[DOCS] Update exception list summary api doc (#1439)

* Update exception list summary api doc fixes elastic/security-team/issues/2513 ref elastic/kibana/pull/123476 * Update api-summary-exception-container.asciidoc * Update docs/detections/api/exceptions/api-summary-exception-container.asciidoc Co-authored-by: Janeen Mikell-Straughn <[email protected]> Co-authored-by: Janeen Mikell-Straughn <[email protected]>
elastic · Jan 27, 2022 · f964126 · f964126
1 parent 4491fc5
commit f964126
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/docs/detections/api/exceptions/api-summary-exception-container.asciidoc b/docs/detections/api/exceptions/api-summary-exception-container.asciidoc
@@ -17,6 +17,7 @@ A JSON object with these fields:
 |==============================================
 |Name |Type |Description |Required
 
+|`filter` |String |Search filter clause. |Yes
 |`id` |String |Exception container ID. |Yes
 |`list_id` |String |Unique identifier. |Yes
 |`namespace_type` |String a|Determines whether the exception container is available in all {kib} spaces or just the space in which it is created, where:
@@ -36,7 +37,8 @@ Gets the summary from an exception container:
 --------------------------------------------------
 GET api/exception_lists/summary
 {
-  "id": "allowes-process-id",
+  "filter": "filter-clause",
+  "id": "allowed-process-id",
   "list_id": "allowed-processes",
   "namespace_type": "single",
 }
@@ -62,3 +64,17 @@ A summary of the exception container:
     total: 6,
 }
 --------------------------------------------------
+
+NOTE: For a host isolation exception, the values for `windows`, `linux`, `macos`, and `total` are all the same, as each host isolation exception entry applies to all operating systems. 
+For example:
+
+[source,json]
+--------------------------------------------------
+{
+    windows: 5,
+    linux: 5,
+    macos: 5,
+    total: 5,
+}
+--------------------------------------------------
+