b63 100644 --- a/docs/detections/api/lists/api-import-list-items.asciidoc +++ b/docs/detections/api/lists/api-import-list-items.asciidoc @@ -6,8 +6,6 @@ Imports a list of items from a `.txt` or `.csv` file. You can import items to a new or existing <>. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `POST :/api/lists/items/_import` diff --git a/docs/detections/api/lists/api-update-list-container.asciidoc b/docs/detections/api/lists/api-update-list-container.asciidoc index f4c3710c8b..b7c6a6436b 100644 --- a/docs/detections/api/lists/api-update-list-container.asciidoc +++ b/docs/detections/api/lists/api-update-list-container.asciidoc @@ -3,8 +3,6 @@ Updates an existing list container. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - You can use `PUT` or `PATCH` methods to update list containers, where: * `PUT` replaces the original container and deletes fields that are not diff --git a/docs/detections/api/lists/api-update-list-item.asciidoc b/docs/detections/api/lists/api-update-list-item.asciidoc index 6891f867ea..d5e8c1fde9 100644 --- a/docs/detections/api/lists/api-update-list-item.asciidoc +++ b/docs/detections/api/lists/api-update-list-item.asciidoc @@ -3,8 +3,6 @@ Updates an existing list item. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - You can use `PUT` or `PATCH` methods to update list items, where: * `PUT` replaces the original items and deletes fields that are not diff --git a/docs/detections/api/lists/lists-api-overview.asciidoc b/docs/detections/api/lists/lists-api-overview.asciidoc index dfb5983421..c971d8a637 100644 --- a/docs/detections/api/lists/lists-api-overview.asciidoc +++ b/docs/detections/api/lists/lists-api-overview.asciidoc @@ -4,8 +4,6 @@ Lists can be used with detection rule <> to define values that prevent a rule from generating alerts. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - Lists are made up of: * *List containers*: A container for values of the same {es} diff --git a/docs/detections/api/rules/index-api-overview.asciidoc b/docs/detections/api/rules/index-api-overview.asciidoc index 49b5df417d..5a7ae47e46 100644 --- a/docs/detections/api/rules/index-api-overview.asciidoc +++ b/docs/detections/api/rules/index-api-overview.asciidoc @@ -4,8 +4,6 @@ You use the index endpoint to create, get, and delete `.siem-signals-` system indices in a {kib} space. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - NOTE: Signal indices store detection alerts. For information about the permissions and privileges required to create diff --git a/docs/detections/api/rules/privileges-api-overview.asciidoc b/docs/detections/api/rules/privileges-api-overview.asciidoc index 6110364fed..a7e42060d2 100644 --- a/docs/detections/api/rules/privileges-api-overview.asciidoc +++ b/docs/detections/api/rules/privileges-api-overview.asciidoc @@ -9,8 +9,6 @@ and index privileges, which determine if the user can create an index For information about the permissions and privileges required to create `.siem-signals-` indices, see <>. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Get privileges Returns user privileges for the {kib} space. diff --git a/docs/detections/api/rules/rules-api-bulk-actions.asciidoc b/docs/detections/api/rules/rules-api-bulk-actions.asciidoc index 14484fba8a..927465eb3c 100644 --- a/docs/detections/api/rules/rules-api-bulk-actions.asciidoc +++ b/docs/detections/api/rules/rules-api-bulk-actions.asciidoc @@ -4,8 +4,6 @@ You can bulk create, update, and delete rules. -NOTE: Console supports only {es} APIs and doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ''' [discrete] diff --git a/docs/detections/api/rules/rules-api-create.asciidoc b/docs/detections/api/rules/rules-api-create.asciidoc index b6af64472d..e943664b74 100644 --- a/docs/detections/api/rules/rules-api-create.asciidoc +++ b/docs/detections/api/rules/rules-api-create.asciidoc @@ -5,8 +5,6 @@ WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token- Creates a new detection rule. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - You can create the following types of rules: * *Custom query*: Searches the defined indices and creates an alert when @@ -66,7 +64,7 @@ supported for rule notifications: * Webhook * Microsoft Teams * {ibm-r} -* {jira} +* {jira} * {sn} ITSM NOTE: For more information on PagerDuty fields, see diff --git a/docs/detections/api/rules/rules-api-delete.asciidoc b/docs/detections/api/rules/rules-api-delete.asciidoc index f7d388a584..588c53cd48 100644 --- a/docs/detections/api/rules/rules-api-delete.asciidoc +++ b/docs/detections/api/rules/rules-api-delete.asciidoc @@ -3,8 +3,6 @@ Deletes a single rule using the `rule_id` or `id` field. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `DELETE :/api/detection_engine/rules` diff --git a/docs/detections/api/rules/rules-api-export.asciidoc b/docs/detections/api/rules/rules-api-export.asciidoc index a3a5a18357..c6c53cc21b 100644 --- a/docs/detections/api/rules/rules-api-export.asciidoc +++ b/docs/detections/api/rules/rules-api-export.asciidoc @@ -8,8 +8,6 @@ Exports rules to an `.ndjson` file. The following configuration items are also i You cannot export prebuilt rules, but they are available at https://github.com/elastic/detection-rules/tree/main/rules/. -NOTE: Console supports {es} APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - [IMPORTANT] ================= Although detection rule actions are included in the exported file, the connectors used by the actions are not included. Use the {kibana-ref}/managing-saved-objects.html#managing-saved-objects-export-objects[Saved Objects] UI in Kibana (*Stack Management* -> *Kibana* -> *Saved Objects*) or the Saved Objects APIs (experimental) to {kibana-ref}/saved-objects-api-export.html[export] and {kibana-ref}/saved-objects-api-import.html[import] any necessary connectors _before_ you export and import the detection rules. diff --git a/docs/detections/api/rules/rules-api-find.asciidoc b/docs/detections/api/rules/rules-api-find.asciidoc index 182df02225..72dcec2c96 100644 --- a/docs/detections/api/rules/rules-api-find.asciidoc +++ b/docs/detections/api/rules/rules-api-find.asciidoc @@ -4,8 +4,6 @@ Retrieves a paginated subset of detection rules. By default, the first page is returned with 20 results per page. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/detection_engine/rules/_find` diff --git a/docs/detections/api/rules/rules-api-get.asciidoc b/docs/detections/api/rules/rules-api-get.asciidoc index 709a69f79d..8f0a95c949 100644 --- a/docs/detections/api/rules/rules-api-get.asciidoc +++ b/docs/detections/api/rules/rules-api-get.asciidoc @@ -3,8 +3,6 @@ Retrieves a single rule using the `rule_id` or `id` field. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/detection_engine/rules` diff --git a/docs/detections/api/rules/rules-api-import.asciidoc b/docs/detections/api/rules/rules-api-import.asciidoc index 11ae47c919..3fa006f2a2 100644 --- a/docs/detections/api/rules/rules-api-import.asciidoc +++ b/docs/detections/api/rules/rules-api-import.asciidoc @@ -6,7 +6,7 @@ Imports rules from an `.ndjson` file. The following configuration items are also * Actions * Exception lists -NOTE: Console supports {es} APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. Please also note this API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only. +NOTE: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only. NOTE: You need at least `Read` privileges for the `Action and Connectors` feature to import rules with actions. If you're importing rules without actions, `Action and Connectors` feature privileges are not required. Refer to <> for more information. @@ -45,8 +45,8 @@ curl -X POST "/api/detection_engine/rules/_import" |`overwrite` |Boolean |Determines whether existing rules with the same `rule_id` are overwritten. |No, defaults to `false`. -|`overwrite_exceptions` |Boolean |Determines whether existing exception lists -with the same `list_id` are overwritten. Both the exception list container and +|`overwrite_exceptions` |Boolean |Determines whether existing exception lists +with the same `list_id` are overwritten. Both the exception list container and its items are overwritten. |No, defaults to `false`. |============================================== diff --git a/docs/detections/api/rules/rules-api-overview.asciidoc b/docs/detections/api/rules/rules-api-overview.asciidoc index 488bcfc1ab..2b66a945c1 100644 --- a/docs/detections/api/rules/rules-api-overview.asciidoc +++ b/docs/detections/api/rules/rules-api-overview.asciidoc @@ -6,9 +6,7 @@ You can create rules that automatically turn events and external alerts sent to {es-sec} into detection alerts. These alerts are displayed on the Detections page. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - -For more information on detection alerts, and the difference between events, +For more information on detection alerts and the differences between events, external alerts, and detection alerts, see <>. diff --git a/docs/detections/api/rules/rules-api-prebuilt.asciidoc b/docs/detections/api/rules/rules-api-prebuilt.asciidoc index 8175a25043..dbe1b3c3db 100644 --- a/docs/detections/api/rules/rules-api-prebuilt.asciidoc +++ b/docs/detections/api/rules/rules-api-prebuilt.asciidoc @@ -5,8 +5,6 @@ The prepackaged endpoint is for retrieving rule statuses and loading Elastic prebuilt detection rules. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Load prebuilt rules Loads and updates Elastic prebuilt rules. diff --git a/docs/detections/api/rules/rules-api-update.asciidoc b/docs/detections/api/rules/rules-api-update.asciidoc index 8373516f0f..93efe77b60 100644 --- a/docs/detections/api/rules/rules-api-update.asciidoc +++ b/docs/detections/api/rules/rules-api-update.asciidoc @@ -5,8 +5,6 @@ WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token- Updates an existing detection rule. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - You can use `PUT` or `PATCH` methods to update rules, where: * `PUT` replaces the original rule and deletes fields that are not specified. diff --git a/docs/detections/api/rules/signals-api-overview.asciidoc b/docs/detections/api/rules/signals-api-overview.asciidoc index 6da33afa6e..d3e8ee19e9 100644 --- a/docs/detections/api/rules/signals-api-overview.asciidoc +++ b/docs/detections/api/rules/signals-api-overview.asciidoc @@ -10,8 +10,6 @@ the indices, see: * {ref}/search-aggregations.html[Aggregations] * {ref}/query-dsl.html[Query DSL] -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Get alerts Aggregates and returns alerts. diff --git a/docs/detections/api/rules/tags-api-overview.asciidoc b/docs/detections/api/rules/tags-api-overview.asciidoc index 264f72715c..7d4bcbb68a 100644 --- a/docs/detections/api/rules/tags-api-overview.asciidoc +++ b/docs/detections/api/rules/tags-api-overview.asciidoc @@ -4,8 +4,6 @@ Aggregates and returns all rule tags. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Get tags Aggregates and returns all unique tags from all rules. diff --git a/docs/detections/api/signals-migration-api.asciidoc b/docs/detections/api/signals-migration-api.asciidoc index c5aa592a72..a6dac567fe 100644 --- a/docs/detections/api/signals-migration-api.asciidoc +++ b/docs/detections/api/signals-migration-api.asciidoc @@ -4,8 +4,6 @@ After an upgrade of {kib}, the latest {es-sec} features will be available for any new <> that are generated. However, in order to enable new features on existing detection alerts, migration may be necessary. See <> for instructions specific to your upgrade. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - Migrating detection alerts is performed at the index level and requires the following steps: 1. <> diff --git a/docs/events/api/timeline-api-create.asciidoc b/docs/events/api/timeline-api-create.asciidoc index fd4ff13682..78644d2402 100644 --- a/docs/events/api/timeline-api-create.asciidoc +++ b/docs/events/api/timeline-api-create.asciidoc @@ -3,8 +3,6 @@ Creates a new Timeline or Timeline template. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - Use the `timeline` object's <> field to determine whether a timeline or a timeline template is created, where: @@ -50,7 +48,7 @@ template. *Example 1* -Creates a new Timeline. +Creates a new Timeline. [source,console] -------------------------------------------------- diff --git a/docs/events/api/timeline-api-delete.asciidoc b/docs/events/api/timeline-api-delete.asciidoc index 845c3c457c..f8d18e902f 100644 --- a/docs/events/api/timeline-api-delete.asciidoc +++ b/docs/events/api/timeline-api-delete.asciidoc @@ -3,8 +3,6 @@ Delete multiple Timelines or Timeline templates. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `DELETE :/api/timeline` diff --git a/docs/events/api/timeline-api-get.asciidoc b/docs/events/api/timeline-api-get.asciidoc index b455551bb2..48aaa4582e 100644 --- a/docs/events/api/timeline-api-get.asciidoc +++ b/docs/events/api/timeline-api-get.asciidoc @@ -3,8 +3,6 @@ Get Timelines or Timeline templates. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `GET :/api/timelines` @@ -52,7 +50,6 @@ GET api/timelines?page_size=10&page_index=1&sort_field=updated&sort_order=desc&t Get single Timeline or Timeline template by savedObjectId. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. ==== Request URL @@ -73,7 +70,6 @@ GET /api/timeline?id= Get a single Timeline template by templateTimelineId. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. ==== Request URL diff --git a/docs/events/api/timeline-api-import.asciidoc b/docs/events/api/timeline-api-import.asciidoc index 62419e5c9a..4e86fb30c4 100644 --- a/docs/events/api/timeline-api-import.asciidoc +++ b/docs/events/api/timeline-api-import.asciidoc @@ -3,8 +3,6 @@ Imports timelines and timeline templates from an `ndjson` file. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - If you are updating an existing timeline template, make sure: * You specify the relevant template's unique ID (`templateTimelineId`). diff --git a/docs/events/api/timeline-api-overview.asciidoc b/docs/events/api/timeline-api-overview.asciidoc index 21c3501e01..ceee61794b 100644 --- a/docs/events/api/timeline-api-overview.asciidoc +++ b/docs/events/api/timeline-api-overview.asciidoc @@ -3,6 +3,3 @@ == Timeline API You can create Timelines and Timeline templates via the API, as well as import new Timelines from an `ndjson` file. - -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - diff --git a/docs/events/api/timeline-api-update.asciidoc b/docs/events/api/timeline-api-update.asciidoc index 02a5f4b33d..6764741b21 100644 --- a/docs/events/api/timeline-api-update.asciidoc +++ b/docs/events/api/timeline-api-update.asciidoc @@ -3,8 +3,6 @@ Add a note to an existing Timeline or Timeline event. -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `PATCH :/api/note` @@ -63,8 +61,6 @@ PATCH api/note === Pin an event to an existing Timeline -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. - ==== Request URL `PATCH :/api/pinned_event` diff --git a/docs/management/api/blocklist-api.asciidoc b/docs/management/api/blocklist-api.asciidoc index 5f4f36a2a9..b821fdfb2b 100644 --- a/docs/management/api/blocklist-api.asciidoc +++ b/docs/management/api/blocklist-api.asciidoc @@ -11,7 +11,6 @@ Create, retrieve, update, and delete endpoint <> entries with the <>. Endpoint {endpoint-artifact-name} are managed using a static container id (`list_id`) of `pass:a[{endpoint-artifact-list-id}]`, which must be created prior to adding the {endpoint-artifact-name}. To use these APIs, you must have privileges to manage endpoints. Refer to <> for more information. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. ==== Create {endpoint-artifact-name} container @@ -550,7 +549,7 @@ Process signature is supported for Windows xref:exception-{endpoint-artifact-api ----------------------------- -====== Examples for a Windows {endpoint-artifact-name-single}. +====== Examples for a Windows {endpoint-artifact-name-single}. Only one entry of `file.path` or `file.Ext.code_signature` is allowed per blocklist item. The `file.hash.*` entry is also supported and accepts up to three values. The allowed hash types for `file.hash.*` are `md5`, `sha1`, or `sha256`. @@ -615,4 +614,4 @@ Only one entry of `file.path` or `file.Ext.code_signature` is allowed per blockl "operator": "included" } ] ------------------------------ \ No newline at end of file +----------------------------- diff --git a/docs/management/api/event-filters-api.asciidoc b/docs/management/api/event-filters-api.asciidoc index f2efbbad56..7262d114a4 100644 --- a/docs/management/api/event-filters-api.asciidoc +++ b/docs/management/api/event-filters-api.asciidoc @@ -11,8 +11,6 @@ Create, retrieve, update and delete endpoint <> via API. {endpoint-artifact-name-sentence-start} are managed via the <> using a static container id (`list_id`) of `pass:a[{endpoint-artifact-list-id}]`, which must be created prior to adding an event filter. To access these APIs, users must have permission to manage endpoints. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. - ==== Create {endpoint-artifact-name} container @@ -517,7 +515,7 @@ include::_exceptions-api-reusable-content.asciidoc[tag=endpoint-exceptions-value [#exception-{endpoint-artifact-api-doc-name}-item-entry-schema] ===== `entry` object schema -{endpoint-artifact-name-sentence-start} allow for an unlimited number of conditions to be defined. Each {endpoint-artifact-name-single} entry contains an `entry` object that has `type`, `value`, `field` and `operator` keys with values. The following operators are supported in an entry object: +{endpoint-artifact-name-sentence-start} allow for an unlimited number of conditions to be defined. Each {endpoint-artifact-name-single} entry contains an `entry` object that has `type`, `value`, `field` and `operator` keys with values. The following operators are supported in an entry object: ====== Operator `is` diff --git a/docs/management/api/get-endpoint-api.asciidoc b/docs/management/api/get-endpoint-api.asciidoc index 8b31092b8d..e38d51f49e 100644 --- a/docs/management/api/get-endpoint-api.asciidoc +++ b/docs/management/api/get-endpoint-api.asciidoc @@ -3,8 +3,6 @@ Retrieves metadata about a single host running {endpoint-sec}. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. - ==== Request URL `GET :/api/endpoint/metadata/` diff --git a/docs/management/api/host-isolation-api.asciidoc b/docs/management/api/host-isolation-api.asciidoc index 5cf380aa58..fa148e5c49 100644 --- a/docs/management/api/host-isolation-api.asciidoc +++ b/docs/management/api/host-isolation-api.asciidoc @@ -3,8 +3,6 @@ Isolates a host running {endpoint-sec} from the network. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. - `Isolated` is a persistent status until the endpoint is given a release command. You must have the `superuser` role to perform this action and at least a Platinum license. ==== Request URL diff --git a/docs/management/api/host-isolation-exceptions-api.asciidoc b/docs/management/api/host-isolation-exceptions-api.asciidoc index 2ea8ff0b44..22a1803bb2 100644 --- a/docs/management/api/host-isolation-exceptions-api.asciidoc +++ b/docs/management/api/host-isolation-exceptions-api.asciidoc @@ -12,9 +12,6 @@ Create, retrieve, update, and delete endpoint <> via API. {endpoint-artifact-name-sentence-start} are managed via the <> using a static container id (`list_id`) of `pass:a[{endpoint-artifact-list-id}]`, which must be created prior to adding the {endpoint-artifact-name}. Access to these APIs requires that a user has authorization to manage endpoints. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. - - ==== Create {endpoint-artifact-name} container `POST :/api/exception_lists` @@ -106,8 +103,8 @@ POST api/exception_lists/items "name": "Some name for this item", "namespace_type": "agnostic", "os_types": [ - "linux", - "macos", + "linux", + "macos", "windows" ], "tags": [ @@ -469,4 +466,4 @@ Destination IPs are supported by all xref:exception-{endpoint-artifact-api-doc-n * `field` : `destination.ip`. * `value` : A valid IPv4 address with optional CIDR associated with the `field`. * `type` : Must be `match`. -* `operator` : Must be `included`. \ No newline at end of file +* `operator` : Must be `included`. diff --git a/docs/management/api/host-isolation-release-api.asciidoc b/docs/management/api/host-isolation-release-api.asciidoc index 8fc95837bf..affc4221b1 100644 --- a/docs/management/api/host-isolation-release-api.asciidoc +++ b/docs/management/api/host-isolation-release-api.asciidoc @@ -3,8 +3,6 @@ Removes a host's isolation status and allows it to rejoin a network. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. - You must have the `superuser` role to perform this action. It is available to all license levels. ==== Request URL diff --git a/docs/management/api/list-endpoints-api.asciidoc b/docs/management/api/list-endpoints-api.asciidoc index 8f32baecf8..882dd6dded 100644 --- a/docs/management/api/list-endpoints-api.asciidoc +++ b/docs/management/api/list-endpoints-api.asciidoc @@ -3,8 +3,6 @@ Retrieves a list of hosts running {endpoint-sec}. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. - ==== Request URL `GET :/api/endpoint/metadata` diff --git a/docs/management/api/management-api-index.asciidoc b/docs/management/api/management-api-index.asciidoc index aba0b1fd3d..a01a839d86 100644 --- a/docs/management/api/management-api-index.asciidoc +++ b/docs/management/api/management-api-index.asciidoc @@ -3,8 +3,6 @@ The following APIs allow you to interact with and manage endpoints running the {endpoint-sec} integration. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. - include::get-endpoint-api.asciidoc[] include::list-endpoints-api.asciidoc[] include::host-isolation-api.asciidoc[] diff --git a/docs/management/api/trusted-apps-api.asciidoc b/docs/management/api/trusted-apps-api.asciidoc index c369177e61..9a359f3238 100644 --- a/docs/management/api/trusted-apps-api.asciidoc +++ b/docs/management/api/trusted-apps-api.asciidoc @@ -10,8 +10,6 @@ Create, retrieve, update, and delete endpoint <> via API. Endpoint {endpoint-artifact-name} are managed via the <> using a static container id (`list_id`) of `pass:a[{endpoint-artifact-list-id}]`, which must be created prior to adding the {endpoint-artifact-name}. Access to these APIs requires that a user has authorization to manage endpoints. -NOTE: Console supports Elasticsearch APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to https://www.elastic.co/guide/en/kibana/current/console-kibana.html[Run Elasticsearch API requests]. - ==== Create {endpoint-artifact-name} container @@ -557,4 +555,4 @@ Process signature is supported only for Windows xref:exception-{endpoint-artifac "type": "nested" } ] ------------------------------ \ No newline at end of file +----------------------------- diff --git a/docs/siem-apis.asciidoc b/docs/siem-apis.asciidoc index 8698c2e646..458d9ca79f 100644 --- a/docs/siem-apis.asciidoc +++ b/docs/siem-apis.asciidoc @@ -5,7 +5,8 @@ You can use these APIs to interface with {es-sec} features: -NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. +NOTE: Console supports sending requests to {kib} APIs. Prepend any {kib} API endpoint with `kbn:` and send the request via Console. For example: +`GET kbn:/api/index_management/indices` * <>: Manage detection rules and alerts * <>: Create and manage rule exceptions