From 3ba70e2ee122196ee85151e6eece0d9d761dc1d8 Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Tue, 7 Jan 2025 14:09:04 -0800 Subject: [PATCH 01/14] Added response and request descriptions per what was identified as missing in docs sheet --- packages/kbn-repo-packages/package-map.json | 4154 +++++++++++++++++ .../create_exception_list.schema.yaml | 27 + .../create_exception_list_item.schema.yaml | 44 + .../create_rule_exceptions.gen.ts | 2 +- .../create_rule_exceptions.schema.yaml | 52 +- .../delete_exception_list.schema.yaml | 27 + .../delete_exception_list_item.schema.yaml | 30 + .../duplicate_exception_list.schema.yaml | 14 + .../export_exception_list.schema.yaml | 4 + .../find_exception_list_items.schema.yaml | 39 + .../find_exception_lists.schema.yaml | 32 +- .../import_exceptions.schema.yaml | 14 + .../api/quickstart_client.gen.ts | 2 +- .../read_exception_list.schema.yaml | 22 + .../read_exception_list_item.schema.yaml | 30 + .../read_exception_list_summary.schema.yaml | 11 + .../update_exception_list.schema.yaml | 29 + .../update_exception_list_item.schema.yaml | 37 + ...eptions_api_2023_10_31.bundled.schema.yaml | 470 +- ...eptions_api_2023_10_31.bundled.schema.yaml | 470 +- .../updates/simple_update.json | 6 +- .../updates/simple_update_item.json | 4 +- .../security_solution/jest.config.dev.js | 2 +- .../security_solution_exceptions_api.gen.ts | 2 +- .../exceptions/items/essentials_tier/index.ts | 22 +- .../exceptions/lists/essentials_tier/index.ts | 22 +- .../assignments/assignments.cy.ts | 6 +- .../rule_creation/esql_rule.cy.ts | 9 +- .../rule_creation/indicator_match_rule.cy.ts | 1 + .../rule_edit/eql_query_rule.cy.ts | 6 +- .../rule_edit/esql_rule.cy.ts | 10 +- .../value_lists/value_list_items.cy.ts | 6 +- 32 files changed, 5527 insertions(+), 79 deletions(-) create mode 100644 packages/kbn-repo-packages/package-map.json diff --git a/packages/kbn-repo-packages/package-map.json b/packages/kbn-repo-packages/package-map.json new file mode 100644 index 0000000000000..c64d50ae10ad4 --- /dev/null +++ b/packages/kbn-repo-packages/package-map.json @@ -0,0 +1,4154 @@ +[ + [ + "@kbn/aad-fixtures-plugin", + "x-pack/test/alerting_api_integration/common/plugins/aad" + ], + [ + "@kbn/actions-plugin", + "x-pack/platform/plugins/shared/actions" + ], + [ + "@kbn/actions-simulators-plugin", + "x-pack/test/alerting_api_integration/common/plugins/actions_simulators" + ], + [ + "@kbn/actions-types", + "src/platform/packages/shared/kbn-actions-types" + ], + [ + "@kbn/advanced-settings-plugin", + "src/plugins/advanced_settings" + ], + [ + "@kbn/ai-assistant", + "x-pack/packages/kbn-ai-assistant" + ], + [ + "@kbn/ai-assistant-common", + "x-pack/platform/packages/shared/ai-assistant/common" + ], + [ + "@kbn/ai-assistant-icon", + "x-pack/platform/packages/shared/ai-assistant/icon" + ], + [ + "@kbn/ai-assistant-management-plugin", + "src/platform/plugins/shared/ai_assistant_management/selection" + ], + [ + "@kbn/aiops-change-point-detection", + "x-pack/platform/packages/private/ml/aiops_change_point_detection" + ], + [ + "@kbn/aiops-common", + "x-pack/platform/packages/shared/ml/aiops_common" + ], + [ + "@kbn/aiops-components", + "x-pack/platform/packages/private/ml/aiops_components" + ], + [ + "@kbn/aiops-log-pattern-analysis", + "x-pack/platform/packages/shared/ml/aiops_log_pattern_analysis" + ], + [ + "@kbn/aiops-log-rate-analysis", + "x-pack/platform/packages/shared/ml/aiops_log_rate_analysis" + ], + [ + "@kbn/aiops-plugin", + "x-pack/platform/plugins/shared/aiops" + ], + [ + "@kbn/aiops-test-utils", + "x-pack/platform/packages/private/ml/aiops_test_utils" + ], + [ + "@kbn/alerting-api-integration-helpers", + "x-pack/test/alerting_api_integration/packages/helpers" + ], + [ + "@kbn/alerting-api-integration-test-plugin", + "x-pack/test/alerting_api_integration/common/plugins/alerts" + ], + [ + "@kbn/alerting-comparators", + "x-pack/platform/packages/shared/kbn-alerting-comparators" + ], + [ + "@kbn/alerting-example-plugin", + "x-pack/examples/alerting_example" + ], + [ + "@kbn/alerting-fixture-plugin", + "x-pack/test/functional_with_es_ssl/plugins/alerts" + ], + [ + "@kbn/alerting-plugin", + "x-pack/platform/plugins/shared/alerting" + ], + [ + "@kbn/alerting-state-types", + "x-pack/platform/packages/private/kbn-alerting-state-types" + ], + [ + "@kbn/alerting-types", + "src/platform/packages/shared/kbn-alerting-types" + ], + [ + "@kbn/alerts-as-data-utils", + "src/platform/packages/shared/kbn-alerts-as-data-utils" + ], + [ + "@kbn/alerts-grouping", + "x-pack/solutions/observability/packages/kbn-alerts-grouping" + ], + [ + "@kbn/alerts-restricted-fixtures-plugin", + "x-pack/test/alerting_api_integration/common/plugins/alerts_restricted" + ], + [ + "@kbn/alerts-ui-shared", + "src/platform/packages/shared/kbn-alerts-ui-shared" + ], + [ + "@kbn/ambient-common-types", + "packages/kbn-ambient-common-types" + ], + [ + "@kbn/ambient-ftr-types", + "packages/kbn-ambient-ftr-types" + ], + [ + "@kbn/ambient-storybook-types", + "packages/kbn-ambient-storybook-types" + ], + [ + "@kbn/ambient-ui-types", + "packages/kbn-ambient-ui-types" + ], + [ + "@kbn/analytics", + "packages/kbn-analytics" + ], + [ + "@kbn/analytics-collection-utils", + "packages/analytics/utils/analytics_collection_utils" + ], + [ + "@kbn/analytics-ftr-helpers-plugin", + "test/analytics/plugins/analytics_ftr_helpers" + ], + [ + "@kbn/analytics-plugin-a-plugin", + "test/analytics/plugins/analytics_plugin_a" + ], + [ + "@kbn/apm-config-loader", + "packages/kbn-apm-config-loader" + ], + [ + "@kbn/apm-data-access-plugin", + "x-pack/plugins/observability_solution/apm_data_access" + ], + [ + "@kbn/apm-data-view", + "packages/kbn-apm-data-view" + ], + [ + "@kbn/apm-ftr-e2e", + "x-pack/plugins/observability_solution/apm/ftr_e2e" + ], + [ + "@kbn/apm-plugin", + "x-pack/plugins/observability_solution/apm" + ], + [ + "@kbn/apm-synthtrace", + "packages/kbn-apm-synthtrace" + ], + [ + "@kbn/apm-synthtrace-client", + "packages/kbn-apm-synthtrace-client" + ], + [ + "@kbn/apm-types", + "packages/kbn-apm-types" + ], + [ + "@kbn/apm-utils", + "packages/kbn-apm-utils" + ], + [ + "@kbn/app-link-test-plugin", + "test/plugin_functional/plugins/app_link_test" + ], + [ + "@kbn/application-usage-test-plugin", + "x-pack/test/usage_collection/plugins/application_usage_test" + ], + [ + "@kbn/asset-inventory-plugin", + "x-pack/solutions/security/plugins/asset_inventory" + ], + [ + "@kbn/audit-log-plugin", + "x-pack/test/security_api_integration/plugins/audit_log" + ], + [ + "@kbn/avc-banner", + "src/platform/packages/shared/kbn-avc-banner" + ], + [ + "@kbn/axe-config", + "packages/kbn-axe-config" + ], + [ + "@kbn/babel-preset", + "packages/kbn-babel-preset" + ], + [ + "@kbn/babel-register", + "packages/kbn-babel-register" + ], + [ + "@kbn/babel-transform", + "packages/kbn-babel-transform" + ], + [ + "@kbn/banners-plugin", + "x-pack/plugins/banners" + ], + [ + "@kbn/bazel-runner", + "packages/kbn-bazel-runner" + ], + [ + "@kbn/calculate-auto", + "packages/kbn-calculate-auto" + ], + [ + "@kbn/calculate-width-from-char-count", + "packages/kbn-calculate-width-from-char-count" + ], + [ + "@kbn/canvas-plugin", + "x-pack/platform/plugins/private/canvas" + ], + [ + "@kbn/capture-oas-snapshot-cli", + "packages/kbn-capture-oas-snapshot-cli" + ], + [ + "@kbn/cases-api-integration-test-plugin", + "x-pack/test/cases_api_integration/common/plugins/cases" + ], + [ + "@kbn/cases-components", + "src/platform/packages/shared/kbn-cases-components" + ], + [ + "@kbn/cases-plugin", + "x-pack/platform/plugins/shared/cases" + ], + [ + "@kbn/cbor", + "packages/kbn-cbor" + ], + [ + "@kbn/cell-actions", + "src/platform/packages/shared/kbn-cell-actions" + ], + [ + "@kbn/chart-expressions-common", + "src/plugins/chart_expressions/common" + ], + [ + "@kbn/chart-icons", + "packages/kbn-chart-icons" + ], + [ + "@kbn/charts-plugin", + "src/plugins/charts" + ], + [ + "@kbn/charts-theme", + "packages/kbn-charts-theme" + ], + [ + "@kbn/check-mappings-update-cli", + "packages/kbn-check-mappings-update-cli" + ], + [ + "@kbn/check-prod-native-modules-cli", + "packages/kbn-check-prod-native-modules-cli" + ], + [ + "@kbn/ci-stats-core", + "packages/kbn-ci-stats-core" + ], + [ + "@kbn/ci-stats-performance-metrics", + "packages/kbn-ci-stats-performance-metrics" + ], + [ + "@kbn/ci-stats-reporter", + "packages/kbn-ci-stats-reporter" + ], + [ + "@kbn/ci-stats-shipper-cli", + "packages/kbn-ci-stats-shipper-cli" + ], + [ + "@kbn/cli-dev-mode", + "packages/kbn-cli-dev-mode" + ], + [ + "@kbn/cloud", + "packages/cloud" + ], + [ + "@kbn/cloud-chat-plugin", + "x-pack/plugins/cloud_integrations/cloud_chat" + ], + [ + "@kbn/cloud-data-migration-plugin", + "x-pack/platform/plugins/private/cloud_integrations/cloud_data_migration" + ], + [ + "@kbn/cloud-defend-plugin", + "x-pack/solutions/security/plugins/cloud_defend" + ], + [ + "@kbn/cloud-experiments-plugin", + "x-pack/plugins/cloud_integrations/cloud_experiments" + ], + [ + "@kbn/cloud-full-story-plugin", + "x-pack/plugins/cloud_integrations/cloud_full_story" + ], + [ + "@kbn/cloud-integration-saml-provider-plugin", + "x-pack/test/cloud_integration/plugins/saml_provider" + ], + [ + "@kbn/cloud-links-plugin", + "x-pack/plugins/cloud_integrations/cloud_links" + ], + [ + "@kbn/cloud-plugin", + "x-pack/plugins/cloud" + ], + [ + "@kbn/cloud-security-posture", + "x-pack/solutions/security/packages/kbn-cloud-security-posture/public" + ], + [ + "@kbn/cloud-security-posture-common", + "x-pack/platform/packages/shared/kbn-cloud-security-posture/common" + ], + [ + "@kbn/cloud-security-posture-graph", + "x-pack/solutions/security/packages/kbn-cloud-security-posture/graph" + ], + [ + "@kbn/cloud-security-posture-plugin", + "x-pack/solutions/security/plugins/cloud_security_posture" + ], + [ + "@kbn/code-editor", + "packages/shared-ux/code_editor/impl" + ], + [ + "@kbn/code-editor-mock", + "packages/shared-ux/code_editor/mocks" + ], + [ + "@kbn/code-owners", + "packages/kbn-code-owners" + ], + [ + "@kbn/coloring", + "packages/kbn-coloring" + ], + [ + "@kbn/config", + "packages/kbn-config" + ], + [ + "@kbn/config-mocks", + "packages/kbn-config-mocks" + ], + [ + "@kbn/config-schema", + "packages/kbn-config-schema" + ], + [ + "@kbn/console-plugin", + "src/platform/plugins/shared/console" + ], + [ + "@kbn/content-management-content-editor", + "packages/content-management/content_editor" + ], + [ + "@kbn/content-management-content-insights-public", + "packages/content-management/content_insights/content_insights_public" + ], + [ + "@kbn/content-management-content-insights-server", + "packages/content-management/content_insights/content_insights_server" + ], + [ + "@kbn/content-management-examples-plugin", + "examples/content_management_examples" + ], + [ + "@kbn/content-management-favorites-common", + "packages/content-management/favorites/favorites_common" + ], + [ + "@kbn/content-management-favorites-public", + "packages/content-management/favorites/favorites_public" + ], + [ + "@kbn/content-management-favorites-server", + "packages/content-management/favorites/favorites_server" + ], + [ + "@kbn/content-management-plugin", + "src/plugins/content_management" + ], + [ + "@kbn/content-management-tabbed-table-list-view", + "packages/content-management/tabbed_table_list_view" + ], + [ + "@kbn/content-management-table-list-view", + "packages/content-management/table_list_view" + ], + [ + "@kbn/content-management-table-list-view-common", + "packages/content-management/table_list_view_common" + ], + [ + "@kbn/content-management-table-list-view-table", + "packages/content-management/table_list_view_table" + ], + [ + "@kbn/content-management-user-profiles", + "packages/content-management/user_profiles" + ], + [ + "@kbn/content-management-utils", + "packages/kbn-content-management-utils" + ], + [ + "@kbn/controls-example-plugin", + "examples/controls_example" + ], + [ + "@kbn/controls-plugin", + "src/platform/plugins/shared/controls" + ], + [ + "@kbn/core", + "src/core" + ], + [ + "@kbn/core-analytics-browser", + "src/core/packages/analytics/browser" + ], + [ + "@kbn/core-analytics-browser-internal", + "src/core/packages/analytics/browser-internal" + ], + [ + "@kbn/core-analytics-browser-mocks", + "packages/core/analytics/core-analytics-browser-mocks" + ], + [ + "@kbn/core-analytics-server", + "src/core/packages/analytics/server" + ], + [ + "@kbn/core-analytics-server-internal", + "src/core/packages/analytics/server-internal" + ], + [ + "@kbn/core-analytics-server-mocks", + "packages/core/analytics/core-analytics-server-mocks" + ], + [ + "@kbn/core-app-status-plugin", + "test/plugin_functional/plugins/core_app_status" + ], + [ + "@kbn/core-application-browser", + "src/core/packages/application/browser" + ], + [ + "@kbn/core-application-browser-internal", + "src/core/packages/application/browser-internal" + ], + [ + "@kbn/core-application-browser-mocks", + "packages/core/application/core-application-browser-mocks" + ], + [ + "@kbn/core-application-common", + "src/core/packages/application/common" + ], + [ + "@kbn/core-apps-browser-internal", + "src/core/packages/apps/browser-internal" + ], + [ + "@kbn/core-apps-browser-mocks", + "packages/core/apps/core-apps-browser-mocks" + ], + [ + "@kbn/core-apps-server-internal", + "src/core/packages/apps/server-internal" + ], + [ + "@kbn/core-base-browser-internal", + "src/core/packages/base/browser-internal" + ], + [ + "@kbn/core-base-browser-mocks", + "packages/core/base/core-base-browser-mocks" + ], + [ + "@kbn/core-base-common", + "src/core/packages/base/common" + ], + [ + "@kbn/core-base-common-internal", + "packages/core/base/core-base-common-internal" + ], + [ + "@kbn/core-base-server-internal", + "packages/core/base/core-base-server-internal" + ], + [ + "@kbn/core-base-server-mocks", + "packages/core/base/core-base-server-mocks" + ], + [ + "@kbn/core-capabilities-browser-internal", + "packages/core/capabilities/core-capabilities-browser-internal" + ], + [ + "@kbn/core-capabilities-browser-mocks", + "packages/core/capabilities/core-capabilities-browser-mocks" + ], + [ + "@kbn/core-capabilities-common", + "packages/core/capabilities/core-capabilities-common" + ], + [ + "@kbn/core-capabilities-server", + "packages/core/capabilities/core-capabilities-server" + ], + [ + "@kbn/core-capabilities-server-internal", + "packages/core/capabilities/core-capabilities-server-internal" + ], + [ + "@kbn/core-capabilities-server-mocks", + "packages/core/capabilities/core-capabilities-server-mocks" + ], + [ + "@kbn/core-chrome-browser", + "packages/core/chrome/core-chrome-browser" + ], + [ + "@kbn/core-chrome-browser-internal", + "packages/core/chrome/core-chrome-browser-internal" + ], + [ + "@kbn/core-chrome-browser-mocks", + "packages/core/chrome/core-chrome-browser-mocks" + ], + [ + "@kbn/core-config-server-internal", + "packages/core/config/core-config-server-internal" + ], + [ + "@kbn/core-custom-branding-browser", + "packages/core/custom-branding/core-custom-branding-browser" + ], + [ + "@kbn/core-custom-branding-browser-internal", + "packages/core/custom-branding/core-custom-branding-browser-internal" + ], + [ + "@kbn/core-custom-branding-browser-mocks", + "packages/core/custom-branding/core-custom-branding-browser-mocks" + ], + [ + "@kbn/core-custom-branding-common", + "packages/core/custom-branding/core-custom-branding-common" + ], + [ + "@kbn/core-custom-branding-server", + "packages/core/custom-branding/core-custom-branding-server" + ], + [ + "@kbn/core-custom-branding-server-internal", + "packages/core/custom-branding/core-custom-branding-server-internal" + ], + [ + "@kbn/core-custom-branding-server-mocks", + "packages/core/custom-branding/core-custom-branding-server-mocks" + ], + [ + "@kbn/core-deprecations-browser", + "packages/core/deprecations/core-deprecations-browser" + ], + [ + "@kbn/core-deprecations-browser-internal", + "packages/core/deprecations/core-deprecations-browser-internal" + ], + [ + "@kbn/core-deprecations-browser-mocks", + "packages/core/deprecations/core-deprecations-browser-mocks" + ], + [ + "@kbn/core-deprecations-common", + "packages/core/deprecations/core-deprecations-common" + ], + [ + "@kbn/core-deprecations-server", + "packages/core/deprecations/core-deprecations-server" + ], + [ + "@kbn/core-deprecations-server-internal", + "packages/core/deprecations/core-deprecations-server-internal" + ], + [ + "@kbn/core-deprecations-server-mocks", + "packages/core/deprecations/core-deprecations-server-mocks" + ], + [ + "@kbn/core-doc-links-browser", + "packages/core/doc-links/core-doc-links-browser" + ], + [ + "@kbn/core-doc-links-browser-internal", + "packages/core/doc-links/core-doc-links-browser-internal" + ], + [ + "@kbn/core-doc-links-browser-mocks", + "packages/core/doc-links/core-doc-links-browser-mocks" + ], + [ + "@kbn/core-doc-links-server", + "packages/core/doc-links/core-doc-links-server" + ], + [ + "@kbn/core-doc-links-server-internal", + "packages/core/doc-links/core-doc-links-server-internal" + ], + [ + "@kbn/core-doc-links-server-mocks", + "packages/core/doc-links/core-doc-links-server-mocks" + ], + [ + "@kbn/core-elasticsearch-client-server-internal", + "packages/core/elasticsearch/core-elasticsearch-client-server-internal" + ], + [ + "@kbn/core-elasticsearch-client-server-mocks", + "packages/core/elasticsearch/core-elasticsearch-client-server-mocks" + ], + [ + "@kbn/core-elasticsearch-server", + "packages/core/elasticsearch/core-elasticsearch-server" + ], + [ + "@kbn/core-elasticsearch-server-internal", + "packages/core/elasticsearch/core-elasticsearch-server-internal" + ], + [ + "@kbn/core-elasticsearch-server-mocks", + "packages/core/elasticsearch/core-elasticsearch-server-mocks" + ], + [ + "@kbn/core-environment-server-internal", + "packages/core/environment/core-environment-server-internal" + ], + [ + "@kbn/core-environment-server-mocks", + "packages/core/environment/core-environment-server-mocks" + ], + [ + "@kbn/core-execution-context-browser", + "packages/core/execution-context/core-execution-context-browser" + ], + [ + "@kbn/core-execution-context-browser-internal", + "packages/core/execution-context/core-execution-context-browser-internal" + ], + [ + "@kbn/core-execution-context-browser-mocks", + "packages/core/execution-context/core-execution-context-browser-mocks" + ], + [ + "@kbn/core-execution-context-common", + "packages/core/execution-context/core-execution-context-common" + ], + [ + "@kbn/core-execution-context-server", + "packages/core/execution-context/core-execution-context-server" + ], + [ + "@kbn/core-execution-context-server-internal", + "packages/core/execution-context/core-execution-context-server-internal" + ], + [ + "@kbn/core-execution-context-server-mocks", + "packages/core/execution-context/core-execution-context-server-mocks" + ], + [ + "@kbn/core-fatal-errors-browser", + "packages/core/fatal-errors/core-fatal-errors-browser" + ], + [ + "@kbn/core-fatal-errors-browser-internal", + "packages/core/fatal-errors/core-fatal-errors-browser-internal" + ], + [ + "@kbn/core-fatal-errors-browser-mocks", + "packages/core/fatal-errors/core-fatal-errors-browser-mocks" + ], + [ + "@kbn/core-feature-flags-browser", + "packages/core/feature-flags/core-feature-flags-browser" + ], + [ + "@kbn/core-feature-flags-browser-internal", + "packages/core/feature-flags/core-feature-flags-browser-internal" + ], + [ + "@kbn/core-feature-flags-browser-mocks", + "packages/core/feature-flags/core-feature-flags-browser-mocks" + ], + [ + "@kbn/core-feature-flags-server", + "packages/core/feature-flags/core-feature-flags-server" + ], + [ + "@kbn/core-feature-flags-server-internal", + "packages/core/feature-flags/core-feature-flags-server-internal" + ], + [ + "@kbn/core-feature-flags-server-mocks", + "packages/core/feature-flags/core-feature-flags-server-mocks" + ], + [ + "@kbn/core-history-block-plugin", + "test/plugin_functional/plugins/core_history_block" + ], + [ + "@kbn/core-http-browser", + "packages/core/http/core-http-browser" + ], + [ + "@kbn/core-http-browser-internal", + "packages/core/http/core-http-browser-internal" + ], + [ + "@kbn/core-http-browser-mocks", + "packages/core/http/core-http-browser-mocks" + ], + [ + "@kbn/core-http-common", + "packages/core/http/core-http-common" + ], + [ + "@kbn/core-http-context-server-internal", + "packages/core/http/core-http-context-server-internal" + ], + [ + "@kbn/core-http-context-server-mocks", + "packages/core/http/core-http-context-server-mocks" + ], + [ + "@kbn/core-http-plugin", + "test/plugin_functional/plugins/core_http" + ], + [ + "@kbn/core-http-request-handler-context-server", + "packages/core/http/core-http-request-handler-context-server" + ], + [ + "@kbn/core-http-request-handler-context-server-internal", + "packages/core/http/core-http-request-handler-context-server-internal" + ], + [ + "@kbn/core-http-resources-server", + "packages/core/http/core-http-resources-server" + ], + [ + "@kbn/core-http-resources-server-internal", + "packages/core/http/core-http-resources-server-internal" + ], + [ + "@kbn/core-http-resources-server-mocks", + "packages/core/http/core-http-resources-server-mocks" + ], + [ + "@kbn/core-http-router-server-internal", + "packages/core/http/core-http-router-server-internal" + ], + [ + "@kbn/core-http-router-server-mocks", + "packages/core/http/core-http-router-server-mocks" + ], + [ + "@kbn/core-http-server", + "packages/core/http/core-http-server" + ], + [ + "@kbn/core-http-server-internal", + "packages/core/http/core-http-server-internal" + ], + [ + "@kbn/core-http-server-mocks", + "packages/core/http/core-http-server-mocks" + ], + [ + "@kbn/core-http-server-utils", + "packages/core/http/core-http-server-utils" + ], + [ + "@kbn/core-i18n-browser", + "packages/core/i18n/core-i18n-browser" + ], + [ + "@kbn/core-i18n-browser-internal", + "packages/core/i18n/core-i18n-browser-internal" + ], + [ + "@kbn/core-i18n-browser-mocks", + "packages/core/i18n/core-i18n-browser-mocks" + ], + [ + "@kbn/core-i18n-server", + "packages/core/i18n/core-i18n-server" + ], + [ + "@kbn/core-i18n-server-internal", + "packages/core/i18n/core-i18n-server-internal" + ], + [ + "@kbn/core-i18n-server-mocks", + "packages/core/i18n/core-i18n-server-mocks" + ], + [ + "@kbn/core-injected-metadata-browser-internal", + "packages/core/injected-metadata/core-injected-metadata-browser-internal" + ], + [ + "@kbn/core-injected-metadata-browser-mocks", + "packages/core/injected-metadata/core-injected-metadata-browser-mocks" + ], + [ + "@kbn/core-injected-metadata-common-internal", + "packages/core/injected-metadata/core-injected-metadata-common-internal" + ], + [ + "@kbn/core-integrations-browser-internal", + "packages/core/integrations/core-integrations-browser-internal" + ], + [ + "@kbn/core-integrations-browser-mocks", + "packages/core/integrations/core-integrations-browser-mocks" + ], + [ + "@kbn/core-lifecycle-browser", + "packages/core/lifecycle/core-lifecycle-browser" + ], + [ + "@kbn/core-lifecycle-browser-internal", + "packages/core/lifecycle/core-lifecycle-browser-internal" + ], + [ + "@kbn/core-lifecycle-browser-mocks", + "packages/core/lifecycle/core-lifecycle-browser-mocks" + ], + [ + "@kbn/core-lifecycle-server", + "packages/core/lifecycle/core-lifecycle-server" + ], + [ + "@kbn/core-lifecycle-server-internal", + "packages/core/lifecycle/core-lifecycle-server-internal" + ], + [ + "@kbn/core-lifecycle-server-mocks", + "packages/core/lifecycle/core-lifecycle-server-mocks" + ], + [ + "@kbn/core-logging-browser-internal", + "packages/core/logging/core-logging-browser-internal" + ], + [ + "@kbn/core-logging-browser-mocks", + "packages/core/logging/core-logging-browser-mocks" + ], + [ + "@kbn/core-logging-common-internal", + "packages/core/logging/core-logging-common-internal" + ], + [ + "@kbn/core-logging-server", + "packages/core/logging/core-logging-server" + ], + [ + "@kbn/core-logging-server-internal", + "packages/core/logging/core-logging-server-internal" + ], + [ + "@kbn/core-logging-server-mocks", + "packages/core/logging/core-logging-server-mocks" + ], + [ + "@kbn/core-metrics-collectors-server-internal", + "packages/core/metrics/core-metrics-collectors-server-internal" + ], + [ + "@kbn/core-metrics-collectors-server-mocks", + "packages/core/metrics/core-metrics-collectors-server-mocks" + ], + [ + "@kbn/core-metrics-server", + "packages/core/metrics/core-metrics-server" + ], + [ + "@kbn/core-metrics-server-internal", + "packages/core/metrics/core-metrics-server-internal" + ], + [ + "@kbn/core-metrics-server-mocks", + "packages/core/metrics/core-metrics-server-mocks" + ], + [ + "@kbn/core-mount-utils-browser", + "packages/core/mount-utils/core-mount-utils-browser" + ], + [ + "@kbn/core-mount-utils-browser-internal", + "packages/core/mount-utils/core-mount-utils-browser-internal" + ], + [ + "@kbn/core-node-server", + "packages/core/node/core-node-server" + ], + [ + "@kbn/core-node-server-internal", + "packages/core/node/core-node-server-internal" + ], + [ + "@kbn/core-node-server-mocks", + "packages/core/node/core-node-server-mocks" + ], + [ + "@kbn/core-notifications-browser", + "packages/core/notifications/core-notifications-browser" + ], + [ + "@kbn/core-notifications-browser-internal", + "packages/core/notifications/core-notifications-browser-internal" + ], + [ + "@kbn/core-notifications-browser-mocks", + "packages/core/notifications/core-notifications-browser-mocks" + ], + [ + "@kbn/core-overlays-browser", + "packages/core/overlays/core-overlays-browser" + ], + [ + "@kbn/core-overlays-browser-internal", + "packages/core/overlays/core-overlays-browser-internal" + ], + [ + "@kbn/core-overlays-browser-mocks", + "packages/core/overlays/core-overlays-browser-mocks" + ], + [ + "@kbn/core-plugin-a-plugin", + "test/plugin_functional/plugins/core_plugin_a" + ], + [ + "@kbn/core-plugin-appleave-plugin", + "test/plugin_functional/plugins/core_plugin_appleave" + ], + [ + "@kbn/core-plugin-b-plugin", + "test/plugin_functional/plugins/core_plugin_b" + ], + [ + "@kbn/core-plugin-chromeless-plugin", + "test/plugin_functional/plugins/core_plugin_chromeless" + ], + [ + "@kbn/core-plugin-deep-links-plugin", + "test/plugin_functional/plugins/core_plugin_deep_links" + ], + [ + "@kbn/core-plugin-deprecations-plugin", + "test/plugin_functional/plugins/core_plugin_deprecations" + ], + [ + "@kbn/core-plugin-dynamic-resolving-a", + "test/plugin_functional/plugins/core_dynamic_resolving_a" + ], + [ + "@kbn/core-plugin-dynamic-resolving-b", + "test/plugin_functional/plugins/core_dynamic_resolving_b" + ], + [ + "@kbn/core-plugin-execution-context-plugin", + "test/plugin_functional/plugins/core_plugin_execution_context" + ], + [ + "@kbn/core-plugin-helpmenu-plugin", + "test/plugin_functional/plugins/core_plugin_helpmenu" + ], + [ + "@kbn/core-plugin-initializer-context-plugin", + "test/node_roles_functional/plugins/core_plugin_initializer_context" + ], + [ + "@kbn/core-plugin-route-timeouts-plugin", + "test/plugin_functional/plugins/core_plugin_route_timeouts" + ], + [ + "@kbn/core-plugin-static-assets-plugin", + "test/plugin_functional/plugins/core_plugin_static_assets" + ], + [ + "@kbn/core-plugins-base-server-internal", + "packages/core/plugins/core-plugins-base-server-internal" + ], + [ + "@kbn/core-plugins-browser", + "packages/core/plugins/core-plugins-browser" + ], + [ + "@kbn/core-plugins-browser-internal", + "packages/core/plugins/core-plugins-browser-internal" + ], + [ + "@kbn/core-plugins-browser-mocks", + "packages/core/plugins/core-plugins-browser-mocks" + ], + [ + "@kbn/core-plugins-contracts-browser", + "packages/core/plugins/core-plugins-contracts-browser" + ], + [ + "@kbn/core-plugins-contracts-server", + "packages/core/plugins/core-plugins-contracts-server" + ], + [ + "@kbn/core-plugins-server", + "packages/core/plugins/core-plugins-server" + ], + [ + "@kbn/core-plugins-server-internal", + "packages/core/plugins/core-plugins-server-internal" + ], + [ + "@kbn/core-plugins-server-mocks", + "packages/core/plugins/core-plugins-server-mocks" + ], + [ + "@kbn/core-preboot-server", + "packages/core/preboot/core-preboot-server" + ], + [ + "@kbn/core-preboot-server-internal", + "packages/core/preboot/core-preboot-server-internal" + ], + [ + "@kbn/core-preboot-server-mocks", + "packages/core/preboot/core-preboot-server-mocks" + ], + [ + "@kbn/core-provider-plugin", + "test/plugin_functional/plugins/core_provider_plugin" + ], + [ + "@kbn/core-rendering-browser", + "packages/core/rendering/core-rendering-browser" + ], + [ + "@kbn/core-rendering-browser-internal", + "packages/core/rendering/core-rendering-browser-internal" + ], + [ + "@kbn/core-rendering-browser-mocks", + "packages/core/rendering/core-rendering-browser-mocks" + ], + [ + "@kbn/core-rendering-server-internal", + "packages/core/rendering/core-rendering-server-internal" + ], + [ + "@kbn/core-rendering-server-mocks", + "packages/core/rendering/core-rendering-server-mocks" + ], + [ + "@kbn/core-root-browser-internal", + "packages/core/root/core-root-browser-internal" + ], + [ + "@kbn/core-root-server-internal", + "packages/core/root/core-root-server-internal" + ], + [ + "@kbn/core-saved-objects-api-browser", + "packages/core/saved-objects/core-saved-objects-api-browser" + ], + [ + "@kbn/core-saved-objects-api-server", + "packages/core/saved-objects/core-saved-objects-api-server" + ], + [ + "@kbn/core-saved-objects-api-server-internal", + "packages/core/saved-objects/core-saved-objects-api-server-internal" + ], + [ + "@kbn/core-saved-objects-api-server-mocks", + "packages/core/saved-objects/core-saved-objects-api-server-mocks" + ], + [ + "@kbn/core-saved-objects-base-server-internal", + "packages/core/saved-objects/core-saved-objects-base-server-internal" + ], + [ + "@kbn/core-saved-objects-base-server-mocks", + "packages/core/saved-objects/core-saved-objects-base-server-mocks" + ], + [ + "@kbn/core-saved-objects-browser", + "packages/core/saved-objects/core-saved-objects-browser" + ], + [ + "@kbn/core-saved-objects-browser-internal", + "packages/core/saved-objects/core-saved-objects-browser-internal" + ], + [ + "@kbn/core-saved-objects-browser-mocks", + "packages/core/saved-objects/core-saved-objects-browser-mocks" + ], + [ + "@kbn/core-saved-objects-common", + "packages/core/saved-objects/core-saved-objects-common" + ], + [ + "@kbn/core-saved-objects-import-export-server-internal", + "packages/core/saved-objects/core-saved-objects-import-export-server-internal" + ], + [ + "@kbn/core-saved-objects-import-export-server-mocks", + "packages/core/saved-objects/core-saved-objects-import-export-server-mocks" + ], + [ + "@kbn/core-saved-objects-migration-server-internal", + "packages/core/saved-objects/core-saved-objects-migration-server-internal" + ], + [ + "@kbn/core-saved-objects-migration-server-mocks", + "packages/core/saved-objects/core-saved-objects-migration-server-mocks" + ], + [ + "@kbn/core-saved-objects-server", + "packages/core/saved-objects/core-saved-objects-server" + ], + [ + "@kbn/core-saved-objects-server-internal", + "packages/core/saved-objects/core-saved-objects-server-internal" + ], + [ + "@kbn/core-saved-objects-server-mocks", + "packages/core/saved-objects/core-saved-objects-server-mocks" + ], + [ + "@kbn/core-saved-objects-utils-server", + "packages/core/saved-objects/core-saved-objects-utils-server" + ], + [ + "@kbn/core-security-browser", + "packages/core/security/core-security-browser" + ], + [ + "@kbn/core-security-browser-internal", + "packages/core/security/core-security-browser-internal" + ], + [ + "@kbn/core-security-browser-mocks", + "packages/core/security/core-security-browser-mocks" + ], + [ + "@kbn/core-security-common", + "packages/core/security/core-security-common" + ], + [ + "@kbn/core-security-server", + "packages/core/security/core-security-server" + ], + [ + "@kbn/core-security-server-internal", + "packages/core/security/core-security-server-internal" + ], + [ + "@kbn/core-security-server-mocks", + "packages/core/security/core-security-server-mocks" + ], + [ + "@kbn/core-status-common", + "packages/core/status/core-status-common" + ], + [ + "@kbn/core-status-server", + "packages/core/status/core-status-server" + ], + [ + "@kbn/core-status-server-internal", + "packages/core/status/core-status-server-internal" + ], + [ + "@kbn/core-status-server-mocks", + "packages/core/status/core-status-server-mocks" + ], + [ + "@kbn/core-test-helpers-deprecations-getters", + "packages/core/test-helpers/core-test-helpers-deprecations-getters" + ], + [ + "@kbn/core-test-helpers-http-setup-browser", + "packages/core/test-helpers/core-test-helpers-http-setup-browser" + ], + [ + "@kbn/core-test-helpers-kbn-server", + "packages/core/test-helpers/core-test-helpers-kbn-server" + ], + [ + "@kbn/core-test-helpers-model-versions", + "packages/core/test-helpers/core-test-helpers-model-versions" + ], + [ + "@kbn/core-test-helpers-so-type-serializer", + "packages/core/test-helpers/core-test-helpers-so-type-serializer" + ], + [ + "@kbn/core-test-helpers-test-utils", + "packages/core/test-helpers/core-test-helpers-test-utils" + ], + [ + "@kbn/core-theme-browser", + "packages/core/theme/core-theme-browser" + ], + [ + "@kbn/core-theme-browser-internal", + "packages/core/theme/core-theme-browser-internal" + ], + [ + "@kbn/core-theme-browser-mocks", + "packages/core/theme/core-theme-browser-mocks" + ], + [ + "@kbn/core-ui-settings-browser", + "packages/core/ui-settings/core-ui-settings-browser" + ], + [ + "@kbn/core-ui-settings-browser-internal", + "packages/core/ui-settings/core-ui-settings-browser-internal" + ], + [ + "@kbn/core-ui-settings-browser-mocks", + "packages/core/ui-settings/core-ui-settings-browser-mocks" + ], + [ + "@kbn/core-ui-settings-common", + "packages/core/ui-settings/core-ui-settings-common" + ], + [ + "@kbn/core-ui-settings-server", + "packages/core/ui-settings/core-ui-settings-server" + ], + [ + "@kbn/core-ui-settings-server-internal", + "packages/core/ui-settings/core-ui-settings-server-internal" + ], + [ + "@kbn/core-ui-settings-server-mocks", + "packages/core/ui-settings/core-ui-settings-server-mocks" + ], + [ + "@kbn/core-usage-data-base-server-internal", + "packages/core/usage-data/core-usage-data-base-server-internal" + ], + [ + "@kbn/core-usage-data-server", + "packages/core/usage-data/core-usage-data-server" + ], + [ + "@kbn/core-usage-data-server-internal", + "packages/core/usage-data/core-usage-data-server-internal" + ], + [ + "@kbn/core-usage-data-server-mocks", + "packages/core/usage-data/core-usage-data-server-mocks" + ], + [ + "@kbn/core-user-profile-browser", + "packages/core/user-profile/core-user-profile-browser" + ], + [ + "@kbn/core-user-profile-browser-internal", + "packages/core/user-profile/core-user-profile-browser-internal" + ], + [ + "@kbn/core-user-profile-browser-mocks", + "packages/core/user-profile/core-user-profile-browser-mocks" + ], + [ + "@kbn/core-user-profile-common", + "packages/core/user-profile/core-user-profile-common" + ], + [ + "@kbn/core-user-profile-server", + "packages/core/user-profile/core-user-profile-server" + ], + [ + "@kbn/core-user-profile-server-internal", + "packages/core/user-profile/core-user-profile-server-internal" + ], + [ + "@kbn/core-user-profile-server-mocks", + "packages/core/user-profile/core-user-profile-server-mocks" + ], + [ + "@kbn/core-user-settings-server", + "packages/core/user-settings/core-user-settings-server" + ], + [ + "@kbn/core-user-settings-server-internal", + "packages/core/user-settings/core-user-settings-server-internal" + ], + [ + "@kbn/core-user-settings-server-mocks", + "packages/core/user-settings/core-user-settings-server-mocks" + ], + [ + "@kbn/cross-cluster-replication-plugin", + "x-pack/platform/plugins/private/cross_cluster_replication" + ], + [ + "@kbn/crypto", + "packages/kbn-crypto" + ], + [ + "@kbn/crypto-browser", + "packages/kbn-crypto-browser" + ], + [ + "@kbn/custom-branding-plugin", + "x-pack/plugins/custom_branding" + ], + [ + "@kbn/custom-icons", + "src/platform/packages/shared/kbn-custom-icons" + ], + [ + "@kbn/custom-integrations", + "x-pack/solutions/observability/packages/kbn-custom-integrations" + ], + [ + "@kbn/custom-integrations-plugin", + "src/platform/plugins/shared/custom_integrations" + ], + [ + "@kbn/cypress-config", + "packages/kbn-cypress-config" + ], + [ + "@kbn/dashboard-enhanced-plugin", + "x-pack/platform/plugins/shared/dashboard_enhanced" + ], + [ + "@kbn/dashboard-plugin", + "src/platform/plugins/shared/dashboard" + ], + [ + "@kbn/data-forge", + "x-pack/platform/packages/shared/kbn-data-forge" + ], + [ + "@kbn/data-plugin", + "src/plugins/data" + ], + [ + "@kbn/data-quality-plugin", + "x-pack/platform/plugins/shared/data_quality" + ], + [ + "@kbn/data-search-plugin", + "test/plugin_functional/plugins/data_search" + ], + [ + "@kbn/data-service", + "packages/kbn-data-service" + ], + [ + "@kbn/data-stream-adapter", + "x-pack/solutions/security/packages/data-stream-adapter" + ], + [ + "@kbn/data-usage-plugin", + "x-pack/platform/plugins/private/data_usage" + ], + [ + "@kbn/data-view-editor-plugin", + "src/plugins/data_view_editor" + ], + [ + "@kbn/data-view-field-editor-example-plugin", + "examples/data_view_field_editor_example" + ], + [ + "@kbn/data-view-field-editor-plugin", + "src/plugins/data_view_field_editor" + ], + [ + "@kbn/data-view-management-plugin", + "src/plugins/data_view_management" + ], + [ + "@kbn/data-view-utils", + "packages/kbn-data-view-utils" + ], + [ + "@kbn/data-views-plugin", + "src/plugins/data_views" + ], + [ + "@kbn/data-visualizer-plugin", + "x-pack/platform/plugins/private/data_visualizer" + ], + [ + "@kbn/dataset-quality-plugin", + "x-pack/platform/plugins/shared/dataset_quality" + ], + [ + "@kbn/datemath", + "packages/kbn-datemath" + ], + [ + "@kbn/deeplinks-analytics", + "packages/deeplinks/analytics" + ], + [ + "@kbn/deeplinks-devtools", + "src/platform/packages/shared/deeplinks/devtools" + ], + [ + "@kbn/deeplinks-fleet", + "src/platform/packages/shared/deeplinks/fleet" + ], + [ + "@kbn/deeplinks-management", + "src/platform/packages/shared/deeplinks/management" + ], + [ + "@kbn/deeplinks-ml", + "src/platform/packages/shared/deeplinks/ml" + ], + [ + "@kbn/deeplinks-observability", + "src/platform/packages/shared/deeplinks/observability" + ], + [ + "@kbn/deeplinks-search", + "packages/deeplinks/search" + ], + [ + "@kbn/deeplinks-security", + "src/platform/packages/shared/deeplinks/security" + ], + [ + "@kbn/deeplinks-shared", + "packages/deeplinks/shared" + ], + [ + "@kbn/default-nav-analytics", + "packages/default-nav/analytics" + ], + [ + "@kbn/default-nav-devtools", + "src/platform/packages/private/default-nav/devtools" + ], + [ + "@kbn/default-nav-management", + "src/platform/packages/private/default-nav/management" + ], + [ + "@kbn/default-nav-ml", + "src/platform/packages/private/default-nav/ml" + ], + [ + "@kbn/dependency-ownership", + "packages/kbn-dependency-ownership" + ], + [ + "@kbn/dependency-usage", + "packages/kbn-dependency-usage" + ], + [ + "@kbn/dev-cli-errors", + "packages/kbn-dev-cli-errors" + ], + [ + "@kbn/dev-cli-runner", + "packages/kbn-dev-cli-runner" + ], + [ + "@kbn/dev-proc-runner", + "packages/kbn-dev-proc-runner" + ], + [ + "@kbn/dev-tools-plugin", + "src/platform/plugins/shared/dev_tools" + ], + [ + "@kbn/dev-utils", + "packages/kbn-dev-utils" + ], + [ + "@kbn/developer-examples-plugin", + "examples/developer_examples" + ], + [ + "@kbn/discover-contextual-components", + "src/platform/packages/shared/kbn-discover-contextual-components" + ], + [ + "@kbn/discover-customization-examples-plugin", + "examples/discover_customization_examples" + ], + [ + "@kbn/discover-enhanced-plugin", + "x-pack/plugins/discover_enhanced" + ], + [ + "@kbn/discover-plugin", + "src/plugins/discover" + ], + [ + "@kbn/discover-shared-plugin", + "src/plugins/discover_shared" + ], + [ + "@kbn/discover-utils", + "packages/kbn-discover-utils" + ], + [ + "@kbn/doc-links", + "src/platform/packages/shared/kbn-doc-links" + ], + [ + "@kbn/docs-utils", + "packages/kbn-docs-utils" + ], + [ + "@kbn/dom-drag-drop", + "packages/kbn-dom-drag-drop" + ], + [ + "@kbn/ebt-tools", + "packages/kbn-ebt-tools" + ], + [ + "@kbn/ecs-data-quality-dashboard", + "x-pack/solutions/security/packages/ecs_data_quality_dashboard" + ], + [ + "@kbn/ecs-data-quality-dashboard-plugin", + "x-pack/solutions/security/plugins/ecs_data_quality_dashboard" + ], + [ + "@kbn/elastic-agent-utils", + "src/platform/packages/shared/kbn-elastic-agent-utils" + ], + [ + "@kbn/elastic-assistant", + "x-pack/platform/packages/shared/kbn-elastic-assistant" + ], + [ + "@kbn/elastic-assistant-common", + "x-pack/platform/packages/shared/kbn-elastic-assistant-common" + ], + [ + "@kbn/elastic-assistant-plugin", + "x-pack/solutions/security/plugins/elastic_assistant" + ], + [ + "@kbn/elasticsearch-client-plugin", + "test/plugin_functional/plugins/elasticsearch_client_plugin" + ], + [ + "@kbn/elasticsearch-client-xpack-plugin", + "x-pack/test/plugin_api_integration/plugins/elasticsearch_client" + ], + [ + "@kbn/embeddable-enhanced-plugin", + "x-pack/platform/plugins/shared/embeddable_enhanced" + ], + [ + "@kbn/embeddable-examples-plugin", + "examples/embeddable_examples" + ], + [ + "@kbn/embeddable-plugin", + "src/platform/plugins/shared/embeddable" + ], + [ + "@kbn/embedded-lens-example-plugin", + "x-pack/examples/embedded_lens_example" + ], + [ + "@kbn/encrypted-saved-objects-plugin", + "x-pack/plugins/encrypted_saved_objects" + ], + [ + "@kbn/enterprise-search-plugin", + "x-pack/plugins/enterprise_search" + ], + [ + "@kbn/entities-data-access-plugin", + "x-pack/solutions/observability/plugins/observability_solution/entities_data_access" + ], + [ + "@kbn/entities-schema", + "x-pack/platform/packages/shared/kbn-entities-schema" + ], + [ + "@kbn/entity-manager-fixture-plugin", + "x-pack/test/api_integration/apis/entity_manager/fixture_plugin" + ], + [ + "@kbn/entityManager-app-plugin", + "x-pack/solutions/observability/plugins/observability_solution/entity_manager_app" + ], + [ + "@kbn/entityManager-plugin", + "x-pack/platform/plugins/shared/entity_manager" + ], + [ + "@kbn/error-boundary-example-plugin", + "examples/error_boundary" + ], + [ + "@kbn/es", + "packages/kbn-es" + ], + [ + "@kbn/es-archiver", + "packages/kbn-es-archiver" + ], + [ + "@kbn/es-errors", + "packages/kbn-es-errors" + ], + [ + "@kbn/es-query", + "packages/kbn-es-query" + ], + [ + "@kbn/es-types", + "packages/kbn-es-types" + ], + [ + "@kbn/es-ui-shared-plugin", + "src/platform/plugins/shared/es_ui_shared" + ], + [ + "@kbn/eslint-config", + "packages/kbn-eslint-config" + ], + [ + "@kbn/eslint-plugin-css", + "packages/kbn-eslint-plugin-css" + ], + [ + "@kbn/eslint-plugin-disable", + "packages/kbn-eslint-plugin-disable" + ], + [ + "@kbn/eslint-plugin-eslint", + "packages/kbn-eslint-plugin-eslint" + ], + [ + "@kbn/eslint-plugin-i18n", + "packages/kbn-eslint-plugin-i18n" + ], + [ + "@kbn/eslint-plugin-imports", + "packages/kbn-eslint-plugin-imports" + ], + [ + "@kbn/eslint-plugin-telemetry", + "packages/kbn-eslint-plugin-telemetry" + ], + [ + "@kbn/eso-model-version-example", + "examples/eso_model_version_example" + ], + [ + "@kbn/eso-plugin", + "x-pack/test/encrypted_saved_objects_api_integration/plugins/api_consumer_plugin" + ], + [ + "@kbn/esql", + "src/platform/plugins/shared/esql" + ], + [ + "@kbn/esql-ast", + "src/platform/packages/shared/kbn-esql-ast" + ], + [ + "@kbn/esql-ast-inspector-plugin", + "examples/esql_ast_inspector" + ], + [ + "@kbn/esql-datagrid", + "src/platform/plugins/shared/esql_datagrid" + ], + [ + "@kbn/esql-editor", + "src/platform/packages/private/kbn-esql-editor" + ], + [ + "@kbn/esql-utils", + "src/platform/packages/shared/kbn-esql-utils" + ], + [ + "@kbn/esql-validation-autocomplete", + "src/platform/packages/shared/kbn-esql-validation-autocomplete" + ], + [ + "@kbn/esql-validation-example-plugin", + "examples/esql_validation_example" + ], + [ + "@kbn/eui-provider-dev-warning", + "test/plugin_functional/plugins/eui_provider_dev_warning" + ], + [ + "@kbn/event-annotation-common", + "packages/kbn-event-annotation-common" + ], + [ + "@kbn/event-annotation-components", + "packages/kbn-event-annotation-components" + ], + [ + "@kbn/event-annotation-listing-plugin", + "src/plugins/event_annotation_listing" + ], + [ + "@kbn/event-annotation-plugin", + "src/plugins/event_annotation" + ], + [ + "@kbn/event-log-fixture-plugin", + "x-pack/test/plugin_api_integration/plugins/event_log" + ], + [ + "@kbn/event-log-plugin", + "x-pack/platform/plugins/shared/event_log" + ], + [ + "@kbn/expandable-flyout", + "x-pack/solutions/security/packages/expandable-flyout" + ], + [ + "@kbn/expect", + "packages/kbn-expect" + ], + [ + "@kbn/exploratory-view-example-plugin", + "x-pack/examples/exploratory_view_example" + ], + [ + "@kbn/exploratory-view-plugin", + "x-pack/solutions/observability/plugins/exploratory_view" + ], + [ + "@kbn/expression-error-plugin", + "src/platform/plugins/shared/expression_error" + ], + [ + "@kbn/expression-gauge-plugin", + "src/plugins/chart_expressions/expression_gauge" + ], + [ + "@kbn/expression-heatmap-plugin", + "src/plugins/chart_expressions/expression_heatmap" + ], + [ + "@kbn/expression-image-plugin", + "src/platform/plugins/shared/expression_image" + ], + [ + "@kbn/expression-legacy-metric-vis-plugin", + "src/plugins/chart_expressions/expression_legacy_metric" + ], + [ + "@kbn/expression-metric-plugin", + "src/platform/plugins/shared/expression_metric" + ], + [ + "@kbn/expression-metric-vis-plugin", + "src/plugins/chart_expressions/expression_metric" + ], + [ + "@kbn/expression-partition-vis-plugin", + "src/plugins/chart_expressions/expression_partition_vis" + ], + [ + "@kbn/expression-repeat-image-plugin", + "src/platform/plugins/shared/expression_repeat_image" + ], + [ + "@kbn/expression-reveal-image-plugin", + "src/platform/plugins/shared/expression_reveal_image" + ], + [ + "@kbn/expression-shape-plugin", + "src/platform/plugins/shared/expression_shape" + ], + [ + "@kbn/expression-tagcloud-plugin", + "src/plugins/chart_expressions/expression_tagcloud" + ], + [ + "@kbn/expression-xy-plugin", + "src/plugins/chart_expressions/expression_xy" + ], + [ + "@kbn/expressions-explorer-plugin", + "examples/expressions_explorer" + ], + [ + "@kbn/expressions-plugin", + "src/plugins/expressions" + ], + [ + "@kbn/failed-test-reporter-cli", + "packages/kbn-failed-test-reporter-cli" + ], + [ + "@kbn/feature-controls-examples-plugin", + "examples/feature_control_examples" + ], + [ + "@kbn/feature-flags-example-plugin", + "examples/feature_flags_example" + ], + [ + "@kbn/feature-usage-test-plugin", + "x-pack/test/plugin_api_integration/plugins/feature_usage_test" + ], + [ + "@kbn/features-plugin", + "x-pack/plugins/features" + ], + [ + "@kbn/features-provider-plugin", + "x-pack/test/security_api_integration/plugins/features_provider" + ], + [ + "@kbn/fec-alerts-test-plugin", + "x-pack/test/functional_execution_context/plugins/alerts" + ], + [ + "@kbn/field-formats-example-plugin", + "examples/field_formats_example" + ], + [ + "@kbn/field-formats-plugin", + "src/plugins/field_formats" + ], + [ + "@kbn/field-types", + "packages/kbn-field-types" + ], + [ + "@kbn/field-utils", + "packages/kbn-field-utils" + ], + [ + "@kbn/fields-metadata-plugin", + "x-pack/platform/plugins/shared/fields_metadata" + ], + [ + "@kbn/file-upload-plugin", + "x-pack/platform/plugins/private/file_upload" + ], + [ + "@kbn/files-example-plugin", + "examples/files_example" + ], + [ + "@kbn/files-management-plugin", + "src/plugins/files_management" + ], + [ + "@kbn/files-plugin", + "src/plugins/files" + ], + [ + "@kbn/find-used-node-modules", + "packages/kbn-find-used-node-modules" + ], + [ + "@kbn/fleet-plugin", + "x-pack/platform/plugins/shared/fleet" + ], + [ + "@kbn/flot-charts", + "src/platform/packages/shared/kbn-flot-charts" + ], + [ + "@kbn/foo-plugin", + "x-pack/test/ui_capabilities/common/plugins/foo_plugin" + ], + [ + "@kbn/formatters", + "packages/kbn-formatters" + ], + [ + "@kbn/ftr-apis-plugin", + "src/plugins/ftr_apis" + ], + [ + "@kbn/ftr-common-functional-services", + "packages/kbn-ftr-common-functional-services" + ], + [ + "@kbn/ftr-common-functional-ui-services", + "packages/kbn-ftr-common-functional-ui-services" + ], + [ + "@kbn/ftr-screenshot-filename", + "packages/kbn-ftr-screenshot-filename" + ], + [ + "@kbn/functional-with-es-ssl-cases-test-plugin", + "x-pack/test/functional_with_es_ssl/plugins/cases" + ], + [ + "@kbn/gen-ai-functional-testing", + "packages/kbn-gen-ai-functional-testing" + ], + [ + "@kbn/gen-ai-streaming-response-example-plugin", + "x-pack/examples/gen_ai_streaming_response_example" + ], + [ + "@kbn/generate", + "packages/kbn-generate" + ], + [ + "@kbn/generate-console-definitions", + "packages/kbn-generate-console-definitions" + ], + [ + "@kbn/generate-csv", + "packages/kbn-generate-csv" + ], + [ + "@kbn/get-repo-files", + "packages/kbn-get-repo-files" + ], + [ + "@kbn/global-search-bar-plugin", + "x-pack/plugins/global_search_bar" + ], + [ + "@kbn/global-search-plugin", + "x-pack/plugins/global_search" + ], + [ + "@kbn/global-search-providers-plugin", + "x-pack/plugins/global_search_providers" + ], + [ + "@kbn/global-search-test-plugin", + "x-pack/test/plugin_functional/plugins/global_search_test" + ], + [ + "@kbn/graph-plugin", + "x-pack/plugins/graph" + ], + [ + "@kbn/grid-example-plugin", + "examples/grid_example" + ], + [ + "@kbn/grid-layout", + "packages/kbn-grid-layout" + ], + [ + "@kbn/grokdebugger-plugin", + "x-pack/platform/plugins/private/grokdebugger" + ], + [ + "@kbn/grouping", + "src/platform/packages/shared/kbn-grouping" + ], + [ + "@kbn/guided-onboarding", + "packages/kbn-guided-onboarding" + ], + [ + "@kbn/guided-onboarding-example-plugin", + "examples/guided_onboarding_example" + ], + [ + "@kbn/guided-onboarding-plugin", + "src/plugins/guided_onboarding" + ], + [ + "@kbn/handlebars", + "packages/kbn-handlebars" + ], + [ + "@kbn/hapi-mocks", + "packages/kbn-hapi-mocks" + ], + [ + "@kbn/hardening-plugin", + "test/plugin_functional/plugins/hardening" + ], + [ + "@kbn/health-gateway-server", + "packages/kbn-health-gateway-server" + ], + [ + "@kbn/hello-world-plugin", + "examples/hello_world" + ], + [ + "@kbn/home-plugin", + "src/plugins/home" + ], + [ + "@kbn/home-sample-data-card", + "packages/home/sample_data_card" + ], + [ + "@kbn/home-sample-data-tab", + "packages/home/sample_data_tab" + ], + [ + "@kbn/home-sample-data-types", + "packages/home/sample_data_types" + ], + [ + "@kbn/i18n", + "packages/kbn-i18n" + ], + [ + "@kbn/i18n-react", + "packages/kbn-i18n-react" + ], + [ + "@kbn/iframe-embedded-plugin", + "x-pack/test/functional_embedded/plugins/iframe_embedded" + ], + [ + "@kbn/image-embeddable-plugin", + "src/plugins/image_embeddable" + ], + [ + "@kbn/import-locator", + "packages/kbn-import-locator" + ], + [ + "@kbn/import-resolver", + "packages/kbn-import-resolver" + ], + [ + "@kbn/index-adapter", + "x-pack/solutions/security/packages/index-adapter" + ], + [ + "@kbn/index-lifecycle-management-common-shared", + "x-pack/platform/packages/shared/index-lifecycle-management/index_lifecycle_management_common_shared" + ], + [ + "@kbn/index-lifecycle-management-plugin", + "x-pack/platform/plugins/private/index_lifecycle_management" + ], + [ + "@kbn/index-management-plugin", + "x-pack/platform/plugins/shared/index_management" + ], + [ + "@kbn/index-management-shared-types", + "x-pack/platform/packages/shared/index-management/index_management_shared_types" + ], + [ + "@kbn/index-patterns-test-plugin", + "test/plugin_functional/plugins/index_patterns" + ], + [ + "@kbn/inference_integration_flyout", + "x-pack/platform/packages/private/ml/inference_integration_flyout" + ], + [ + "@kbn/inference-common", + "x-pack/platform/packages/shared/ai-infra/inference-common" + ], + [ + "@kbn/inference-endpoint-ui-common", + "x-pack/platform/packages/shared/kbn-inference-endpoint-ui-common" + ], + [ + "@kbn/inference-plugin", + "x-pack/platform/plugins/shared/inference" + ], + [ + "@kbn/infra-forge", + "x-pack/platform/packages/private/kbn-infra-forge" + ], + [ + "@kbn/infra-plugin", + "x-pack/solutions/observability/plugins/infra" + ], + [ + "@kbn/ingest-pipelines-plugin", + "x-pack/platform/plugins/shared/ingest_pipelines" + ], + [ + "@kbn/input-control-vis-plugin", + "src/platform/plugins/private/input_control_vis" + ], + [ + "@kbn/inspector-plugin", + "src/platform/plugins/shared/inspector" + ], + [ + "@kbn/integration-assistant-plugin", + "x-pack/platform/plugins/shared/integration_assistant" + ], + [ + "@kbn/interactive-setup-plugin", + "src/plugins/interactive_setup" + ], + [ + "@kbn/interactive-setup-test-endpoints-plugin", + "test/interactive_setup_api_integration/plugins/test_endpoints" + ], + [ + "@kbn/interpreter", + "packages/kbn-interpreter" + ], + [ + "@kbn/inventory-e2e", + "x-pack/plugins/observability_solution/inventory/e2e" + ], + [ + "@kbn/inventory-plugin", + "x-pack/plugins/observability_solution/inventory" + ], + [ + "@kbn/investigate-app-plugin", + "x-pack/solutions/observability/plugins/investigate_app" + ], + [ + "@kbn/investigate-plugin", + "x-pack/solutions/observability/plugins/investigate" + ], + [ + "@kbn/investigation-shared", + "x-pack/solutions/observability/packages/kbn-investigation-shared" + ], + [ + "@kbn/io-ts-utils", + "src/platform/packages/shared/kbn-io-ts-utils" + ], + [ + "@kbn/ipynb", + "packages/kbn-ipynb" + ], + [ + "@kbn/item-buffer", + "packages/kbn-item-buffer" + ], + [ + "@kbn/jest-serializers", + "packages/kbn-jest-serializers" + ], + [ + "@kbn/journeys", + "packages/kbn-journeys" + ], + [ + "@kbn/json-ast", + "packages/kbn-json-ast" + ], + [ + "@kbn/json-schemas", + "x-pack/platform/packages/private/ml/json_schemas" + ], + [ + "@kbn/kbn-health-gateway-status-plugin", + "test/health_gateway/plugins/status" + ], + [ + "@kbn/kbn-sample-panel-action-plugin", + "test/plugin_functional/plugins/kbn_sample_panel_action" + ], + [ + "@kbn/kbn-top-nav-plugin", + "test/plugin_functional/plugins/kbn_top_nav" + ], + [ + "@kbn/kbn-tp-custom-visualizations-plugin", + "test/plugin_functional/plugins/kbn_tp_custom_visualizations" + ], + [ + "@kbn/kbn-tp-run-pipeline-plugin", + "test/interpreter_functional/plugins/kbn_tp_run_pipeline" + ], + [ + "@kbn/kibana-cors-test-plugin", + "x-pack/test/functional_cors/plugins/kibana_cors_test" + ], + [ + "@kbn/kibana-manifest-schema", + "packages/kbn-kibana-manifest-schema" + ], + [ + "@kbn/kibana-overview-plugin", + "src/plugins/kibana_overview" + ], + [ + "@kbn/kibana-react-plugin", + "src/plugins/kibana_react" + ], + [ + "@kbn/kibana-usage-collection-plugin", + "src/plugins/kibana_usage_collection" + ], + [ + "@kbn/kibana-utils-plugin", + "src/plugins/kibana_utils" + ], + [ + "@kbn/kubernetes-security-plugin", + "x-pack/solutions/security/plugins/kubernetes_security" + ], + [ + "@kbn/langchain", + "x-pack/platform/packages/shared/kbn-langchain" + ], + [ + "@kbn/language-documentation", + "src/platform/packages/private/kbn-language-documentation" + ], + [ + "@kbn/lens-config-builder-example-plugin", + "x-pack/examples/lens_config_builder_example" + ], + [ + "@kbn/lens-embeddable-utils", + "packages/kbn-lens-embeddable-utils" + ], + [ + "@kbn/lens-formula-docs", + "packages/kbn-lens-formula-docs" + ], + [ + "@kbn/lens-inline-editing-example-plugin", + "x-pack/examples/lens_embeddable_inline_editing_example" + ], + [ + "@kbn/lens-plugin", + "x-pack/plugins/lens" + ], + [ + "@kbn/license-api-guard-plugin", + "x-pack/platform/plugins/private/license_api_guard" + ], + [ + "@kbn/license-management-plugin", + "x-pack/platform/plugins/shared/license_management" + ], + [ + "@kbn/licensing-plugin", + "x-pack/plugins/licensing" + ], + [ + "@kbn/links-plugin", + "src/platform/plugins/private/links" + ], + [ + "@kbn/lint-packages-cli", + "packages/kbn-lint-packages-cli" + ], + [ + "@kbn/lint-ts-projects-cli", + "packages/kbn-lint-ts-projects-cli" + ], + [ + "@kbn/lists-plugin", + "x-pack/solutions/security/plugins/lists" + ], + [ + "@kbn/llm-tasks-plugin", + "x-pack/platform/plugins/shared/ai_infra/llm_tasks" + ], + [ + "@kbn/locator-examples-plugin", + "examples/locator_examples" + ], + [ + "@kbn/locator-explorer-plugin", + "examples/locator_explorer" + ], + [ + "@kbn/logging", + "packages/kbn-logging" + ], + [ + "@kbn/logging-mocks", + "packages/kbn-logging-mocks" + ], + [ + "@kbn/logs-data-access-plugin", + "x-pack/platform/plugins/shared/logs_data_access" + ], + [ + "@kbn/logs-explorer-plugin", + "x-pack/solutions/observability/plugins/logs_explorer" + ], + [ + "@kbn/logs-shared-plugin", + "x-pack/platform/plugins/shared/logs_shared" + ], + [ + "@kbn/logstash-plugin", + "x-pack/platform/plugins/private/logstash" + ], + [ + "@kbn/managed-content-badge", + "packages/kbn-managed-content-badge" + ], + [ + "@kbn/managed-vscode-config", + "packages/kbn-managed-vscode-config" + ], + [ + "@kbn/managed-vscode-config-cli", + "packages/kbn-managed-vscode-config-cli" + ], + [ + "@kbn/management-cards-navigation", + "src/platform/packages/shared/kbn-management/cards_navigation" + ], + [ + "@kbn/management-plugin", + "src/platform/plugins/shared/management" + ], + [ + "@kbn/management-settings-application", + "src/platform/packages/private/kbn-management/settings/application" + ], + [ + "@kbn/management-settings-components-field-category", + "src/platform/packages/private/kbn-management/settings/components/field_category" + ], + [ + "@kbn/management-settings-components-field-input", + "src/platform/packages/shared/kbn-management/settings/components/field_input" + ], + [ + "@kbn/management-settings-components-field-row", + "src/platform/packages/shared/kbn-management/settings/components/field_row" + ], + [ + "@kbn/management-settings-components-form", + "src/platform/packages/private/kbn-management/settings/components/form" + ], + [ + "@kbn/management-settings-field-definition", + "src/platform/packages/shared/kbn-management/settings/field_definition" + ], + [ + "@kbn/management-settings-ids", + "packages/kbn-management/settings/setting_ids" + ], + [ + "@kbn/management-settings-section-registry", + "packages/kbn-management/settings/section_registry" + ], + [ + "@kbn/management-settings-types", + "src/platform/packages/shared/kbn-management/settings/types" + ], + [ + "@kbn/management-settings-utilities", + "src/platform/packages/shared/kbn-management/settings/utilities" + ], + [ + "@kbn/management-storybook-config", + "packages/kbn-management/storybook/config" + ], + [ + "@kbn/management-test-plugin", + "test/plugin_functional/plugins/management_test_plugin" + ], + [ + "@kbn/manifest", + "packages/kbn-manifest" + ], + [ + "@kbn/mapbox-gl", + "src/platform/packages/private/kbn-mapbox-gl" + ], + [ + "@kbn/maps-custom-raster-source-plugin", + "x-pack/examples/third_party_maps_source_example" + ], + [ + "@kbn/maps-ems-plugin", + "src/platform/plugins/private/maps_ems" + ], + [ + "@kbn/maps-plugin", + "x-pack/platform/plugins/shared/maps" + ], + [ + "@kbn/maps-vector-tile-utils", + "x-pack/platform/packages/private/maps/vector_tile_utils" + ], + [ + "@kbn/metrics-data-access-plugin", + "x-pack/plugins/observability_solution/metrics_data_access" + ], + [ + "@kbn/ml-agg-utils", + "x-pack/platform/packages/private/ml/agg_utils" + ], + [ + "@kbn/ml-anomaly-utils", + "x-pack/platform/packages/shared/ml/anomaly_utils" + ], + [ + "@kbn/ml-cancellable-search", + "x-pack/platform/packages/private/ml/cancellable_search" + ], + [ + "@kbn/ml-category-validator", + "x-pack/platform/packages/private/ml/category_validator" + ], + [ + "@kbn/ml-chi2test", + "x-pack/platform/packages/shared/ml/chi2test" + ], + [ + "@kbn/ml-creation-wizard-utils", + "x-pack/platform/packages/private/ml/creation_wizard_utils" + ], + [ + "@kbn/ml-data-frame-analytics-utils", + "x-pack/platform/packages/private/ml/data_frame_analytics_utils" + ], + [ + "@kbn/ml-data-grid", + "x-pack/platform/packages/private/ml/data_grid" + ], + [ + "@kbn/ml-data-view-utils", + "x-pack/platform/packages/private/ml/data_view_utils" + ], + [ + "@kbn/ml-date-picker", + "x-pack/platform/packages/private/ml/date_picker" + ], + [ + "@kbn/ml-date-utils", + "x-pack/platform/packages/private/ml/date_utils" + ], + [ + "@kbn/ml-error-utils", + "x-pack/platform/packages/shared/ml/error_utils" + ], + [ + "@kbn/ml-field-stats-flyout", + "x-pack/platform/packages/private/ml/field_stats_flyout" + ], + [ + "@kbn/ml-in-memory-table", + "x-pack/platform/packages/private/ml/in_memory_table" + ], + [ + "@kbn/ml-is-defined", + "x-pack/platform/packages/private/ml/is_defined" + ], + [ + "@kbn/ml-is-populated-object", + "x-pack/platform/packages/private/ml/is_populated_object" + ], + [ + "@kbn/ml-kibana-theme", + "x-pack/platform/packages/private/ml/kibana_theme" + ], + [ + "@kbn/ml-local-storage", + "x-pack/platform/packages/private/ml/local_storage" + ], + [ + "@kbn/ml-nested-property", + "x-pack/platform/packages/private/ml/nested_property" + ], + [ + "@kbn/ml-number-utils", + "x-pack/platform/packages/private/ml/number_utils" + ], + [ + "@kbn/ml-parse-interval", + "x-pack/platform/packages/private/ml/parse_interval" + ], + [ + "@kbn/ml-plugin", + "x-pack/platform/plugins/shared/ml" + ], + [ + "@kbn/ml-query-utils", + "x-pack/platform/packages/private/ml/query_utils" + ], + [ + "@kbn/ml-random-sampler-utils", + "x-pack/platform/packages/shared/ml/random_sampler_utils" + ], + [ + "@kbn/ml-response-stream", + "x-pack/platform/packages/shared/ml/response_stream" + ], + [ + "@kbn/ml-route-utils", + "x-pack/platform/packages/private/ml/route_utils" + ], + [ + "@kbn/ml-runtime-field-utils", + "x-pack/platform/packages/shared/ml/runtime_field_utils" + ], + [ + "@kbn/ml-string-hash", + "x-pack/platform/packages/private/ml/string_hash" + ], + [ + "@kbn/ml-time-buckets", + "x-pack/platform/packages/private/ml/time_buckets" + ], + [ + "@kbn/ml-trained-models-utils", + "x-pack/platform/packages/shared/ml/trained_models_utils" + ], + [ + "@kbn/ml-ui-actions", + "x-pack/platform/packages/private/ml/ui_actions" + ], + [ + "@kbn/ml-url-state", + "x-pack/platform/packages/private/ml/url_state" + ], + [ + "@kbn/ml-validators", + "x-pack/platform/packages/private/ml/validators" + ], + [ + "@kbn/mock-idp-plugin", + "packages/kbn-mock-idp-plugin" + ], + [ + "@kbn/mock-idp-utils", + "packages/kbn-mock-idp-utils" + ], + [ + "@kbn/monaco", + "packages/kbn-monaco" + ], + [ + "@kbn/monitoring-collection-plugin", + "x-pack/platform/plugins/private/monitoring_collection" + ], + [ + "@kbn/monitoring-plugin", + "x-pack/platform/plugins/private/monitoring" + ], + [ + "@kbn/navigation-plugin", + "src/plugins/navigation" + ], + [ + "@kbn/newsfeed-plugin", + "src/plugins/newsfeed" + ], + [ + "@kbn/newsfeed-test-plugin", + "test/common/plugins/newsfeed" + ], + [ + "@kbn/no-data-page-plugin", + "src/plugins/no_data_page" + ], + [ + "@kbn/notifications-plugin", + "x-pack/plugins/notifications" + ], + [ + "@kbn/object-versioning", + "packages/kbn-object-versioning" + ], + [ + "@kbn/object-versioning-utils", + "packages/kbn-object-versioning-utils" + ], + [ + "@kbn/observability-ai-assistant-app-plugin", + "x-pack/solutions/observability/plugins/observability_ai_assistant_app" + ], + [ + "@kbn/observability-ai-assistant-management-plugin", + "x-pack/solutions/observability/plugins/observability_ai_assistant_management" + ], + [ + "@kbn/observability-ai-assistant-plugin", + "x-pack/platform/plugins/shared/observability_solution/observability_ai_assistant" + ], + [ + "@kbn/observability-ai-common", + "x-pack/solutions/observability/packages/observability_ai/observability_ai_common" + ], + [ + "@kbn/observability-ai-server", + "x-pack/solutions/observability/packages/observability_ai/observability_ai_server" + ], + [ + "@kbn/observability-alert-details", + "x-pack/solutions/observability/packages/alert_details" + ], + [ + "@kbn/observability-alerting-rule-utils", + "x-pack/platform/packages/shared/observability/alerting_rule_utils" + ], + [ + "@kbn/observability-alerting-test-data", + "x-pack/solutions/observability/packages/alerting_test_data" + ], + [ + "@kbn/observability-fixtures-plugin", + "x-pack/test/cases_api_integration/common/plugins/observability" + ], + [ + "@kbn/observability-get-padded-alert-time-range-util", + "x-pack/solutions/observability/packages/get_padded_alert_time_range_util" + ], + [ + "@kbn/observability-logs-explorer-plugin", + "x-pack/solutions/observability/plugins/observability_logs_explorer" + ], + [ + "@kbn/observability-logs-overview", + "x-pack/platform/packages/shared/observability/logs_overview" + ], + [ + "@kbn/observability-onboarding-e2e", + "x-pack/solutions/observability/plugins/observability_onboarding/e2e" + ], + [ + "@kbn/observability-onboarding-plugin", + "x-pack/solutions/observability/plugins/observability_onboarding" + ], + [ + "@kbn/observability-plugin", + "x-pack/solutions/observability/plugins/observability" + ], + [ + "@kbn/observability-shared-plugin", + "x-pack/solutions/observability/plugins/observability_shared" + ], + [ + "@kbn/observability-synthetics-test-data", + "x-pack/solutions/observability/packages/synthetics_test_data" + ], + [ + "@kbn/observability-utils-browser", + "x-pack/solutions/observability/packages/utils_browser" + ], + [ + "@kbn/observability-utils-common", + "x-pack/solutions/observability/packages/utils_common" + ], + [ + "@kbn/observability-utils-server", + "x-pack/solutions/observability/packages/utils_server" + ], + [ + "@kbn/oidc-provider-plugin", + "x-pack/test/security_api_integration/plugins/oidc_provider" + ], + [ + "@kbn/open-telemetry-instrumented-plugin", + "test/common/plugins/otel_metrics" + ], + [ + "@kbn/openapi-bundler", + "packages/kbn-openapi-bundler" + ], + [ + "@kbn/openapi-common", + "src/platform/packages/shared/kbn-openapi-common" + ], + [ + "@kbn/openapi-generator", + "packages/kbn-openapi-generator" + ], + [ + "@kbn/optimizer", + "packages/kbn-optimizer" + ], + [ + "@kbn/optimizer-webpack-helpers", + "packages/kbn-optimizer-webpack-helpers" + ], + [ + "@kbn/osquery-io-ts-types", + "src/platform/packages/shared/kbn-osquery-io-ts-types" + ], + [ + "@kbn/osquery-plugin", + "x-pack/platform/plugins/shared/osquery" + ], + [ + "@kbn/paertial-results-example-plugin", + "examples/partial_results_example" + ], + [ + "@kbn/painless-lab-plugin", + "x-pack/platform/plugins/private/painless_lab" + ], + [ + "@kbn/palettes", + "packages/kbn-palettes" + ], + [ + "@kbn/panel-loader", + "src/platform/packages/private/kbn-panel-loader" + ], + [ + "@kbn/peggy", + "packages/kbn-peggy" + ], + [ + "@kbn/peggy-loader", + "packages/kbn-peggy-loader" + ], + [ + "@kbn/performance-testing-dataset-extractor", + "packages/kbn-performance-testing-dataset-extractor" + ], + [ + "@kbn/picomatcher", + "packages/kbn-picomatcher" + ], + [ + "@kbn/plugin-check", + "packages/kbn-plugin-check" + ], + [ + "@kbn/plugin-generator", + "packages/kbn-plugin-generator" + ], + [ + "@kbn/plugin-helpers", + "packages/kbn-plugin-helpers" + ], + [ + "@kbn/portable-dashboards-example", + "examples/portable_dashboards_example" + ], + [ + "@kbn/preboot-example-plugin", + "examples/preboot_example" + ], + [ + "@kbn/presentation-containers", + "src/platform/packages/shared/presentation/presentation_containers" + ], + [ + "@kbn/presentation-panel-plugin", + "src/platform/plugins/private/presentation_panel" + ], + [ + "@kbn/presentation-publishing", + "src/platform/packages/shared/presentation/presentation_publishing" + ], + [ + "@kbn/presentation-util-plugin", + "src/platform/plugins/shared/presentation_util" + ], + [ + "@kbn/product-doc-artifact-builder", + "x-pack/packages/ai-infra/product-doc-artifact-builder" + ], + [ + "@kbn/product-doc-base-plugin", + "x-pack/platform/plugins/shared/ai_infra/product_doc_base" + ], + [ + "@kbn/product-doc-common", + "x-pack/platform/packages/shared/ai-infra/product-doc-common" + ], + [ + "@kbn/profiling-data-access-plugin", + "x-pack/plugins/observability_solution/profiling_data_access" + ], + [ + "@kbn/profiling-plugin", + "x-pack/plugins/observability_solution/profiling" + ], + [ + "@kbn/profiling-utils", + "packages/kbn-profiling-utils" + ], + [ + "@kbn/random-sampling", + "x-pack/packages/kbn-random-sampling" + ], + [ + "@kbn/react-field", + "packages/kbn-react-field" + ], + [ + "@kbn/react-hooks", + "src/platform/packages/shared/kbn-react-hooks" + ], + [ + "@kbn/react-kibana-context-common", + "packages/react/kibana_context/common" + ], + [ + "@kbn/react-kibana-context-render", + "packages/react/kibana_context/render" + ], + [ + "@kbn/react-kibana-context-root", + "packages/react/kibana_context/root" + ], + [ + "@kbn/react-kibana-context-styled", + "packages/react/kibana_context/styled" + ], + [ + "@kbn/react-kibana-context-theme", + "packages/react/kibana_context/theme" + ], + [ + "@kbn/react-kibana-mount", + "packages/react/kibana_mount" + ], + [ + "@kbn/react-mute-legacy-root-warning", + "packages/kbn-react-mute-legacy-root-warning" + ], + [ + "@kbn/recently-accessed", + "packages/kbn-recently-accessed" + ], + [ + "@kbn/relocate", + "packages/kbn-relocate" + ], + [ + "@kbn/remote-clusters-plugin", + "x-pack/platform/plugins/private/remote_clusters" + ], + [ + "@kbn/rendering-plugin", + "test/plugin_functional/plugins/rendering_plugin" + ], + [ + "@kbn/repo-file-maps", + "packages/kbn-repo-file-maps" + ], + [ + "@kbn/repo-info", + "packages/kbn-repo-info" + ], + [ + "@kbn/repo-linter", + "packages/kbn-repo-linter" + ], + [ + "@kbn/repo-packages", + "packages/kbn-repo-packages" + ], + [ + "@kbn/repo-path", + "packages/kbn-repo-path" + ], + [ + "@kbn/repo-source-classifier", + "packages/kbn-repo-source-classifier" + ], + [ + "@kbn/repo-source-classifier-cli", + "packages/kbn-repo-source-classifier-cli" + ], + [ + "@kbn/reporting-common", + "packages/kbn-reporting/common" + ], + [ + "@kbn/reporting-csv-share-panel", + "packages/kbn-reporting/get_csv_panel_actions" + ], + [ + "@kbn/reporting-export-types-csv", + "packages/kbn-reporting/export_types/csv" + ], + [ + "@kbn/reporting-export-types-csv-common", + "packages/kbn-reporting/export_types/csv_common" + ], + [ + "@kbn/reporting-export-types-pdf", + "packages/kbn-reporting/export_types/pdf" + ], + [ + "@kbn/reporting-export-types-pdf-common", + "packages/kbn-reporting/export_types/pdf_common" + ], + [ + "@kbn/reporting-export-types-png", + "packages/kbn-reporting/export_types/png" + ], + [ + "@kbn/reporting-export-types-png-common", + "packages/kbn-reporting/export_types/png_common" + ], + [ + "@kbn/reporting-mocks-server", + "packages/kbn-reporting/mocks_server" + ], + [ + "@kbn/reporting-plugin", + "x-pack/plugins/reporting" + ], + [ + "@kbn/reporting-public", + "packages/kbn-reporting/public" + ], + [ + "@kbn/reporting-server", + "packages/kbn-reporting/server" + ], + [ + "@kbn/resizable-layout", + "packages/kbn-resizable-layout" + ], + [ + "@kbn/resizable-layout-examples-plugin", + "examples/resizable_layout_examples" + ], + [ + "@kbn/resolver-test-plugin", + "x-pack/test/plugin_functional/plugins/resolver_test" + ], + [ + "@kbn/response-ops-feature-flag-service", + "packages/response-ops/feature_flag_service" + ], + [ + "@kbn/response-ops-rule-form", + "packages/response-ops/rule_form" + ], + [ + "@kbn/response-ops-rule-params", + "src/platform/packages/private/response-ops/rule_params" + ], + [ + "@kbn/response-stream-plugin", + "examples/response_stream" + ], + [ + "@kbn/rison", + "packages/kbn-rison" + ], + [ + "@kbn/rollup", + "x-pack/platform/packages/private/rollup" + ], + [ + "@kbn/rollup-plugin", + "x-pack/platform/plugins/private/rollup" + ], + [ + "@kbn/router-to-openapispec", + "packages/kbn-router-to-openapispec" + ], + [ + "@kbn/router-utils", + "src/platform/packages/shared/kbn-router-utils" + ], + [ + "@kbn/routing-example-plugin", + "examples/routing_example" + ], + [ + "@kbn/rrule", + "src/platform/packages/shared/kbn-rrule" + ], + [ + "@kbn/rule-data-utils", + "src/platform/packages/shared/kbn-rule-data-utils" + ], + [ + "@kbn/rule-registry-plugin", + "x-pack/platform/plugins/shared/rule_registry" + ], + [ + "@kbn/runtime-fields-plugin", + "x-pack/platform/plugins/private/runtime_fields" + ], + [ + "@kbn/safer-lodash-set", + "packages/kbn-safer-lodash-set" + ], + [ + "@kbn/saml-provider-plugin", + "x-pack/test/security_api_integration/plugins/saml_provider" + ], + [ + "@kbn/sample-task-plugin", + "x-pack/test/plugin_api_integration/plugins/sample_task_plugin" + ], + [ + "@kbn/sample-task-plugin-update-by-query", + "x-pack/test/task_manager_claimer_update_by_query/plugins/sample_task_plugin_mget" + ], + [ + "@kbn/saved-object-export-transforms-plugin", + "test/plugin_functional/plugins/saved_object_export_transforms" + ], + [ + "@kbn/saved-object-import-warnings-plugin", + "test/plugin_functional/plugins/saved_object_import_warnings" + ], + [ + "@kbn/saved-object-test-plugin", + "x-pack/test/saved_object_api_integration/common/plugins/saved_object_test_plugin" + ], + [ + "@kbn/saved-objects-finder-plugin", + "src/plugins/saved_objects_finder" + ], + [ + "@kbn/saved-objects-hidden-from-http-apis-type-plugin", + "test/plugin_functional/plugins/saved_objects_hidden_from_http_apis_type" + ], + [ + "@kbn/saved-objects-hidden-type-plugin", + "test/plugin_functional/plugins/saved_objects_hidden_type" + ], + [ + "@kbn/saved-objects-management-plugin", + "src/plugins/saved_objects_management" + ], + [ + "@kbn/saved-objects-plugin", + "src/plugins/saved_objects" + ], + [ + "@kbn/saved-objects-settings", + "packages/kbn-saved-objects-settings" + ], + [ + "@kbn/saved-objects-tagging-oss-plugin", + "src/plugins/saved_objects_tagging_oss" + ], + [ + "@kbn/saved-objects-tagging-plugin", + "x-pack/plugins/saved_objects_tagging" + ], + [ + "@kbn/saved-search-component", + "packages/kbn-saved-search-component" + ], + [ + "@kbn/saved-search-plugin", + "src/plugins/saved_search" + ], + [ + "@kbn/scout", + "packages/kbn-scout" + ], + [ + "@kbn/scout-info", + "packages/kbn-scout-info" + ], + [ + "@kbn/scout-reporting", + "packages/kbn-scout-reporting" + ], + [ + "@kbn/screenshot-mode-example-plugin", + "examples/screenshot_mode_example" + ], + [ + "@kbn/screenshot-mode-plugin", + "src/plugins/screenshot_mode" + ], + [ + "@kbn/screenshotting-example-plugin", + "x-pack/examples/screenshotting_example" + ], + [ + "@kbn/screenshotting-plugin", + "x-pack/platform/plugins/shared/screenshotting" + ], + [ + "@kbn/screenshotting-server", + "packages/kbn-screenshotting-server" + ], + [ + "@kbn/search-api-keys-components", + "packages/kbn-search-api-keys-components" + ], + [ + "@kbn/search-api-keys-server", + "packages/kbn-search-api-keys-server" + ], + [ + "@kbn/search-api-panels", + "packages/kbn-search-api-panels" + ], + [ + "@kbn/search-assistant", + "x-pack/plugins/search_assistant" + ], + [ + "@kbn/search-connectors", + "packages/kbn-search-connectors" + ], + [ + "@kbn/search-connectors-plugin", + "x-pack/plugins/search_connectors" + ], + [ + "@kbn/search-errors", + "packages/kbn-search-errors" + ], + [ + "@kbn/search-examples-plugin", + "examples/search_examples" + ], + [ + "@kbn/search-homepage", + "x-pack/plugins/search_homepage" + ], + [ + "@kbn/search-index-documents", + "packages/kbn-search-index-documents" + ], + [ + "@kbn/search-indices", + "x-pack/plugins/search_indices" + ], + [ + "@kbn/search-inference-endpoints", + "x-pack/plugins/search_inference_endpoints" + ], + [ + "@kbn/search-navigation", + "x-pack/plugins/search_solution/search_navigation" + ], + [ + "@kbn/search-notebooks", + "x-pack/plugins/search_notebooks" + ], + [ + "@kbn/search-playground", + "x-pack/plugins/search_playground" + ], + [ + "@kbn/search-response-warnings", + "packages/kbn-search-response-warnings" + ], + [ + "@kbn/search-shared-ui", + "x-pack/packages/search/shared_ui" + ], + [ + "@kbn/search-types", + "packages/kbn-search-types" + ], + [ + "@kbn/searchprofiler-plugin", + "x-pack/platform/plugins/shared/searchprofiler" + ], + [ + "@kbn/security-api-integration-helpers", + "x-pack/test/security_api_integration/packages/helpers" + ], + [ + "@kbn/security-api-key-management", + "x-pack/packages/security/api_key_management" + ], + [ + "@kbn/security-authorization-core", + "x-pack/packages/security/authorization_core" + ], + [ + "@kbn/security-authorization-core-common", + "x-pack/packages/security/authorization_core_common" + ], + [ + "@kbn/security-form-components", + "x-pack/packages/security/form_components" + ], + [ + "@kbn/security-hardening", + "packages/kbn-security-hardening" + ], + [ + "@kbn/security-plugin", + "x-pack/plugins/security" + ], + [ + "@kbn/security-plugin-types-common", + "x-pack/packages/security/plugin_types_common" + ], + [ + "@kbn/security-plugin-types-public", + "x-pack/packages/security/plugin_types_public" + ], + [ + "@kbn/security-plugin-types-server", + "x-pack/packages/security/plugin_types_server" + ], + [ + "@kbn/security-role-management-model", + "x-pack/packages/security/role_management_model" + ], + [ + "@kbn/security-solution-distribution-bar", + "x-pack/solutions/security/packages/distribution_bar" + ], + [ + "@kbn/security-solution-ess", + "x-pack/solutions/security/plugins/security_solution_ess" + ], + [ + "@kbn/security-solution-features", + "x-pack/solutions/security/packages/features" + ], + [ + "@kbn/security-solution-fixtures-plugin", + "x-pack/test/cases_api_integration/common/plugins/security_solution" + ], + [ + "@kbn/security-solution-navigation", + "x-pack/solutions/security/packages/navigation" + ], + [ + "@kbn/security-solution-plugin", + "x-pack/solutions/security/plugins/security_solution" + ], + [ + "@kbn/security-solution-serverless", + "x-pack/solutions/security/plugins/security_solution_serverless" + ], + [ + "@kbn/security-solution-side-nav", + "x-pack/solutions/security/packages/side_nav" + ], + [ + "@kbn/security-solution-storybook-config", + "x-pack/solutions/security/packages/storybook/config" + ], + [ + "@kbn/security-solution-upselling", + "x-pack/solutions/security/packages/upselling" + ], + [ + "@kbn/security-test-endpoints-plugin", + "x-pack/test/security_functional/plugins/test_endpoints" + ], + [ + "@kbn/security-ui-components", + "x-pack/packages/security/ui_components" + ], + [ + "@kbn/securitysolution-autocomplete", + "x-pack/solutions/security/packages/kbn-securitysolution-autocomplete" + ], + [ + "@kbn/securitysolution-data-table", + "x-pack/solutions/security/packages/data_table" + ], + [ + "@kbn/securitysolution-ecs", + "src/platform/packages/shared/kbn-securitysolution-ecs" + ], + [ + "@kbn/securitysolution-endpoint-exceptions-common", + "x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common" + ], + [ + "@kbn/securitysolution-es-utils", + "src/platform/packages/shared/kbn-securitysolution-es-utils" + ], + [ + "@kbn/securitysolution-exception-list-components", + "x-pack/solutions/security/packages/kbn-securitysolution-exception-list-components" + ], + [ + "@kbn/securitysolution-exceptions-common", + "x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common" + ], + [ + "@kbn/securitysolution-hook-utils", + "x-pack/solutions/security/packages/kbn-securitysolution-hook-utils" + ], + [ + "@kbn/securitysolution-io-ts-alerting-types", + "x-pack/solutions/security/packages/kbn-securitysolution-io-ts-alerting-types" + ], + [ + "@kbn/securitysolution-io-ts-list-types", + "x-pack/solutions/security/packages/kbn-securitysolution-io-ts-list-types" + ], + [ + "@kbn/securitysolution-io-ts-types", + "src/platform/packages/shared/kbn-securitysolution-io-ts-types" + ], + [ + "@kbn/securitysolution-io-ts-utils", + "src/platform/packages/shared/kbn-securitysolution-io-ts-utils" + ], + [ + "@kbn/securitysolution-list-api", + "x-pack/solutions/security/packages/kbn-securitysolution-list-api" + ], + [ + "@kbn/securitysolution-list-constants", + "x-pack/solutions/security/packages/kbn-securitysolution-list-constants" + ], + [ + "@kbn/securitysolution-list-hooks", + "x-pack/solutions/security/packages/kbn-securitysolution-list-hooks" + ], + [ + "@kbn/securitysolution-list-utils", + "x-pack/solutions/security/packages/kbn-securitysolution-list-utils" + ], + [ + "@kbn/securitysolution-lists-common", + "x-pack/solutions/security/packages/kbn-securitysolution-lists-common" + ], + [ + "@kbn/securitysolution-rules", + "src/platform/packages/shared/kbn-securitysolution-rules" + ], + [ + "@kbn/securitysolution-t-grid", + "x-pack/solutions/security/packages/kbn-securitysolution-t-grid" + ], + [ + "@kbn/securitysolution-utils", + "x-pack/solutions/security/packages/kbn-securitysolution-utils" + ], + [ + "@kbn/server-http-tools", + "packages/kbn-server-http-tools" + ], + [ + "@kbn/server-route-repository", + "src/platform/packages/shared/kbn-server-route-repository" + ], + [ + "@kbn/server-route-repository-client", + "src/platform/packages/shared/kbn-server-route-repository-client" + ], + [ + "@kbn/server-route-repository-utils", + "src/platform/packages/shared/kbn-server-route-repository-utils" + ], + [ + "@kbn/serverless", + "x-pack/plugins/serverless" + ], + [ + "@kbn/serverless-common-settings", + "packages/serverless/settings/common" + ], + [ + "@kbn/serverless-observability", + "x-pack/solutions/observability/plugins/serverless_observability" + ], + [ + "@kbn/serverless-observability-settings", + "packages/serverless/settings/observability_project" + ], + [ + "@kbn/serverless-project-switcher", + "packages/serverless/project_switcher" + ], + [ + "@kbn/serverless-search", + "x-pack/plugins/serverless_search" + ], + [ + "@kbn/serverless-search-settings", + "packages/serverless/settings/search_project" + ], + [ + "@kbn/serverless-security-settings", + "src/platform/packages/shared/serverless/settings/security_project" + ], + [ + "@kbn/serverless-storybook-config", + "packages/serverless/storybook/config" + ], + [ + "@kbn/serverless-types", + "packages/serverless/types" + ], + [ + "@kbn/session-notifications-plugin", + "test/plugin_functional/plugins/session_notifications" + ], + [ + "@kbn/session-view-plugin", + "x-pack/solutions/security/plugins/session_view" + ], + [ + "@kbn/set-map", + "packages/kbn-set-map" + ], + [ + "@kbn/share-examples-plugin", + "examples/share_examples" + ], + [ + "@kbn/share-plugin", + "src/plugins/share" + ], + [ + "@kbn/shared-svg", + "packages/kbn-shared-svg" + ], + [ + "@kbn/shared-ux-avatar-solution", + "packages/shared-ux/avatar/solution" + ], + [ + "@kbn/shared-ux-button-exit-full-screen", + "packages/shared-ux/button/exit_full_screen" + ], + [ + "@kbn/shared-ux-button-toolbar", + "packages/shared-ux/button_toolbar" + ], + [ + "@kbn/shared-ux-card-no-data", + "packages/shared-ux/card/no_data/impl" + ], + [ + "@kbn/shared-ux-card-no-data-mocks", + "packages/shared-ux/card/no_data/mocks" + ], + [ + "@kbn/shared-ux-card-no-data-types", + "packages/shared-ux/card/no_data/types" + ], + [ + "@kbn/shared-ux-chrome-navigation", + "packages/shared-ux/chrome/navigation" + ], + [ + "@kbn/shared-ux-error-boundary", + "packages/shared-ux/error_boundary" + ], + [ + "@kbn/shared-ux-file-context", + "packages/shared-ux/file/context" + ], + [ + "@kbn/shared-ux-file-image", + "packages/shared-ux/file/image/impl" + ], + [ + "@kbn/shared-ux-file-image-mocks", + "packages/shared-ux/file/image/mocks" + ], + [ + "@kbn/shared-ux-file-mocks", + "packages/shared-ux/file/mocks" + ], + [ + "@kbn/shared-ux-file-picker", + "packages/shared-ux/file/file_picker/impl" + ], + [ + "@kbn/shared-ux-file-types", + "packages/shared-ux/file/types" + ], + [ + "@kbn/shared-ux-file-upload", + "packages/shared-ux/file/file_upload/impl" + ], + [ + "@kbn/shared-ux-file-util", + "packages/shared-ux/file/util" + ], + [ + "@kbn/shared-ux-link-redirect-app", + "packages/shared-ux/link/redirect_app/impl" + ], + [ + "@kbn/shared-ux-link-redirect-app-mocks", + "packages/shared-ux/link/redirect_app/mocks" + ], + [ + "@kbn/shared-ux-link-redirect-app-types", + "packages/shared-ux/link/redirect_app/types" + ], + [ + "@kbn/shared-ux-markdown", + "packages/shared-ux/markdown/impl" + ], + [ + "@kbn/shared-ux-markdown-mocks", + "packages/shared-ux/markdown/mocks" + ], + [ + "@kbn/shared-ux-markdown-types", + "packages/shared-ux/markdown/types" + ], + [ + "@kbn/shared-ux-page-analytics-no-data", + "packages/shared-ux/page/analytics_no_data/impl" + ], + [ + "@kbn/shared-ux-page-analytics-no-data-mocks", + "packages/shared-ux/page/analytics_no_data/mocks" + ], + [ + "@kbn/shared-ux-page-analytics-no-data-types", + "packages/shared-ux/page/analytics_no_data/types" + ], + [ + "@kbn/shared-ux-page-kibana-no-data", + "packages/shared-ux/page/kibana_no_data/impl" + ], + [ + "@kbn/shared-ux-page-kibana-no-data-mocks", + "packages/shared-ux/page/kibana_no_data/mocks" + ], + [ + "@kbn/shared-ux-page-kibana-no-data-types", + "packages/shared-ux/page/kibana_no_data/types" + ], + [ + "@kbn/shared-ux-page-kibana-template", + "packages/shared-ux/page/kibana_template/impl" + ], + [ + "@kbn/shared-ux-page-kibana-template-mocks", + "packages/shared-ux/page/kibana_template/mocks" + ], + [ + "@kbn/shared-ux-page-kibana-template-types", + "packages/shared-ux/page/kibana_template/types" + ], + [ + "@kbn/shared-ux-page-no-data", + "packages/shared-ux/page/no_data/impl" + ], + [ + "@kbn/shared-ux-page-no-data-config", + "packages/shared-ux/page/no_data_config/impl" + ], + [ + "@kbn/shared-ux-page-no-data-config-mocks", + "packages/shared-ux/page/no_data_config/mocks" + ], + [ + "@kbn/shared-ux-page-no-data-config-types", + "packages/shared-ux/page/no_data_config/types" + ], + [ + "@kbn/shared-ux-page-no-data-mocks", + "packages/shared-ux/page/no_data/mocks" + ], + [ + "@kbn/shared-ux-page-no-data-types", + "packages/shared-ux/page/no_data/types" + ], + [ + "@kbn/shared-ux-page-solution-nav", + "packages/shared-ux/page/solution_nav" + ], + [ + "@kbn/shared-ux-prompt-no-data-views", + "packages/shared-ux/prompt/no_data_views/impl" + ], + [ + "@kbn/shared-ux-prompt-no-data-views-mocks", + "packages/shared-ux/prompt/no_data_views/mocks" + ], + [ + "@kbn/shared-ux-prompt-no-data-views-types", + "packages/shared-ux/prompt/no_data_views/types" + ], + [ + "@kbn/shared-ux-prompt-not-found", + "packages/shared-ux/prompt/not_found" + ], + [ + "@kbn/shared-ux-router", + "packages/shared-ux/router/impl" + ], + [ + "@kbn/shared-ux-router-mocks", + "packages/shared-ux/router/mocks" + ], + [ + "@kbn/shared-ux-router-types", + "packages/shared-ux/router/types" + ], + [ + "@kbn/shared-ux-storybook-config", + "packages/shared-ux/storybook/config" + ], + [ + "@kbn/shared-ux-storybook-mock", + "packages/shared-ux/storybook/mock" + ], + [ + "@kbn/shared-ux-tabbed-modal", + "packages/shared-ux/modal/tabbed" + ], + [ + "@kbn/shared-ux-table-persist", + "packages/shared-ux/table_persist" + ], + [ + "@kbn/shared-ux-utility", + "packages/kbn-shared-ux-utility" + ], + [ + "@kbn/slo-plugin", + "x-pack/solutions/observability/plugins/slo" + ], + [ + "@kbn/slo-schema", + "x-pack/platform/packages/shared/kbn-slo-schema" + ], + [ + "@kbn/snapshot-restore-plugin", + "x-pack/platform/plugins/private/snapshot_restore" + ], + [ + "@kbn/some-dev-log", + "packages/kbn-some-dev-log" + ], + [ + "@kbn/sort-package-json", + "packages/kbn-sort-package-json" + ], + [ + "@kbn/sort-predicates", + "packages/kbn-sort-predicates" + ], + [ + "@kbn/spaces-plugin", + "x-pack/plugins/spaces" + ], + [ + "@kbn/spaces-test-plugin", + "x-pack/test/spaces_api_integration/common/plugins/spaces_test_plugin" + ], + [ + "@kbn/sse-utils", + "src/platform/packages/shared/kbn-sse-utils" + ], + [ + "@kbn/sse-utils-client", + "src/platform/packages/shared/kbn-sse-utils-client" + ], + [ + "@kbn/sse-utils-server", + "src/platform/packages/shared/kbn-sse-utils-server" + ], + [ + "@kbn/stack-alerts-plugin", + "x-pack/platform/plugins/shared/stack_alerts" + ], + [ + "@kbn/stack-connectors-plugin", + "x-pack/platform/plugins/shared/stack_connectors" + ], + [ + "@kbn/stack-management-usage-test-plugin", + "x-pack/test/usage_collection/plugins/stack_management_usage_test" + ], + [ + "@kbn/state-containers-examples-plugin", + "examples/state_containers_examples" + ], + [ + "@kbn/status-plugin-a-plugin", + "test/server_integration/plugins/status_plugin_a" + ], + [ + "@kbn/status-plugin-b-plugin", + "test/server_integration/plugins/status_plugin_b" + ], + [ + "@kbn/std", + "packages/kbn-std" + ], + [ + "@kbn/stdio-dev-helpers", + "packages/kbn-stdio-dev-helpers" + ], + [ + "@kbn/storybook", + "packages/kbn-storybook" + ], + [ + "@kbn/streams-app-plugin", + "x-pack/solutions/observability/plugins/streams_app" + ], + [ + "@kbn/streams-plugin", + "x-pack/solutions/observability/plugins/streams" + ], + [ + "@kbn/streams-schema", + "x-pack/packages/kbn-streams-schema" + ], + [ + "@kbn/synthetics-e2e", + "x-pack/solutions/observability/plugins/synthetics/e2e" + ], + [ + "@kbn/synthetics-plugin", + "x-pack/solutions/observability/plugins/synthetics" + ], + [ + "@kbn/synthetics-private-location", + "x-pack/packages/kbn-synthetics-private-location" + ], + [ + "@kbn/task-manager-fixture-plugin", + "x-pack/test/alerting_api_integration/common/plugins/task_manager_fixture" + ], + [ + "@kbn/task-manager-performance-plugin", + "x-pack/test/plugin_api_perf/plugins/task_manager_performance" + ], + [ + "@kbn/task-manager-plugin", + "x-pack/platform/plugins/shared/task_manager" + ], + [ + "@kbn/telemetry-collection-manager-plugin", + "src/plugins/telemetry_collection_manager" + ], + [ + "@kbn/telemetry-collection-xpack-plugin", + "x-pack/plugins/telemetry_collection_xpack" + ], + [ + "@kbn/telemetry-management-section-plugin", + "src/plugins/telemetry_management_section" + ], + [ + "@kbn/telemetry-plugin", + "src/plugins/telemetry" + ], + [ + "@kbn/telemetry-test-plugin", + "test/plugin_functional/plugins/telemetry" + ], + [ + "@kbn/telemetry-tools", + "packages/kbn-telemetry-tools" + ], + [ + "@kbn/test", + "packages/kbn-test" + ], + [ + "@kbn/test-eui-helpers", + "packages/kbn-test-eui-helpers" + ], + [ + "@kbn/test-feature-usage-plugin", + "x-pack/test/licensing_plugin/plugins/test_feature_usage" + ], + [ + "@kbn/test-jest-helpers", + "packages/kbn-test-jest-helpers" + ], + [ + "@kbn/test-subj-selector", + "packages/kbn-test-subj-selector" + ], + [ + "@kbn/test-suites-serverless", + "x-pack/test_serverless" + ], + [ + "@kbn/test-suites-src", + "test" + ], + [ + "@kbn/test-suites-xpack", + "x-pack/test" + ], + [ + "@kbn/test-suites-xpack-performance", + "x-pack/performance" + ], + [ + "@kbn/testing-embedded-lens-plugin", + "x-pack/examples/testing_embedded_lens" + ], + [ + "@kbn/third-party-lens-navigation-prompt-plugin", + "x-pack/examples/third_party_lens_navigation_prompt" + ], + [ + "@kbn/third-party-vis-lens-example-plugin", + "x-pack/examples/third_party_vis_lens_example" + ], + [ + "@kbn/threat-intelligence-plugin", + "x-pack/solutions/security/plugins/threat_intelligence" + ], + [ + "@kbn/timelines-plugin", + "x-pack/solutions/security/plugins/timelines" + ], + [ + "@kbn/timelion-grammar", + "packages/kbn-timelion-grammar" + ], + [ + "@kbn/timerange", + "src/platform/packages/shared/kbn-timerange" + ], + [ + "@kbn/tinymath", + "packages/kbn-tinymath" + ], + [ + "@kbn/tooling-log", + "packages/kbn-tooling-log" + ], + [ + "@kbn/transform-plugin", + "x-pack/platform/plugins/private/transform" + ], + [ + "@kbn/translations-plugin", + "x-pack/platform/plugins/private/translations" + ], + [ + "@kbn/transpose-utils", + "packages/kbn-transpose-utils" + ], + [ + "@kbn/triggers-actions-ui-example-plugin", + "x-pack/examples/triggers_actions_ui_example" + ], + [ + "@kbn/triggers-actions-ui-plugin", + "x-pack/platform/plugins/shared/triggers_actions_ui" + ], + [ + "@kbn/triggers-actions-ui-types", + "src/platform/packages/shared/kbn-triggers-actions-ui-types" + ], + [ + "@kbn/try-in-console", + "packages/kbn-try-in-console" + ], + [ + "@kbn/ts-projects", + "packages/kbn-ts-projects" + ], + [ + "@kbn/ts-type-check-cli", + "packages/kbn-ts-type-check-cli" + ], + [ + "@kbn/typed-react-router-config", + "src/platform/packages/shared/kbn-typed-react-router-config" + ], + [ + "@kbn/ui-actions-browser", + "packages/kbn-ui-actions-browser" + ], + [ + "@kbn/ui-actions-enhanced-examples-plugin", + "x-pack/examples/ui_actions_enhanced_examples" + ], + [ + "@kbn/ui-actions-enhanced-plugin", + "src/plugins/ui_actions_enhanced" + ], + [ + "@kbn/ui-actions-examples-plugin", + "examples/ui_action_examples" + ], + [ + "@kbn/ui-actions-explorer-plugin", + "examples/ui_actions_explorer" + ], + [ + "@kbn/ui-actions-plugin", + "src/plugins/ui_actions" + ], + [ + "@kbn/ui-settings-plugin", + "test/plugin_functional/plugins/ui_settings_plugin" + ], + [ + "@kbn/ui-shared-deps-npm", + "packages/kbn-ui-shared-deps-npm" + ], + [ + "@kbn/ui-shared-deps-src", + "packages/kbn-ui-shared-deps-src" + ], + [ + "@kbn/ui-theme", + "packages/kbn-ui-theme" + ], + [ + "@kbn/unified-data-table", + "packages/kbn-unified-data-table" + ], + [ + "@kbn/unified-doc-viewer", + "packages/kbn-unified-doc-viewer" + ], + [ + "@kbn/unified-doc-viewer-examples", + "examples/unified_doc_viewer" + ], + [ + "@kbn/unified-doc-viewer-plugin", + "src/plugins/unified_doc_viewer" + ], + [ + "@kbn/unified-field-list", + "packages/kbn-unified-field-list" + ], + [ + "@kbn/unified-field-list-examples-plugin", + "examples/unified_field_list_examples" + ], + [ + "@kbn/unified-histogram-plugin", + "src/plugins/unified_histogram" + ], + [ + "@kbn/unified-search-plugin", + "src/plugins/unified_search" + ], + [ + "@kbn/unsaved-changes-badge", + "packages/kbn-unsaved-changes-badge" + ], + [ + "@kbn/unsaved-changes-prompt", + "src/platform/packages/shared/kbn-unsaved-changes-prompt" + ], + [ + "@kbn/upgrade-assistant-plugin", + "x-pack/plugins/upgrade_assistant" + ], + [ + "@kbn/uptime-plugin", + "x-pack/solutions/observability/plugins/uptime" + ], + [ + "@kbn/url-drilldown-plugin", + "x-pack/plugins/drilldowns/url_drilldown" + ], + [ + "@kbn/url-forwarding-plugin", + "src/plugins/url_forwarding" + ], + [ + "@kbn/usage-collection-plugin", + "src/plugins/usage_collection" + ], + [ + "@kbn/usage-collection-test-plugin", + "test/plugin_functional/plugins/usage_collection" + ], + [ + "@kbn/use-tracked-promise", + "packages/kbn-use-tracked-promise" + ], + [ + "@kbn/user-profile-components", + "packages/kbn-user-profile-components" + ], + [ + "@kbn/user-profile-examples-plugin", + "examples/user_profile_examples" + ], + [ + "@kbn/user-profiles-consumer-plugin", + "x-pack/test/security_api_integration/plugins/user_profiles_consumer" + ], + [ + "@kbn/utility-types", + "packages/kbn-utility-types" + ], + [ + "@kbn/utility-types-jest", + "packages/kbn-utility-types-jest" + ], + [ + "@kbn/utils", + "packages/kbn-utils" + ], + [ + "@kbn/ux-plugin", + "x-pack/solutions/observability/plugins/ux" + ], + [ + "@kbn/v8-profiler-examples-plugin", + "examples/v8_profiler_examples" + ], + [ + "@kbn/validate-next-docs-cli", + "packages/kbn-validate-next-docs-cli" + ], + [ + "@kbn/vis-default-editor-plugin", + "src/plugins/vis_default_editor" + ], + [ + "@kbn/vis-type-gauge-plugin", + "src/plugins/vis_types/gauge" + ], + [ + "@kbn/vis-type-heatmap-plugin", + "src/plugins/vis_types/heatmap" + ], + [ + "@kbn/vis-type-markdown-plugin", + "src/platform/plugins/private/vis_type_markdown" + ], + [ + "@kbn/vis-type-metric-plugin", + "src/plugins/vis_types/metric" + ], + [ + "@kbn/vis-type-pie-plugin", + "src/plugins/vis_types/pie" + ], + [ + "@kbn/vis-type-table-plugin", + "src/plugins/vis_types/table" + ], + [ + "@kbn/vis-type-tagcloud-plugin", + "src/plugins/vis_types/tagcloud" + ], + [ + "@kbn/vis-type-timelion-plugin", + "src/plugins/vis_types/timelion" + ], + [ + "@kbn/vis-type-timeseries-plugin", + "src/plugins/vis_types/timeseries" + ], + [ + "@kbn/vis-type-vega-plugin", + "src/plugins/vis_types/vega" + ], + [ + "@kbn/vis-type-vislib-plugin", + "src/plugins/vis_types/vislib" + ], + [ + "@kbn/vis-type-xy-plugin", + "src/plugins/vis_types/xy" + ], + [ + "@kbn/visualization-ui-components", + "packages/kbn-visualization-ui-components" + ], + [ + "@kbn/visualization-utils", + "packages/kbn-visualization-utils" + ], + [ + "@kbn/visualizations-plugin", + "src/plugins/visualizations" + ], + [ + "@kbn/watcher-plugin", + "x-pack/platform/plugins/private/watcher" + ], + [ + "@kbn/web-worker-stub", + "packages/kbn-web-worker-stub" + ], + [ + "@kbn/whereis-pkg-cli", + "packages/kbn-whereis-pkg-cli" + ], + [ + "@kbn/xstate-utils", + "src/platform/packages/shared/kbn-xstate-utils" + ], + [ + "@kbn/yarn-lock-validator", + "packages/kbn-yarn-lock-validator" + ], + [ + "@kbn/zod", + "packages/kbn-zod" + ], + [ + "@kbn/zod-helpers", + "src/platform/packages/shared/kbn-zod-helpers" + ] +] \ No newline at end of file diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml index e4aa39a5db30f..286289ec3abd6 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml @@ -20,6 +20,14 @@ paths: application/json: schema: type: object + example: + list_id: simple_list + type: detection + name: Sample Detection Exception List + description: This is a sample detection type exception list. + namespace_type: single + tags: [malware] + os_types: [linux] properties: list_id: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' @@ -53,6 +61,25 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' + examples: + simpleList: + value: + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + list_id: simple_list + type: detection + name: Sample Detection Exception List + description: This is a sample detection type exception list. + immutable: false + namespace_type: single + os_types: [linux] + tags: [malware] + version: 1 + _version: WzIsMV0= + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml index a86c6a21e25ed..48990c9d6accc 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml @@ -20,6 +20,23 @@ paths: application/json: schema: type: object + example: + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + - type: match_any + field: host.name + value: [saturn, jupiter] + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] properties: item_id: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemHumanId' @@ -63,6 +80,33 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItem' + examples: + simpleListItem: + value: + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + - type: match_any + field: host.name + value: [saturn, jupiter] + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.gen.ts index e2fa379cdc528..ccd2739a0ba82 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.gen.ts @@ -10,7 +10,7 @@ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. * * info: - * title: Create rule exception list items API endpoint + * title: Create rule exception items API endpoint * version: 2023-10-31 */ diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml index 246c8de363a68..2ae997928eb6d 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml @@ -1,6 +1,6 @@ openapi: 3.0.0 info: - title: Create rule exception list items API endpoint + title: Create rule exception items API endpoint version: '2023-10-31' paths: /api/detection_engine/rules/{id}/exceptions: @@ -8,7 +8,7 @@ paths: x-labels: [serverless, ess] operationId: CreateRuleExceptionListItems x-codegen-enabled: true - summary: Create rule exception list items + summary: Create rule exception items description: Create exception items that apply to a single detection rule. parameters: - name: id @@ -18,7 +18,7 @@ paths: schema: $ref: '#/components/schemas/RuleId' requestBody: - description: Rule exception list items + description: Rule exception items. required: true content: application/json: @@ -30,6 +30,24 @@ paths: items: $ref: '#/components/schemas/CreateRuleExceptionListItemProps' required: [items] + example: + items: + - item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + - type: match_any + field: host.name + value: [saturn, jupiter] + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] responses: 200: description: Successful response @@ -39,6 +57,34 @@ paths: type: array items: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItem' + examples: + simpleList: + value: + items: + - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + - type: match_any + field: host.name + value: [saturn, jupiter] + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml index 709afe0fdff6b..5358f101c1ed3 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml @@ -17,18 +17,21 @@ paths: description: Either `id` or `list_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListId' + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - name: list_id in: query required: false description: Either `id` or `list_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' + example: simple_list - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single + example: single responses: 200: description: Successful response @@ -36,6 +39,25 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' + examples: + simpleList: + value: + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + list_id: simple_list + type: detection + name: Sample Detection Exception List + description: This is a sample detection type exception list. + immutable: false + namespace_type: single + os_types: [linux] + tags: [malware] + version: 1 + _version: WzIsMV0= + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic 400: description: Invalid input data response content: @@ -62,6 +84,11 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: 'exception list list_id: simple-list does not exist' + status_code: 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml index 22344db77f619..84305302e605e 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml @@ -17,18 +17,21 @@ paths: description: Either `id` or `item_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemId' + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - name: item_id in: query required: false description: Either `id` or `item_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemHumanId' + example: simple_list_item - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single + example: single responses: 200: description: Successful response @@ -36,6 +39,33 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItem' + examples: + simpleListItem: + value: + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + - type: match_any + field: host.name + value: [saturn, jupiter] + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml index a758d2856123b..c7dc27edd1eba 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml @@ -17,11 +17,13 @@ paths: description: Exception list's human identifier schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' + example: simple_list - name: namespace_type in: query required: true schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' + example: single - name: include_expired_exceptions in: query required: true @@ -30,6 +32,7 @@ paths: type: string enum: ['true', 'false'] default: 'true' + example: true responses: 200: description: Successful response @@ -57,6 +60,17 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + 404: + description: Exception list not found + content: + application/json: + schema: + $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 405: description: Exception list to duplicate not found response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml index 2d5242131adbe..f5fa92dc15723 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml @@ -17,17 +17,20 @@ paths: description: Exception list's identifier schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListId' + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - name: list_id in: query required: true description: Exception list's human identifier schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' + example: simple_list - name: namespace_type in: query required: true schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' + example: single - name: include_expired_exceptions in: query required: true @@ -36,6 +39,7 @@ paths: type: string enum: ['true', 'false'] default: 'true' + example: true responses: 200: description: Successful response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml index fc76802492420..3a8cb72f1811f 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml @@ -19,6 +19,7 @@ paths: type: array items: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' + example: simple_list - name: filter in: query required: false @@ -30,6 +31,7 @@ paths: items: $ref: '#/components/schemas/FindExceptionListItemsFilter' default: [] + example: [exception-list.attributes.name:%My%20item] - name: namespace_type in: query required: false @@ -41,11 +43,13 @@ paths: items: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: [single] + example: [single] - name: search in: query required: false schema: type: string + example: host.name - name: page in: query required: false @@ -53,6 +57,7 @@ paths: schema: type: integer minimum: 0 + example: 1 - name: per_page in: query required: false @@ -60,12 +65,14 @@ paths: schema: type: integer minimum: 0 + example: 20 - name: sort_field in: query required: false description: Determines which field is used to sort the results schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' + example: 'name' - name: sort_order in: query required: false @@ -73,6 +80,7 @@ paths: schema: type: string enum: [desc, asc] + example: desc responses: 200: description: Successful response @@ -101,6 +109,37 @@ paths: - page - per_page - total + examples: + simpleListItems: + value: + data: + - id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + - type: match_any + field: host.name + value: [jupiter, saturn] + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzgsMV0= + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + created_at: 2025-01-07T21:12:25.512Z + created_by: elastic + updated_at: 2025-01-07T21:12:25.512Z + updated_by: elastic + page: 1 + per_page: 20 + total: 1 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml index e5ef4f83a1343..e190846654aa6 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml @@ -9,7 +9,7 @@ paths: operationId: FindExceptionLists x-codegen-enabled: true summary: Get exception lists - description: Get a list of all exception lists. + description: Get a list of all exception list containers. parameters: - name: filter in: query @@ -23,6 +23,7 @@ paths: - `exception-list-agnostic`: Specify an exception list that is shared across spaces. schema: $ref: '#/components/schemas/FindExceptionListsFilter' + example: exception-list.attributes.name:%Detection%20List - name: namespace_type in: query required: false @@ -34,6 +35,7 @@ paths: items: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: [single] + example: single - name: page in: query required: false @@ -41,6 +43,7 @@ paths: schema: type: integer minimum: 1 + example: 1 - name: per_page in: query required: false @@ -48,12 +51,14 @@ paths: schema: type: integer minimum: 1 + example: 20 - name: sort_field in: query required: false description: Determines which field is used to sort the results schema: type: string + example: 'name' - name: sort_order in: query required: false @@ -61,6 +66,7 @@ paths: schema: type: string enum: [desc, asc] + example: 'desc' responses: 200: description: Successful response @@ -87,6 +93,30 @@ paths: - page - per_page - total + examples: + simpleLists: + value: + data: + - id: '9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85' + - list_id: 'simple_list' + - type: 'detection' + - name: 'Detection Exception List' + - description: 'This is a sample detection type exception list.' + - immutable: false + - namespace_type: 'single' + - os_types: [] + - tags: + - 'malware' + - version: 1 + - _version: 'WzIsMV0=' + - tie_breaker_id: '78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3' + - created_at: '2025-01-07T19:34:27.942Z' + - created_by: 'elastic' + - updated_at: '2025-01-07T19:34:27.942Z' + - updated_by: 'elastic' + page: 1 + per_page: 20 + total: 1 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml index 75778f07c0c8e..35b3314814ed0 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml @@ -31,18 +31,21 @@ paths: schema: type: boolean default: false + example: false - name: overwrite_exceptions in: query required: false schema: type: boolean default: false + example: false - name: overwrite_action_connectors in: query required: false schema: type: boolean default: false + example: false - name: as_new_list in: query required: false @@ -53,6 +56,7 @@ paths: schema: type: boolean default: false + example: false responses: 200: description: Successful response @@ -86,6 +90,16 @@ paths: - success_count_exception_lists - success_exception_list_items - success_count_exception_list_items + examples: + summary: + value: + errors: [] + success: true + success_count: 2 + success_exception_lists: true, + success_count_exception_lists: 1 + success_exception_list_items: true + success_count_exception_list_items: 1 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/quickstart_client.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/quickstart_client.gen.ts index bfa84f18fa7c2..0495db2d8b2b9 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/quickstart_client.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/quickstart_client.gen.ts @@ -255,7 +255,7 @@ export class Client { .catch(catchAxiosErrorFormatAndThrow); } /** - * Get a list of all exception lists. + * Get a list of all exception list containers. */ async findExceptionLists(props: FindExceptionListsProps) { this.log.info(`${new Date().toISOString()} Calling API FindExceptionLists`); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml index 001c56a3eafb4..7a904f1a783e7 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml @@ -17,18 +17,21 @@ paths: description: Either `id` or `list_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListId' + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - name: list_id in: query required: false description: Either `id` or `list_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' + example: simple_list - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single + example: single responses: 200: description: Successful response @@ -36,6 +39,25 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' + examples: + simpleList: + value: + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + list_id: simple_list + type: detection + name: Sample Detection Exception List + description: This is a sample detection type exception list. + immutable: false + namespace_type: single + os_types: [linux] + tags: [malware] + version: 1 + _version: WzIsMV0= + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml index 82cac05e97813..b6e8436897303 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml @@ -17,18 +17,21 @@ paths: description: Either `id` or `item_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemId' + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - name: item_id in: query required: false description: Either `id` or `item_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemHumanId' + example: simple_list_item - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single + example: single responses: 200: description: Successful response @@ -36,6 +39,33 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItem' + examples: + simpleListItem: + value: + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + - type: match_any + field: host.name + value: [saturn, jupiter] + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml index fe6bb93b9cdb9..439b3301f0093 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml @@ -17,24 +17,28 @@ paths: description: Exception list's identifier generated upon creation schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListId' + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - name: list_id in: query required: false description: Exception list's human readable identifier schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' + example: simple_list - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single + example: single - name: filter in: query required: false description: Search filter clause schema: type: string + example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" responses: 200: description: Successful response @@ -55,6 +59,13 @@ paths: total: type: integer minimum: 0 + examples: + summary: + value: + windows: 0 + linux: 0 + macos: 0 + total: 0 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml index 5a07623f4c937..7d57a5346bc4e 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml @@ -46,6 +46,13 @@ paths: - name - description - type + example: + list_id: simple_list + tags: [draft malware] + type: detection + os_types: [linux] + description: Different description + name: Updated exception list name responses: 200: description: Successful response @@ -53,6 +60,28 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' + examples: + simpleList: + value: + id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 + list_id: simple_list + type: detection + name: Updated exception list name + description: Different description + immutable: false + namespace_type: single + os_types: [] + tags: [ + draft + malware, + ] + version: 2 + _version: WzExLDFd + tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f + created_at: 2025-01-07T20:43:55.264Z + created_by: elastic + updated_at: 2025-01-07T21:32:03.726Z + updated_by: elastic 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml index d6021768492c5..e95c259e2c3f0 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml @@ -57,6 +57,19 @@ paths: - name - description - entries + example: + comments: [] + description: Updated description + entries: + - field: host.name + type: match + value: rock01 + operator: included + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple responses: 200: description: Successful response @@ -64,6 +77,30 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItem' + examples: + simpleListItem: + value: + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + type: simple + name: Updated name + description: Updated description + entries: + - type: match + field: host.name + value: rock01 + operator: included + namespace_type: single + os_types: [] + tags: [] + comments: [] + _version: WzEyLDFd + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + created_at: 2025-01-07T21:12:25.512Z + created_by: elastic + updated_at: 2025-01-07T21:34:50.233Z + updated_by: elastic 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index c4f44ca0e85f5..def416d78c104 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -29,6 +29,28 @@ paths: content: application/json: schema: + example: + items: + - description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: items: @@ -37,12 +59,44 @@ paths: type: array required: - items - description: Rule exception list items + description: Rule exception items. required: true responses: '200': content: application/json: + examples: + simpleList: + value: + items: + - _version: WzQsMV0= + comments: [] + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic schema: items: $ref: '#/components/schemas/ExceptionListItem' @@ -74,7 +128,7 @@ paths: schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response - summary: Create rule exception list items + summary: Create rule exception items tags: - Security Exceptions API /api/exception_lists: @@ -83,18 +137,21 @@ paths: operationId: DeleteExceptionList parameters: - description: Either `id` or `list_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - description: Either `id` or `list_id` must be specified + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -104,6 +161,27 @@ paths: '200': content: application/json: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -130,6 +208,11 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: 'exception list list_id: simple-list does not exist' + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Exception list not found response @@ -147,18 +230,21 @@ paths: operationId: ReadExceptionList parameters: - description: Either `id` or `list_id` must be specified + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - description: Either `id` or `list_id` must be specified + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -168,6 +254,27 @@ paths: '200': content: application/json: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -225,6 +332,16 @@ paths: content: application/json: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: detection type: object properties: description: @@ -258,6 +375,27 @@ paths: '200': content: application/json: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -303,6 +441,15 @@ paths: content: application/json: schema: + example: + description: Different description + list_id: simple_list + name: Updated exception list name + os_types: + - linux + tags: + - draft malware + type: detection type: object properties: _version: @@ -339,6 +486,26 @@ paths: '200': content: application/json: + examples: + simpleList: + value: + _version: WzExLDFd + created_at: 2025-01-07T20:43:55.264Z + created_by: elastic + description: Different description + id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 + immutable: false + list_id: simple_list + name: Updated exception list name + namespace_type: single + os_types: [] + tags: + - draft malware + tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f + type: detection + updated_at: 2025-01-07T21:32:03.726Z + updated_by: elastic + version: 2 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -383,12 +550,14 @@ paths: operationId: DuplicateExceptionList parameters: - description: Exception list's human identifier + example: simple_list in: query name: list_id required: true schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: true schema: @@ -396,6 +565,7 @@ paths: - description: >- Determines whether to include expired exceptions in the exported list + example: true in: query name: include_expired_exceptions required: true @@ -432,6 +602,17 @@ paths: schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response + '404': + content: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 + schema: + $ref: '#/components/schemas/PlatformErrorResponse' + description: Exception list not found '405': content: application/json: @@ -453,18 +634,21 @@ paths: operationId: ExportExceptionList parameters: - description: Exception list's identifier + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: true schema: $ref: '#/components/schemas/ExceptionListId' - description: Exception list's human identifier + example: simple_list in: query name: list_id required: true schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: true schema: @@ -472,6 +656,7 @@ paths: - description: >- Determines whether to include expired exceptions in the exported list + example: true in: query name: include_expired_exceptions required: true @@ -529,7 +714,7 @@ paths: - Security Exceptions API /api/exception_lists/_find: get: - description: Get a list of all exception lists. + description: Get a list of all exception list containers. operationId: FindExceptionLists parameters: - description: > @@ -545,6 +730,7 @@ paths: - `exception-list-agnostic`: Specify an exception list that is shared across spaces. + example: exception-list.attributes.name:%Detection%20List in: query name: filter required: false @@ -555,6 +741,7 @@ paths: with a Kibana space or available in all spaces (`agnostic` or `single`) + example: single in: query name: namespace_type required: false @@ -565,6 +752,7 @@ paths: $ref: '#/components/schemas/ExceptionNamespaceType' type: array - description: The page number to return + example: 1 in: query name: page required: false @@ -572,6 +760,7 @@ paths: minimum: 1 type: integer - description: The number of exception lists to return per page + example: 20 in: query name: per_page required: false @@ -579,12 +768,14 @@ paths: minimum: 1 type: integer - description: Determines which field is used to sort the results + example: name in: query name: sort_field required: false schema: type: string - description: Determines the sort order, which can be `desc` or `asc` + example: desc in: query name: sort_order required: false @@ -597,6 +788,30 @@ paths: '200': content: application/json: + examples: + simpleLists: + value: + data: + - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - list_id: simple_list + - type: detection + - name: Detection Exception List + - description: This is a sample detection type exception list. + - immutable: false + - namespace_type: single + - os_types: [] + - tags: + - malware + - version: 1 + - _version: WzIsMV0= + - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + - created_at: '2025-01-07T19:34:27.942Z' + - created_by: elastic + - updated_at: '2025-01-07T19:34:27.942Z' + - updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -659,19 +874,22 @@ paths: If any exception items have the same `item_id`, those are also overwritten. + example: false in: query name: overwrite required: false schema: default: false type: boolean - - in: query + - example: false + in: query name: overwrite_exceptions required: false schema: default: false type: boolean - - in: query + - example: false + in: query name: overwrite_action_connectors required: false schema: @@ -685,6 +903,7 @@ paths: the exception list and its items are overwritten. + example: false in: query name: as_new_list required: false @@ -706,6 +925,16 @@ paths: '200': content: application/json: + examples: + summary: + value: + errors: [] + success: true + success_count: 2 + success_count_exception_list_items: 1 + success_count_exception_lists: 1 + success_exception_list_items: true + success_exception_lists: true, schema: type: object properties: @@ -770,18 +999,21 @@ paths: operationId: DeleteExceptionListItem parameters: - description: Either `id` or `item_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListItemId' - description: Either `id` or `item_id` must be specified + example: simple_list_item in: query name: item_id required: false schema: $ref: '#/components/schemas/ExceptionListItemHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -791,6 +1023,37 @@ paths: '200': content: application/json: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' description: Successful response @@ -836,18 +1099,21 @@ paths: operationId: ReadExceptionListItem parameters: - description: Either `id` or `item_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListItemId' - description: Either `id` or `item_id` must be specified + example: simple_list_item in: query name: item_id required: false schema: $ref: '#/components/schemas/ExceptionListItemHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -857,6 +1123,37 @@ paths: '200': content: application/json: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' description: Successful response @@ -908,6 +1205,27 @@ paths: content: application/json: schema: + example: + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: comments: @@ -951,6 +1269,37 @@ paths: '200': content: application/json: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' description: Successful response @@ -995,6 +1344,19 @@ paths: requestBody: content: application/json: + example: + comments: [] + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple schema: type: object properties: @@ -1043,6 +1405,30 @@ paths: '200': content: application/json: + examples: + simpleListItem: + value: + _version: WzEyLDFd + comments: [] + created_at: 2025-01-07T21:12:25.512Z + created_by: elastic + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Updated name + namespace_type: single + os_types: [] + tags: [] + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: 2025-01-07T21:34:50.233Z + updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' description: Successful response @@ -1087,6 +1473,7 @@ paths: operationId: FindExceptionListItems parameters: - description: List's id + example: simple_list in: query name: list_id required: true @@ -1099,6 +1486,8 @@ paths: field, using the `:` syntax. + example: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -1112,6 +1501,8 @@ paths: with a Kibana space or available in all spaces (`agnostic` or `single`) + example: + - single in: query name: namespace_type required: false @@ -1121,12 +1512,14 @@ paths: items: $ref: '#/components/schemas/ExceptionNamespaceType' type: array - - in: query + - example: host.name + in: query name: search required: false schema: type: string - description: The page number to return + example: 1 in: query name: page required: false @@ -1134,6 +1527,7 @@ paths: minimum: 0 type: integer - description: The number of exception list items to return per page + example: 20 in: query name: per_page required: false @@ -1141,12 +1535,14 @@ paths: minimum: 0 type: integer - description: Determines which field is used to sort the results + example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/NonEmptyString' - description: Determines the sort order, which can be `desc` or `asc` + example: desc in: query name: sort_order required: false @@ -1159,6 +1555,41 @@ paths: '200': content: application/json: + examples: + simpleListItems: + value: + data: + - _version: WzgsMV0= + comments: [] + created_at: 2025-01-07T21:12:25.512Z + created_by: elastic + description: This is a sample exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - jupiter + - saturn + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: 2025-01-07T21:12:25.512Z + updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -1224,24 +1655,30 @@ paths: operationId: ReadExceptionListSummary parameters: - description: Exception list's identifier generated upon creation + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - description: Exception list's human readable identifier + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: $ref: '#/components/schemas/ExceptionNamespaceType' default: single - description: Search filter clause + example: >- + exception-list-agnostic.attributes.tags:"policy:policy-1" OR + exception-list-agnostic.attributes.tags:"policy:all" in: query name: filter required: false @@ -1251,6 +1688,13 @@ paths: '200': content: application/json: + examples: + summary: + value: + linux: 0 + macos: 0 + total: 0 + windows: 0 schema: type: object properties: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index c686d57b725f9..b92a2a4ed1073 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -29,6 +29,28 @@ paths: content: application/json: schema: + example: + items: + - description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: items: @@ -37,12 +59,44 @@ paths: type: array required: - items - description: Rule exception list items + description: Rule exception items. required: true responses: '200': content: application/json: + examples: + simpleList: + value: + items: + - _version: WzQsMV0= + comments: [] + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic schema: items: $ref: '#/components/schemas/ExceptionListItem' @@ -74,7 +128,7 @@ paths: schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response - summary: Create rule exception list items + summary: Create rule exception items tags: - Security Exceptions API /api/exception_lists: @@ -83,18 +137,21 @@ paths: operationId: DeleteExceptionList parameters: - description: Either `id` or `list_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - description: Either `id` or `list_id` must be specified + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -104,6 +161,27 @@ paths: '200': content: application/json: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -130,6 +208,11 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: 'exception list list_id: simple-list does not exist' + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Exception list not found response @@ -147,18 +230,21 @@ paths: operationId: ReadExceptionList parameters: - description: Either `id` or `list_id` must be specified + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - description: Either `id` or `list_id` must be specified + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -168,6 +254,27 @@ paths: '200': content: application/json: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -225,6 +332,16 @@ paths: content: application/json: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: detection type: object properties: description: @@ -258,6 +375,27 @@ paths: '200': content: application/json: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -303,6 +441,15 @@ paths: content: application/json: schema: + example: + description: Different description + list_id: simple_list + name: Updated exception list name + os_types: + - linux + tags: + - draft malware + type: detection type: object properties: _version: @@ -339,6 +486,26 @@ paths: '200': content: application/json: + examples: + simpleList: + value: + _version: WzExLDFd + created_at: 2025-01-07T20:43:55.264Z + created_by: elastic + description: Different description + id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 + immutable: false + list_id: simple_list + name: Updated exception list name + namespace_type: single + os_types: [] + tags: + - draft malware + tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f + type: detection + updated_at: 2025-01-07T21:32:03.726Z + updated_by: elastic + version: 2 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -383,12 +550,14 @@ paths: operationId: DuplicateExceptionList parameters: - description: Exception list's human identifier + example: simple_list in: query name: list_id required: true schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: true schema: @@ -396,6 +565,7 @@ paths: - description: >- Determines whether to include expired exceptions in the exported list + example: true in: query name: include_expired_exceptions required: true @@ -432,6 +602,17 @@ paths: schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response + '404': + content: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 + schema: + $ref: '#/components/schemas/PlatformErrorResponse' + description: Exception list not found '405': content: application/json: @@ -453,18 +634,21 @@ paths: operationId: ExportExceptionList parameters: - description: Exception list's identifier + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: true schema: $ref: '#/components/schemas/ExceptionListId' - description: Exception list's human identifier + example: simple_list in: query name: list_id required: true schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: true schema: @@ -472,6 +656,7 @@ paths: - description: >- Determines whether to include expired exceptions in the exported list + example: true in: query name: include_expired_exceptions required: true @@ -529,7 +714,7 @@ paths: - Security Exceptions API /api/exception_lists/_find: get: - description: Get a list of all exception lists. + description: Get a list of all exception list containers. operationId: FindExceptionLists parameters: - description: > @@ -545,6 +730,7 @@ paths: - `exception-list-agnostic`: Specify an exception list that is shared across spaces. + example: exception-list.attributes.name:%Detection%20List in: query name: filter required: false @@ -555,6 +741,7 @@ paths: with a Kibana space or available in all spaces (`agnostic` or `single`) + example: single in: query name: namespace_type required: false @@ -565,6 +752,7 @@ paths: $ref: '#/components/schemas/ExceptionNamespaceType' type: array - description: The page number to return + example: 1 in: query name: page required: false @@ -572,6 +760,7 @@ paths: minimum: 1 type: integer - description: The number of exception lists to return per page + example: 20 in: query name: per_page required: false @@ -579,12 +768,14 @@ paths: minimum: 1 type: integer - description: Determines which field is used to sort the results + example: name in: query name: sort_field required: false schema: type: string - description: Determines the sort order, which can be `desc` or `asc` + example: desc in: query name: sort_order required: false @@ -597,6 +788,30 @@ paths: '200': content: application/json: + examples: + simpleLists: + value: + data: + - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - list_id: simple_list + - type: detection + - name: Detection Exception List + - description: This is a sample detection type exception list. + - immutable: false + - namespace_type: single + - os_types: [] + - tags: + - malware + - version: 1 + - _version: WzIsMV0= + - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + - created_at: '2025-01-07T19:34:27.942Z' + - created_by: elastic + - updated_at: '2025-01-07T19:34:27.942Z' + - updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -659,19 +874,22 @@ paths: If any exception items have the same `item_id`, those are also overwritten. + example: false in: query name: overwrite required: false schema: default: false type: boolean - - in: query + - example: false + in: query name: overwrite_exceptions required: false schema: default: false type: boolean - - in: query + - example: false + in: query name: overwrite_action_connectors required: false schema: @@ -685,6 +903,7 @@ paths: the exception list and its items are overwritten. + example: false in: query name: as_new_list required: false @@ -706,6 +925,16 @@ paths: '200': content: application/json: + examples: + summary: + value: + errors: [] + success: true + success_count: 2 + success_count_exception_list_items: 1 + success_count_exception_lists: 1 + success_exception_list_items: true + success_exception_lists: true, schema: type: object properties: @@ -770,18 +999,21 @@ paths: operationId: DeleteExceptionListItem parameters: - description: Either `id` or `item_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListItemId' - description: Either `id` or `item_id` must be specified + example: simple_list_item in: query name: item_id required: false schema: $ref: '#/components/schemas/ExceptionListItemHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -791,6 +1023,37 @@ paths: '200': content: application/json: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' description: Successful response @@ -836,18 +1099,21 @@ paths: operationId: ReadExceptionListItem parameters: - description: Either `id` or `item_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListItemId' - description: Either `id` or `item_id` must be specified + example: simple_list_item in: query name: item_id required: false schema: $ref: '#/components/schemas/ExceptionListItemHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -857,6 +1123,37 @@ paths: '200': content: application/json: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' description: Successful response @@ -908,6 +1205,27 @@ paths: content: application/json: schema: + example: + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: comments: @@ -951,6 +1269,37 @@ paths: '200': content: application/json: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' description: Successful response @@ -995,6 +1344,19 @@ paths: requestBody: content: application/json: + example: + comments: [] + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple schema: type: object properties: @@ -1043,6 +1405,30 @@ paths: '200': content: application/json: + examples: + simpleListItem: + value: + _version: WzEyLDFd + comments: [] + created_at: 2025-01-07T21:12:25.512Z + created_by: elastic + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Updated name + namespace_type: single + os_types: [] + tags: [] + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: 2025-01-07T21:34:50.233Z + updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' description: Successful response @@ -1087,6 +1473,7 @@ paths: operationId: FindExceptionListItems parameters: - description: List's id + example: simple_list in: query name: list_id required: true @@ -1099,6 +1486,8 @@ paths: field, using the `:` syntax. + example: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -1112,6 +1501,8 @@ paths: with a Kibana space or available in all spaces (`agnostic` or `single`) + example: + - single in: query name: namespace_type required: false @@ -1121,12 +1512,14 @@ paths: items: $ref: '#/components/schemas/ExceptionNamespaceType' type: array - - in: query + - example: host.name + in: query name: search required: false schema: type: string - description: The page number to return + example: 1 in: query name: page required: false @@ -1134,6 +1527,7 @@ paths: minimum: 0 type: integer - description: The number of exception list items to return per page + example: 20 in: query name: per_page required: false @@ -1141,12 +1535,14 @@ paths: minimum: 0 type: integer - description: Determines which field is used to sort the results + example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/NonEmptyString' - description: Determines the sort order, which can be `desc` or `asc` + example: desc in: query name: sort_order required: false @@ -1159,6 +1555,41 @@ paths: '200': content: application/json: + examples: + simpleListItems: + value: + data: + - _version: WzgsMV0= + comments: [] + created_at: 2025-01-07T21:12:25.512Z + created_by: elastic + description: This is a sample exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - jupiter + - saturn + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: 2025-01-07T21:12:25.512Z + updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -1224,24 +1655,30 @@ paths: operationId: ReadExceptionListSummary parameters: - description: Exception list's identifier generated upon creation + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - description: Exception list's human readable identifier + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: $ref: '#/components/schemas/ExceptionNamespaceType' default: single - description: Search filter clause + example: >- + exception-list-agnostic.attributes.tags:"policy:policy-1" OR + exception-list-agnostic.attributes.tags:"policy:all" in: query name: filter required: false @@ -1251,6 +1688,13 @@ paths: '200': content: application/json: + examples: + summary: + value: + linux: 0 + macos: 0 + total: 0 + windows: 0 schema: type: object properties: diff --git a/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update.json b/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update.json index 15a6f495b7a8f..727f06d5c5bf3 100644 --- a/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update.json +++ b/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update.json @@ -1,8 +1,8 @@ { "list_id": "simple_list", - "tags": ["user added string for a tag", "malware"], - "type": "endpoint", + "tags": ["draft", "malware"], + "type": "detection", "os_types": ["linux"], "description": "Different description", - "name": "Sample Endpoint Exception List" + "name": "Updated exception list name" } diff --git a/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update_item.json b/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update_item.json index 5c0ba447effdd..256324815a18b 100644 --- a/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update_item.json +++ b/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update_item.json @@ -1,6 +1,6 @@ { "comments": [], - "description": "Test comments - exception list item", + "description": "Updated description", "entries": [ { "field": "host.name", @@ -10,7 +10,7 @@ } ], "item_id": "simple_list_item", - "name": "Test comments - exception list item", + "name": "Updated name", "namespace_type": "single", "tags": [], "type": "simple" diff --git a/x-pack/solutions/security/plugins/security_solution/jest.config.dev.js b/x-pack/solutions/security/plugins/security_solution/jest.config.dev.js index af3cb65d0547c..f8d3538785c33 100644 --- a/x-pack/solutions/security/plugins/security_solution/jest.config.dev.js +++ b/x-pack/solutions/security/plugins/security_solution/jest.config.dev.js @@ -9,7 +9,7 @@ module.exports = { preset: '@kbn/test', rootDir: '../../../../../', projects: [ - '/x-pack/solutions/security/plugins/security_solution/common/*/jest.config.js', + // '/x-pack/solutions/security/plugins/security_solution/common/*/jest.config.js', '/x-pack/solutions/security/plugins/security_solution/server/*/jest.config.js', '/x-pack/solutions/security/plugins/security_solution/public/*/jest.config.js', '/x-pack/solutions/security/plugins/security_solution/scripts/junit_transformer/*/jest.config.js', diff --git a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts index e9c26ad55ebf3..33f806fbb4695 100644 --- a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts @@ -166,7 +166,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) .query(props.query); }, /** - * Get a list of all exception lists. + * Get a list of all exception list containers. */ findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { return supertest diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/items/essentials_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/items/essentials_tier/index.ts index 35f627cd8dede..f3351c7e00cf9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/items/essentials_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/items/essentials_tier/index.ts @@ -8,17 +8,17 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('Exception items APIs Authentication - Complete Tier', function () { - loadTestFile(require.resolve('./tier_1_analyst')); - loadTestFile(require.resolve('./tier_2_analyst')); - loadTestFile(require.resolve('./threat_intel_analyst')); - loadTestFile(require.resolve('./tier_3_analyst')); - loadTestFile(require.resolve('./viewer')); - loadTestFile(require.resolve('./rule_author')); - loadTestFile(require.resolve('./soc_manager')); - loadTestFile(require.resolve('./endpoint_operations_analyst')); - loadTestFile(require.resolve('./endpoint_policy_manager')); - loadTestFile(require.resolve('./platform_engineer')); + // loadTestFile(require.resolve('./tier_1_analyst')); + // loadTestFile(require.resolve('./tier_2_analyst')); + // loadTestFile(require.resolve('./threat_intel_analyst')); + // loadTestFile(require.resolve('./tier_3_analyst')); + // loadTestFile(require.resolve('./viewer')); + // loadTestFile(require.resolve('./rule_author')); + // loadTestFile(require.resolve('./soc_manager')); + // loadTestFile(require.resolve('./endpoint_operations_analyst')); + // loadTestFile(require.resolve('./endpoint_policy_manager')); + // loadTestFile(require.resolve('./platform_engineer')); loadTestFile(require.resolve('./editor')); - loadTestFile(require.resolve('./admin')); + // loadTestFile(require.resolve('./admin')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/lists/essentials_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/lists/essentials_tier/index.ts index d3295ee8457c1..30f9ce73430ec 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/lists/essentials_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/lists/essentials_tier/index.ts @@ -8,17 +8,17 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('Exception list APIs Authentication - Complete Tier', function () { - loadTestFile(require.resolve('./tier_1_analyst')); - loadTestFile(require.resolve('./tier_2_analyst')); - loadTestFile(require.resolve('./threat_intel_analyst')); - loadTestFile(require.resolve('./tier_3_analyst')); - loadTestFile(require.resolve('./viewer')); - loadTestFile(require.resolve('./rule_author')); - loadTestFile(require.resolve('./soc_manager')); - loadTestFile(require.resolve('./endpoint_operations_analyst')); - loadTestFile(require.resolve('./endpoint_policy_manager')); - loadTestFile(require.resolve('./platform_engineer')); - loadTestFile(require.resolve('./editor')); + // loadTestFile(require.resolve('./tier_1_analyst')); + // loadTestFile(require.resolve('./tier_2_analyst')); + // loadTestFile(require.resolve('./threat_intel_analyst')); + // loadTestFile(require.resolve('./tier_3_analyst')); + // loadTestFile(require.resolve('./viewer')); + // loadTestFile(require.resolve('./rule_author')); + // loadTestFile(require.resolve('./soc_manager')); + // loadTestFile(require.resolve('./endpoint_operations_analyst')); + // loadTestFile(require.resolve('./endpoint_policy_manager')); + // loadTestFile(require.resolve('./platform_engineer')); + // loadTestFile(require.resolve('./editor')); loadTestFile(require.resolve('./admin')); }); } diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts index d1e800f13672a..fa6c20a639e6a 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts @@ -40,8 +40,7 @@ import { } from '../../../../../tasks/alert_assignments'; import { ALERTS_COUNT } from '../../../../../screens/alerts'; -// FLAKY: https://github.com/elastic/kibana/issues/183787 -describe.skip('Alert user assignment - ESS & Serverless', { tags: ['@ess', '@serverless'] }, () => { +describe('Alert user assignment - ESS & Serverless', { tags: ['@ess', '@serverless'] }, () => { before(() => { cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' }); }); @@ -204,7 +203,8 @@ describe.skip('Alert user assignment - ESS & Serverless', { tags: ['@ess', '@ser cy.get(ALERTS_COUNT).contains(numberOfSelectedAlerts); }); - it('by assignee and alert status', () => { + // FLAKY: https://github.com/elastic/kibana/issues/183787 + it.skip('by assignee and alert status', () => { const totalNumberOfAlerts = 5; const numberOfAssignedAlerts = 3; selectNumberOfAlerts(numberOfAssignedAlerts); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts index 64423a921e595..d576a52fb4a24 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts @@ -67,8 +67,7 @@ const workaroundForResizeObserver = () => } }); -// Failing: See https://github.com/elastic/kibana/issues/184558 -describe.skip( +describe( 'Detection ES|QL rules, creation', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], @@ -215,7 +214,8 @@ describe.skip( login(); visit(CREATE_RULE_URL); }); - it('shows custom ES|QL field in investigation fields autocomplete and saves it in rule', function () { + // Failing: See https://github.com/elastic/kibana/issues/184558 + xit('shows custom ES|QL field in investigation fields autocomplete and saves it in rule', function () { const CUSTOM_ESQL_FIELD = '_custom_agent_name'; const queryWithCustomFields = [ `from auditbeat* metadata _id, _version, _index`, @@ -248,7 +248,8 @@ describe.skip( login(); visit(CREATE_RULE_URL); }); - it('shows custom ES|QL field in investigation fields autocomplete and saves it in rule', function () { + // Failing: See https://github.com/elastic/kibana/issues/184558 + xit('shows custom ES|QL field in investigation fields autocomplete and saves it in rule', function () { const CUSTOM_ESQL_FIELD = '_custom_agent_name'; const SUPPRESS_BY_FIELDS = [CUSTOM_ESQL_FIELD, 'agent.type']; diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts index 8d44be4dc3aaf..36f5386690ab8 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts @@ -212,6 +212,7 @@ describe('indicator match', { tags: ['@ess', '@serverless', '@skipInServerlessMK }); // FLAKY: https://github.com/elastic/kibana/issues/182669 + // FLAKY: https://github.com/elastic/kibana/issues/179187 describe.skip('Indicator mapping', () => { beforeEach(() => { const rule = getNewThreatIndicatorRule(); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/eql_query_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/eql_query_rule.cy.ts index d7bd6d8ebce77..4e90c1c204216 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/eql_query_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/eql_query_rule.cy.ts @@ -15,15 +15,15 @@ import { } from '../../../../tasks/edit_rule'; import { login } from '../../../../tasks/login'; -// Failing: See https://github.com/elastic/kibana/issues/201334 -describe.skip('EQL query rules', { tags: ['@ess', '@serverless'] }, () => { +describe('EQL query rules', { tags: ['@ess', '@serverless'] }, () => { context('Editing rule with non-blocking query validation errors', () => { beforeEach(() => { login(); deleteAlertsAndRules(); }); - it('should allow user to save a rule and show confirmation modal when data source does not exist', () => { + // Failing: See https://github.com/elastic/kibana/issues/201334 + xit('should allow user to save a rule and show confirmation modal when data source does not exist', () => { const rule = { ...getEqlRule(), index: ['fake*'], diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts index 33589e6655174..592207b0980e9 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts @@ -56,9 +56,7 @@ const expectedValidEsqlQuery = 'from auditbeat* | stats _count=count(event.category) by event.category'; // Skipping in MKI due to flake -// Failing: See https://github.com/elastic/kibana/issues/184557 -// Failing: See https://github.com/elastic/kibana/issues/184556 -describe.skip( +describe( 'Detection ES|QL rules, edit', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], @@ -130,7 +128,8 @@ describe.skip( }); }); - it('displays suppress options correctly on edit form and allows its editing', () => { + // Failing: See https://github.com/elastic/kibana/issues/184556 + it.skip('displays suppress options correctly on edit form and allows its editing', () => { visit(RULES_MANAGEMENT_URL); interceptEsqlQueryFieldsRequest(expectedValidEsqlQuery, 'esqlSuppressionFieldsRequest'); @@ -174,7 +173,8 @@ describe.skip( }); }); - it('enables suppression on time interval', () => { + // Failing: See https://github.com/elastic/kibana/issues/184557 + it.skip('enables suppression on time interval', () => { visit(RULES_MANAGEMENT_URL); interceptEsqlQueryFieldsRequest(expectedValidEsqlQuery, 'esqlSuppressionFieldsRequest'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items.cy.ts index 11fb0aa197450..993243d1ee55a 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items.cy.ts @@ -41,8 +41,7 @@ import { import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management'; import { getDefaultUsername } from '../../../../tasks/common/users'; -// Failing: See https://github.com/elastic/kibana/issues/183713 -describe.skip( +describe( 'Value list items', { tags: ['@ess', '@serverless'], @@ -122,7 +121,8 @@ describe.skip( ); }); - it('displays a toaster error when list item actions fail', () => { + // Failing: See https://github.com/elastic/kibana/issues/183713 + it.skip('displays a toaster error when list item actions fail', () => { mockCreateListItemError(); mockUpdateListItemError(); mockDeleteListItemError(); From 917d27b4e026621e94d36571b6ce81ed9ca92aac Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 7 Jan 2025 22:25:37 +0000 Subject: [PATCH 02/14] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 468 ++++++++++++++++++++++++- oas_docs/output/kibana.yaml | 468 ++++++++++++++++++++++++- 2 files changed, 910 insertions(+), 26 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index b9c0acda9e793..3de30d9e9973d 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -8356,6 +8356,28 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + items: + - description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: items: @@ -8364,12 +8386,44 @@ paths: type: array required: - items - description: Rule exception list items + description: Rule exception items. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + items: + - _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -8401,7 +8455,7 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create rule exception list items + summary: Create rule exception items tags: - Security Exceptions API x-beta: true @@ -9939,18 +9993,21 @@ paths: operationId: DeleteExceptionList parameters: - description: Either `id` or `list_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Either `id` or `list_id` must be specified + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -9960,6 +10017,27 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response @@ -9986,6 +10064,11 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: 'exception list list_id: simple-list does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response @@ -10004,18 +10087,21 @@ paths: operationId: ReadExceptionList parameters: - description: Either `id` or `list_id` must be specified + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Either `id` or `list_id` must be specified + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -10025,6 +10111,27 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response @@ -10074,6 +10181,16 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: detection type: object properties: description: @@ -10107,6 +10224,27 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response @@ -10153,6 +10291,15 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + description: Different description + list_id: simple_list + name: Updated exception list name + os_types: + - linux + tags: + - draft malware + type: detection type: object properties: _version: @@ -10189,6 +10336,26 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + _version: WzExLDFd + created_at: '2025-01-07T20:43:55.264Z' + created_by: elastic + description: Different description + id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 + immutable: false + list_id: simple_list + name: Updated exception list name + namespace_type: single + os_types: [] + tags: + - draft malware + tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f + type: detection + updated_at: '2025-01-07T21:32:03.726Z' + updated_by: elastic + version: 2 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response @@ -10234,17 +10401,20 @@ paths: operationId: DuplicateExceptionList parameters: - description: Exception list's human identifier + example: simple_list in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - description: Determines whether to include expired exceptions in the exported list + example: true in: query name: include_expired_exceptions required: true @@ -10281,6 +10451,17 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Exception list not found '405': content: application/json; Elastic-Api-Version=2023-10-31: @@ -10303,23 +10484,27 @@ paths: operationId: ExportExceptionList parameters: - description: Exception list's identifier + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Exception list's human identifier + example: simple_list in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - description: Determines whether to include expired exceptions in the exported list + example: true in: query name: include_expired_exceptions required: true @@ -10376,7 +10561,7 @@ paths: x-beta: true /api/exception_lists/_find: get: - description: Get a list of all exception lists. + description: Get a list of all exception list containers. operationId: FindExceptionLists parameters: - description: | @@ -10386,6 +10571,7 @@ paths: - `exception-list`: Specify a space-aware exception list. - `exception-list-agnostic`: Specify an exception list that is shared across spaces. + example: exception-list.attributes.name:%Detection%20List in: query name: filter required: false @@ -10394,6 +10580,7 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) + example: single in: query name: namespace_type required: false @@ -10404,6 +10591,7 @@ paths: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - description: The page number to return + example: 1 in: query name: page required: false @@ -10411,6 +10599,7 @@ paths: minimum: 1 type: integer - description: The number of exception lists to return per page + example: 20 in: query name: per_page required: false @@ -10418,12 +10607,14 @@ paths: minimum: 1 type: integer - description: Determines which field is used to sort the results + example: name in: query name: sort_field required: false schema: type: string - description: Determines the sort order, which can be `desc` or `asc` + example: desc in: query name: sort_order required: false @@ -10436,6 +10627,30 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleLists: + value: + data: + - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - list_id: simple_list + - type: detection + - name: Detection Exception List + - description: This is a sample detection type exception list. + - immutable: false + - namespace_type: single + - os_types: [] + - tags: + - malware + - version: 1 + - _version: WzIsMV0= + - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + - created_at: '2025-01-07T19:34:27.942Z' + - created_by: elastic + - updated_at: '2025-01-07T19:34:27.942Z' + - updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -10496,19 +10711,22 @@ paths: - description: | Determines whether existing exception lists with the same `list_id` are overwritten. If any exception items have the same `item_id`, those are also overwritten. + example: false in: query name: overwrite required: false schema: default: false type: boolean - - in: query + - example: false + in: query name: overwrite_exceptions required: false schema: default: false type: boolean - - in: query + - example: false + in: query name: overwrite_action_connectors required: false schema: @@ -10518,6 +10736,7 @@ paths: Determines whether the list being imported will have a new `list_id` generated. Additional `item_id`'s are generated for each exception item. Both the exception list and its items are overwritten. + example: false in: query name: as_new_list required: false @@ -10539,6 +10758,16 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + summary: + value: + errors: [] + success: true + success_count: 2 + success_count_exception_list_items: 1 + success_count_exception_lists: 1 + success_exception_list_items: true + success_exception_lists: true, schema: type: object properties: @@ -10604,18 +10833,21 @@ paths: operationId: DeleteExceptionListItem parameters: - description: Either `id` or `item_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified + example: simple_list_item in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -10625,6 +10857,37 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -10669,18 +10932,21 @@ paths: operationId: ReadExceptionListItem parameters: - description: Either `id` or `item_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified + example: simple_list_item in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -10690,6 +10956,37 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -10739,6 +11036,27 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: comments: @@ -10782,6 +11100,37 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -10827,6 +11176,19 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + example: + comments: [] + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple schema: type: object properties: @@ -10875,6 +11237,30 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItem: + value: + _version: WzEyLDFd + comments: [] + created_at: '2025-01-07T21:12:25.512Z' + created_by: elastic + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Updated name + namespace_type: single + os_types: [] + tags: [] + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: '2025-01-07T21:34:50.233Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -10920,6 +11306,7 @@ paths: operationId: FindExceptionListItems parameters: - description: List's id + example: simple_list in: query name: list_id required: true @@ -10930,6 +11317,8 @@ paths: - description: | Filters the returned results according to the value of the specified field, using the `:` syntax. + example: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -10941,6 +11330,8 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) + example: + - single in: query name: namespace_type required: false @@ -10950,12 +11341,14 @@ paths: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - - in: query + - example: host.name + in: query name: search required: false schema: type: string - description: The page number to return + example: 1 in: query name: page required: false @@ -10963,6 +11356,7 @@ paths: minimum: 0 type: integer - description: The number of exception list items to return per page + example: 20 in: query name: per_page required: false @@ -10970,12 +11364,14 @@ paths: minimum: 0 type: integer - description: Determines which field is used to sort the results + example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Determines the sort order, which can be `desc` or `asc` + example: desc in: query name: sort_order required: false @@ -10988,6 +11384,41 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItems: + value: + data: + - _version: WzgsMV0= + comments: [] + created_at: '2025-01-07T21:12:25.512Z' + created_by: elastic + description: This is a sample exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - jupiter + - saturn + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: '2025-01-07T21:12:25.512Z' + updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -11054,24 +11485,28 @@ paths: operationId: ReadExceptionListSummary parameters: - description: Exception list's identifier generated upon creation + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Exception list's human readable identifier + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single - description: Search filter clause + example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" in: query name: filter required: false @@ -11081,6 +11516,13 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + summary: + value: + linux: 0 + macos: 0 + total: 0 + windows: 0 schema: type: object properties: diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 38cc5ab0e932f..7a0ab0da9e2e9 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -10177,6 +10177,28 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + items: + - description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: items: @@ -10185,12 +10207,44 @@ paths: type: array required: - items - description: Rule exception list items + description: Rule exception items. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + items: + - _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -10222,7 +10276,7 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create rule exception list items + summary: Create rule exception items tags: - Security Exceptions API /api/detection_engine/rules/prepackaged: @@ -12101,18 +12155,21 @@ paths: operationId: DeleteExceptionList parameters: - description: Either `id` or `list_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Either `id` or `list_id` must be specified + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -12122,6 +12179,27 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response @@ -12148,6 +12226,11 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: 'exception list list_id: simple-list does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response @@ -12165,18 +12248,21 @@ paths: operationId: ReadExceptionList parameters: - description: Either `id` or `list_id` must be specified + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Either `id` or `list_id` must be specified + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -12186,6 +12272,27 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response @@ -12234,6 +12341,16 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: detection type: object properties: description: @@ -12267,6 +12384,27 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response @@ -12312,6 +12450,15 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + description: Different description + list_id: simple_list + name: Updated exception list name + os_types: + - linux + tags: + - draft malware + type: detection type: object properties: _version: @@ -12348,6 +12495,26 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleList: + value: + _version: WzExLDFd + created_at: '2025-01-07T20:43:55.264Z' + created_by: elastic + description: Different description + id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 + immutable: false + list_id: simple_list + name: Updated exception list name + namespace_type: single + os_types: [] + tags: + - draft malware + tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f + type: detection + updated_at: '2025-01-07T21:32:03.726Z' + updated_by: elastic + version: 2 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response @@ -12392,17 +12559,20 @@ paths: operationId: DuplicateExceptionList parameters: - description: Exception list's human identifier + example: simple_list in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - description: Determines whether to include expired exceptions in the exported list + example: true in: query name: include_expired_exceptions required: true @@ -12439,6 +12609,17 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Exception list not found '405': content: application/json; Elastic-Api-Version=2023-10-31: @@ -12460,23 +12641,27 @@ paths: operationId: ExportExceptionList parameters: - description: Exception list's identifier + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Exception list's human identifier + example: simple_list in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - description: Determines whether to include expired exceptions in the exported list + example: true in: query name: include_expired_exceptions required: true @@ -12532,7 +12717,7 @@ paths: - Security Exceptions API /api/exception_lists/_find: get: - description: Get a list of all exception lists. + description: Get a list of all exception list containers. operationId: FindExceptionLists parameters: - description: | @@ -12542,6 +12727,7 @@ paths: - `exception-list`: Specify a space-aware exception list. - `exception-list-agnostic`: Specify an exception list that is shared across spaces. + example: exception-list.attributes.name:%Detection%20List in: query name: filter required: false @@ -12550,6 +12736,7 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) + example: single in: query name: namespace_type required: false @@ -12560,6 +12747,7 @@ paths: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - description: The page number to return + example: 1 in: query name: page required: false @@ -12567,6 +12755,7 @@ paths: minimum: 1 type: integer - description: The number of exception lists to return per page + example: 20 in: query name: per_page required: false @@ -12574,12 +12763,14 @@ paths: minimum: 1 type: integer - description: Determines which field is used to sort the results + example: name in: query name: sort_field required: false schema: type: string - description: Determines the sort order, which can be `desc` or `asc` + example: desc in: query name: sort_order required: false @@ -12592,6 +12783,30 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleLists: + value: + data: + - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - list_id: simple_list + - type: detection + - name: Detection Exception List + - description: This is a sample detection type exception list. + - immutable: false + - namespace_type: single + - os_types: [] + - tags: + - malware + - version: 1 + - _version: WzIsMV0= + - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + - created_at: '2025-01-07T19:34:27.942Z' + - created_by: elastic + - updated_at: '2025-01-07T19:34:27.942Z' + - updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -12651,19 +12866,22 @@ paths: - description: | Determines whether existing exception lists with the same `list_id` are overwritten. If any exception items have the same `item_id`, those are also overwritten. + example: false in: query name: overwrite required: false schema: default: false type: boolean - - in: query + - example: false + in: query name: overwrite_exceptions required: false schema: default: false type: boolean - - in: query + - example: false + in: query name: overwrite_action_connectors required: false schema: @@ -12673,6 +12891,7 @@ paths: Determines whether the list being imported will have a new `list_id` generated. Additional `item_id`'s are generated for each exception item. Both the exception list and its items are overwritten. + example: false in: query name: as_new_list required: false @@ -12694,6 +12913,16 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + summary: + value: + errors: [] + success: true + success_count: 2 + success_count_exception_list_items: 1 + success_count_exception_lists: 1 + success_exception_list_items: true + success_exception_lists: true, schema: type: object properties: @@ -12758,18 +12987,21 @@ paths: operationId: DeleteExceptionListItem parameters: - description: Either `id` or `item_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified + example: simple_list_item in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -12779,6 +13011,37 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -12822,18 +13085,21 @@ paths: operationId: ReadExceptionListItem parameters: - description: Either `id` or `item_id` must be specified + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified + example: simple_list_item in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: @@ -12843,6 +13109,37 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -12891,6 +13188,27 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: comments: @@ -12934,6 +13252,37 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -12978,6 +13327,19 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + example: + comments: [] + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple schema: type: object properties: @@ -13026,6 +13388,30 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItem: + value: + _version: WzEyLDFd + comments: [] + created_at: '2025-01-07T21:12:25.512Z' + created_by: elastic + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Updated name + namespace_type: single + os_types: [] + tags: [] + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: '2025-01-07T21:34:50.233Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -13070,6 +13456,7 @@ paths: operationId: FindExceptionListItems parameters: - description: List's id + example: simple_list in: query name: list_id required: true @@ -13080,6 +13467,8 @@ paths: - description: | Filters the returned results according to the value of the specified field, using the `:` syntax. + example: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -13091,6 +13480,8 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) + example: + - single in: query name: namespace_type required: false @@ -13100,12 +13491,14 @@ paths: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - - in: query + - example: host.name + in: query name: search required: false schema: type: string - description: The page number to return + example: 1 in: query name: page required: false @@ -13113,6 +13506,7 @@ paths: minimum: 0 type: integer - description: The number of exception list items to return per page + example: 20 in: query name: per_page required: false @@ -13120,12 +13514,14 @@ paths: minimum: 0 type: integer - description: Determines which field is used to sort the results + example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Determines the sort order, which can be `desc` or `asc` + example: desc in: query name: sort_order required: false @@ -13138,6 +13534,41 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + simpleListItems: + value: + data: + - _version: WzgsMV0= + comments: [] + created_at: '2025-01-07T21:12:25.512Z' + created_by: elastic + description: This is a sample exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - jupiter + - saturn + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: '2025-01-07T21:12:25.512Z' + updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -13203,24 +13634,28 @@ paths: operationId: ReadExceptionListSummary parameters: - description: Exception list's identifier generated upon creation + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Exception list's human readable identifier + example: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - example: single + in: query name: namespace_type required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single - description: Search filter clause + example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" in: query name: filter required: false @@ -13230,6 +13665,13 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + summary: + value: + linux: 0 + macos: 0 + total: 0 + windows: 0 schema: type: object properties: From 658f6a340f3f68fc30ebf00502015c9d877c94f6 Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Tue, 7 Jan 2025 20:20:52 -0800 Subject: [PATCH 03/14] Delete packages/kbn-repo-packages/package-map.json - unsure why that was created --- packages/kbn-repo-packages/package-map.json | 4154 ------------------- 1 file changed, 4154 deletions(-) delete mode 100644 packages/kbn-repo-packages/package-map.json diff --git a/packages/kbn-repo-packages/package-map.json b/packages/kbn-repo-packages/package-map.json deleted file mode 100644 index c64d50ae10ad4..0000000000000 --- a/packages/kbn-repo-packages/package-map.json +++ /dev/null @@ -1,4154 +0,0 @@ -[ - [ - "@kbn/aad-fixtures-plugin", - "x-pack/test/alerting_api_integration/common/plugins/aad" - ], - [ - "@kbn/actions-plugin", - "x-pack/platform/plugins/shared/actions" - ], - [ - "@kbn/actions-simulators-plugin", - "x-pack/test/alerting_api_integration/common/plugins/actions_simulators" - ], - [ - "@kbn/actions-types", - "src/platform/packages/shared/kbn-actions-types" - ], - [ - "@kbn/advanced-settings-plugin", - "src/plugins/advanced_settings" - ], - [ - "@kbn/ai-assistant", - "x-pack/packages/kbn-ai-assistant" - ], - [ - "@kbn/ai-assistant-common", - "x-pack/platform/packages/shared/ai-assistant/common" - ], - [ - "@kbn/ai-assistant-icon", - "x-pack/platform/packages/shared/ai-assistant/icon" - ], - [ - "@kbn/ai-assistant-management-plugin", - "src/platform/plugins/shared/ai_assistant_management/selection" - ], - [ - "@kbn/aiops-change-point-detection", - "x-pack/platform/packages/private/ml/aiops_change_point_detection" - ], - [ - "@kbn/aiops-common", - "x-pack/platform/packages/shared/ml/aiops_common" - ], - [ - "@kbn/aiops-components", - "x-pack/platform/packages/private/ml/aiops_components" - ], - [ - "@kbn/aiops-log-pattern-analysis", - "x-pack/platform/packages/shared/ml/aiops_log_pattern_analysis" - ], - [ - "@kbn/aiops-log-rate-analysis", - "x-pack/platform/packages/shared/ml/aiops_log_rate_analysis" - ], - [ - "@kbn/aiops-plugin", - "x-pack/platform/plugins/shared/aiops" - ], - [ - "@kbn/aiops-test-utils", - "x-pack/platform/packages/private/ml/aiops_test_utils" - ], - [ - "@kbn/alerting-api-integration-helpers", - "x-pack/test/alerting_api_integration/packages/helpers" - ], - [ - "@kbn/alerting-api-integration-test-plugin", - "x-pack/test/alerting_api_integration/common/plugins/alerts" - ], - [ - "@kbn/alerting-comparators", - "x-pack/platform/packages/shared/kbn-alerting-comparators" - ], - [ - "@kbn/alerting-example-plugin", - "x-pack/examples/alerting_example" - ], - [ - "@kbn/alerting-fixture-plugin", - "x-pack/test/functional_with_es_ssl/plugins/alerts" - ], - [ - "@kbn/alerting-plugin", - "x-pack/platform/plugins/shared/alerting" - ], - [ - "@kbn/alerting-state-types", - "x-pack/platform/packages/private/kbn-alerting-state-types" - ], - [ - "@kbn/alerting-types", - "src/platform/packages/shared/kbn-alerting-types" - ], - [ - "@kbn/alerts-as-data-utils", - "src/platform/packages/shared/kbn-alerts-as-data-utils" - ], - [ - "@kbn/alerts-grouping", - "x-pack/solutions/observability/packages/kbn-alerts-grouping" - ], - [ - "@kbn/alerts-restricted-fixtures-plugin", - "x-pack/test/alerting_api_integration/common/plugins/alerts_restricted" - ], - [ - "@kbn/alerts-ui-shared", - "src/platform/packages/shared/kbn-alerts-ui-shared" - ], - [ - "@kbn/ambient-common-types", - "packages/kbn-ambient-common-types" - ], - [ - "@kbn/ambient-ftr-types", - "packages/kbn-ambient-ftr-types" - ], - [ - "@kbn/ambient-storybook-types", - "packages/kbn-ambient-storybook-types" - ], - [ - "@kbn/ambient-ui-types", - "packages/kbn-ambient-ui-types" - ], - [ - "@kbn/analytics", - "packages/kbn-analytics" - ], - [ - "@kbn/analytics-collection-utils", - "packages/analytics/utils/analytics_collection_utils" - ], - [ - "@kbn/analytics-ftr-helpers-plugin", - "test/analytics/plugins/analytics_ftr_helpers" - ], - [ - "@kbn/analytics-plugin-a-plugin", - "test/analytics/plugins/analytics_plugin_a" - ], - [ - "@kbn/apm-config-loader", - "packages/kbn-apm-config-loader" - ], - [ - "@kbn/apm-data-access-plugin", - "x-pack/plugins/observability_solution/apm_data_access" - ], - [ - "@kbn/apm-data-view", - "packages/kbn-apm-data-view" - ], - [ - "@kbn/apm-ftr-e2e", - "x-pack/plugins/observability_solution/apm/ftr_e2e" - ], - [ - "@kbn/apm-plugin", - "x-pack/plugins/observability_solution/apm" - ], - [ - "@kbn/apm-synthtrace", - "packages/kbn-apm-synthtrace" - ], - [ - "@kbn/apm-synthtrace-client", - "packages/kbn-apm-synthtrace-client" - ], - [ - "@kbn/apm-types", - "packages/kbn-apm-types" - ], - [ - "@kbn/apm-utils", - "packages/kbn-apm-utils" - ], - [ - "@kbn/app-link-test-plugin", - "test/plugin_functional/plugins/app_link_test" - ], - [ - "@kbn/application-usage-test-plugin", - "x-pack/test/usage_collection/plugins/application_usage_test" - ], - [ - "@kbn/asset-inventory-plugin", - "x-pack/solutions/security/plugins/asset_inventory" - ], - [ - "@kbn/audit-log-plugin", - "x-pack/test/security_api_integration/plugins/audit_log" - ], - [ - "@kbn/avc-banner", - "src/platform/packages/shared/kbn-avc-banner" - ], - [ - "@kbn/axe-config", - "packages/kbn-axe-config" - ], - [ - "@kbn/babel-preset", - "packages/kbn-babel-preset" - ], - [ - "@kbn/babel-register", - "packages/kbn-babel-register" - ], - [ - "@kbn/babel-transform", - "packages/kbn-babel-transform" - ], - [ - "@kbn/banners-plugin", - "x-pack/plugins/banners" - ], - [ - "@kbn/bazel-runner", - "packages/kbn-bazel-runner" - ], - [ - "@kbn/calculate-auto", - "packages/kbn-calculate-auto" - ], - [ - "@kbn/calculate-width-from-char-count", - "packages/kbn-calculate-width-from-char-count" - ], - [ - "@kbn/canvas-plugin", - "x-pack/platform/plugins/private/canvas" - ], - [ - "@kbn/capture-oas-snapshot-cli", - "packages/kbn-capture-oas-snapshot-cli" - ], - [ - "@kbn/cases-api-integration-test-plugin", - "x-pack/test/cases_api_integration/common/plugins/cases" - ], - [ - "@kbn/cases-components", - "src/platform/packages/shared/kbn-cases-components" - ], - [ - "@kbn/cases-plugin", - "x-pack/platform/plugins/shared/cases" - ], - [ - "@kbn/cbor", - "packages/kbn-cbor" - ], - [ - "@kbn/cell-actions", - "src/platform/packages/shared/kbn-cell-actions" - ], - [ - "@kbn/chart-expressions-common", - "src/plugins/chart_expressions/common" - ], - [ - "@kbn/chart-icons", - "packages/kbn-chart-icons" - ], - [ - "@kbn/charts-plugin", - "src/plugins/charts" - ], - [ - "@kbn/charts-theme", - "packages/kbn-charts-theme" - ], - [ - "@kbn/check-mappings-update-cli", - "packages/kbn-check-mappings-update-cli" - ], - [ - "@kbn/check-prod-native-modules-cli", - "packages/kbn-check-prod-native-modules-cli" - ], - [ - "@kbn/ci-stats-core", - "packages/kbn-ci-stats-core" - ], - [ - "@kbn/ci-stats-performance-metrics", - "packages/kbn-ci-stats-performance-metrics" - ], - [ - "@kbn/ci-stats-reporter", - "packages/kbn-ci-stats-reporter" - ], - [ - "@kbn/ci-stats-shipper-cli", - "packages/kbn-ci-stats-shipper-cli" - ], - [ - "@kbn/cli-dev-mode", - "packages/kbn-cli-dev-mode" - ], - [ - "@kbn/cloud", - "packages/cloud" - ], - [ - "@kbn/cloud-chat-plugin", - "x-pack/plugins/cloud_integrations/cloud_chat" - ], - [ - "@kbn/cloud-data-migration-plugin", - "x-pack/platform/plugins/private/cloud_integrations/cloud_data_migration" - ], - [ - "@kbn/cloud-defend-plugin", - "x-pack/solutions/security/plugins/cloud_defend" - ], - [ - "@kbn/cloud-experiments-plugin", - "x-pack/plugins/cloud_integrations/cloud_experiments" - ], - [ - "@kbn/cloud-full-story-plugin", - "x-pack/plugins/cloud_integrations/cloud_full_story" - ], - [ - "@kbn/cloud-integration-saml-provider-plugin", - "x-pack/test/cloud_integration/plugins/saml_provider" - ], - [ - "@kbn/cloud-links-plugin", - "x-pack/plugins/cloud_integrations/cloud_links" - ], - [ - "@kbn/cloud-plugin", - "x-pack/plugins/cloud" - ], - [ - "@kbn/cloud-security-posture", - "x-pack/solutions/security/packages/kbn-cloud-security-posture/public" - ], - [ - "@kbn/cloud-security-posture-common", - "x-pack/platform/packages/shared/kbn-cloud-security-posture/common" - ], - [ - "@kbn/cloud-security-posture-graph", - "x-pack/solutions/security/packages/kbn-cloud-security-posture/graph" - ], - [ - "@kbn/cloud-security-posture-plugin", - "x-pack/solutions/security/plugins/cloud_security_posture" - ], - [ - "@kbn/code-editor", - "packages/shared-ux/code_editor/impl" - ], - [ - "@kbn/code-editor-mock", - "packages/shared-ux/code_editor/mocks" - ], - [ - "@kbn/code-owners", - "packages/kbn-code-owners" - ], - [ - "@kbn/coloring", - "packages/kbn-coloring" - ], - [ - "@kbn/config", - "packages/kbn-config" - ], - [ - "@kbn/config-mocks", - "packages/kbn-config-mocks" - ], - [ - "@kbn/config-schema", - "packages/kbn-config-schema" - ], - [ - "@kbn/console-plugin", - "src/platform/plugins/shared/console" - ], - [ - "@kbn/content-management-content-editor", - "packages/content-management/content_editor" - ], - [ - "@kbn/content-management-content-insights-public", - "packages/content-management/content_insights/content_insights_public" - ], - [ - "@kbn/content-management-content-insights-server", - "packages/content-management/content_insights/content_insights_server" - ], - [ - "@kbn/content-management-examples-plugin", - "examples/content_management_examples" - ], - [ - "@kbn/content-management-favorites-common", - "packages/content-management/favorites/favorites_common" - ], - [ - "@kbn/content-management-favorites-public", - "packages/content-management/favorites/favorites_public" - ], - [ - "@kbn/content-management-favorites-server", - "packages/content-management/favorites/favorites_server" - ], - [ - "@kbn/content-management-plugin", - "src/plugins/content_management" - ], - [ - "@kbn/content-management-tabbed-table-list-view", - "packages/content-management/tabbed_table_list_view" - ], - [ - "@kbn/content-management-table-list-view", - "packages/content-management/table_list_view" - ], - [ - "@kbn/content-management-table-list-view-common", - "packages/content-management/table_list_view_common" - ], - [ - "@kbn/content-management-table-list-view-table", - "packages/content-management/table_list_view_table" - ], - [ - "@kbn/content-management-user-profiles", - "packages/content-management/user_profiles" - ], - [ - "@kbn/content-management-utils", - "packages/kbn-content-management-utils" - ], - [ - "@kbn/controls-example-plugin", - "examples/controls_example" - ], - [ - "@kbn/controls-plugin", - "src/platform/plugins/shared/controls" - ], - [ - "@kbn/core", - "src/core" - ], - [ - "@kbn/core-analytics-browser", - "src/core/packages/analytics/browser" - ], - [ - "@kbn/core-analytics-browser-internal", - "src/core/packages/analytics/browser-internal" - ], - [ - "@kbn/core-analytics-browser-mocks", - "packages/core/analytics/core-analytics-browser-mocks" - ], - [ - "@kbn/core-analytics-server", - "src/core/packages/analytics/server" - ], - [ - "@kbn/core-analytics-server-internal", - "src/core/packages/analytics/server-internal" - ], - [ - "@kbn/core-analytics-server-mocks", - "packages/core/analytics/core-analytics-server-mocks" - ], - [ - "@kbn/core-app-status-plugin", - "test/plugin_functional/plugins/core_app_status" - ], - [ - "@kbn/core-application-browser", - "src/core/packages/application/browser" - ], - [ - "@kbn/core-application-browser-internal", - "src/core/packages/application/browser-internal" - ], - [ - "@kbn/core-application-browser-mocks", - "packages/core/application/core-application-browser-mocks" - ], - [ - "@kbn/core-application-common", - "src/core/packages/application/common" - ], - [ - "@kbn/core-apps-browser-internal", - "src/core/packages/apps/browser-internal" - ], - [ - "@kbn/core-apps-browser-mocks", - "packages/core/apps/core-apps-browser-mocks" - ], - [ - "@kbn/core-apps-server-internal", - "src/core/packages/apps/server-internal" - ], - [ - "@kbn/core-base-browser-internal", - "src/core/packages/base/browser-internal" - ], - [ - "@kbn/core-base-browser-mocks", - "packages/core/base/core-base-browser-mocks" - ], - [ - "@kbn/core-base-common", - "src/core/packages/base/common" - ], - [ - "@kbn/core-base-common-internal", - "packages/core/base/core-base-common-internal" - ], - [ - "@kbn/core-base-server-internal", - "packages/core/base/core-base-server-internal" - ], - [ - "@kbn/core-base-server-mocks", - "packages/core/base/core-base-server-mocks" - ], - [ - "@kbn/core-capabilities-browser-internal", - "packages/core/capabilities/core-capabilities-browser-internal" - ], - [ - "@kbn/core-capabilities-browser-mocks", - "packages/core/capabilities/core-capabilities-browser-mocks" - ], - [ - "@kbn/core-capabilities-common", - "packages/core/capabilities/core-capabilities-common" - ], - [ - "@kbn/core-capabilities-server", - "packages/core/capabilities/core-capabilities-server" - ], - [ - "@kbn/core-capabilities-server-internal", - "packages/core/capabilities/core-capabilities-server-internal" - ], - [ - "@kbn/core-capabilities-server-mocks", - "packages/core/capabilities/core-capabilities-server-mocks" - ], - [ - "@kbn/core-chrome-browser", - "packages/core/chrome/core-chrome-browser" - ], - [ - "@kbn/core-chrome-browser-internal", - "packages/core/chrome/core-chrome-browser-internal" - ], - [ - "@kbn/core-chrome-browser-mocks", - "packages/core/chrome/core-chrome-browser-mocks" - ], - [ - "@kbn/core-config-server-internal", - "packages/core/config/core-config-server-internal" - ], - [ - "@kbn/core-custom-branding-browser", - "packages/core/custom-branding/core-custom-branding-browser" - ], - [ - "@kbn/core-custom-branding-browser-internal", - "packages/core/custom-branding/core-custom-branding-browser-internal" - ], - [ - "@kbn/core-custom-branding-browser-mocks", - "packages/core/custom-branding/core-custom-branding-browser-mocks" - ], - [ - "@kbn/core-custom-branding-common", - "packages/core/custom-branding/core-custom-branding-common" - ], - [ - "@kbn/core-custom-branding-server", - "packages/core/custom-branding/core-custom-branding-server" - ], - [ - "@kbn/core-custom-branding-server-internal", - "packages/core/custom-branding/core-custom-branding-server-internal" - ], - [ - "@kbn/core-custom-branding-server-mocks", - "packages/core/custom-branding/core-custom-branding-server-mocks" - ], - [ - "@kbn/core-deprecations-browser", - "packages/core/deprecations/core-deprecations-browser" - ], - [ - "@kbn/core-deprecations-browser-internal", - "packages/core/deprecations/core-deprecations-browser-internal" - ], - [ - "@kbn/core-deprecations-browser-mocks", - "packages/core/deprecations/core-deprecations-browser-mocks" - ], - [ - "@kbn/core-deprecations-common", - "packages/core/deprecations/core-deprecations-common" - ], - [ - "@kbn/core-deprecations-server", - "packages/core/deprecations/core-deprecations-server" - ], - [ - "@kbn/core-deprecations-server-internal", - "packages/core/deprecations/core-deprecations-server-internal" - ], - [ - "@kbn/core-deprecations-server-mocks", - "packages/core/deprecations/core-deprecations-server-mocks" - ], - [ - "@kbn/core-doc-links-browser", - "packages/core/doc-links/core-doc-links-browser" - ], - [ - "@kbn/core-doc-links-browser-internal", - "packages/core/doc-links/core-doc-links-browser-internal" - ], - [ - "@kbn/core-doc-links-browser-mocks", - "packages/core/doc-links/core-doc-links-browser-mocks" - ], - [ - "@kbn/core-doc-links-server", - "packages/core/doc-links/core-doc-links-server" - ], - [ - "@kbn/core-doc-links-server-internal", - "packages/core/doc-links/core-doc-links-server-internal" - ], - [ - "@kbn/core-doc-links-server-mocks", - "packages/core/doc-links/core-doc-links-server-mocks" - ], - [ - "@kbn/core-elasticsearch-client-server-internal", - "packages/core/elasticsearch/core-elasticsearch-client-server-internal" - ], - [ - "@kbn/core-elasticsearch-client-server-mocks", - "packages/core/elasticsearch/core-elasticsearch-client-server-mocks" - ], - [ - "@kbn/core-elasticsearch-server", - "packages/core/elasticsearch/core-elasticsearch-server" - ], - [ - "@kbn/core-elasticsearch-server-internal", - "packages/core/elasticsearch/core-elasticsearch-server-internal" - ], - [ - "@kbn/core-elasticsearch-server-mocks", - "packages/core/elasticsearch/core-elasticsearch-server-mocks" - ], - [ - "@kbn/core-environment-server-internal", - "packages/core/environment/core-environment-server-internal" - ], - [ - "@kbn/core-environment-server-mocks", - "packages/core/environment/core-environment-server-mocks" - ], - [ - "@kbn/core-execution-context-browser", - "packages/core/execution-context/core-execution-context-browser" - ], - [ - "@kbn/core-execution-context-browser-internal", - "packages/core/execution-context/core-execution-context-browser-internal" - ], - [ - "@kbn/core-execution-context-browser-mocks", - "packages/core/execution-context/core-execution-context-browser-mocks" - ], - [ - "@kbn/core-execution-context-common", - "packages/core/execution-context/core-execution-context-common" - ], - [ - "@kbn/core-execution-context-server", - "packages/core/execution-context/core-execution-context-server" - ], - [ - "@kbn/core-execution-context-server-internal", - "packages/core/execution-context/core-execution-context-server-internal" - ], - [ - "@kbn/core-execution-context-server-mocks", - "packages/core/execution-context/core-execution-context-server-mocks" - ], - [ - "@kbn/core-fatal-errors-browser", - "packages/core/fatal-errors/core-fatal-errors-browser" - ], - [ - "@kbn/core-fatal-errors-browser-internal", - "packages/core/fatal-errors/core-fatal-errors-browser-internal" - ], - [ - "@kbn/core-fatal-errors-browser-mocks", - "packages/core/fatal-errors/core-fatal-errors-browser-mocks" - ], - [ - "@kbn/core-feature-flags-browser", - "packages/core/feature-flags/core-feature-flags-browser" - ], - [ - "@kbn/core-feature-flags-browser-internal", - "packages/core/feature-flags/core-feature-flags-browser-internal" - ], - [ - "@kbn/core-feature-flags-browser-mocks", - "packages/core/feature-flags/core-feature-flags-browser-mocks" - ], - [ - "@kbn/core-feature-flags-server", - "packages/core/feature-flags/core-feature-flags-server" - ], - [ - "@kbn/core-feature-flags-server-internal", - "packages/core/feature-flags/core-feature-flags-server-internal" - ], - [ - "@kbn/core-feature-flags-server-mocks", - "packages/core/feature-flags/core-feature-flags-server-mocks" - ], - [ - "@kbn/core-history-block-plugin", - "test/plugin_functional/plugins/core_history_block" - ], - [ - "@kbn/core-http-browser", - "packages/core/http/core-http-browser" - ], - [ - "@kbn/core-http-browser-internal", - "packages/core/http/core-http-browser-internal" - ], - [ - "@kbn/core-http-browser-mocks", - "packages/core/http/core-http-browser-mocks" - ], - [ - "@kbn/core-http-common", - "packages/core/http/core-http-common" - ], - [ - "@kbn/core-http-context-server-internal", - "packages/core/http/core-http-context-server-internal" - ], - [ - "@kbn/core-http-context-server-mocks", - "packages/core/http/core-http-context-server-mocks" - ], - [ - "@kbn/core-http-plugin", - "test/plugin_functional/plugins/core_http" - ], - [ - "@kbn/core-http-request-handler-context-server", - "packages/core/http/core-http-request-handler-context-server" - ], - [ - "@kbn/core-http-request-handler-context-server-internal", - "packages/core/http/core-http-request-handler-context-server-internal" - ], - [ - "@kbn/core-http-resources-server", - "packages/core/http/core-http-resources-server" - ], - [ - "@kbn/core-http-resources-server-internal", - "packages/core/http/core-http-resources-server-internal" - ], - [ - "@kbn/core-http-resources-server-mocks", - "packages/core/http/core-http-resources-server-mocks" - ], - [ - "@kbn/core-http-router-server-internal", - "packages/core/http/core-http-router-server-internal" - ], - [ - "@kbn/core-http-router-server-mocks", - "packages/core/http/core-http-router-server-mocks" - ], - [ - "@kbn/core-http-server", - "packages/core/http/core-http-server" - ], - [ - "@kbn/core-http-server-internal", - "packages/core/http/core-http-server-internal" - ], - [ - "@kbn/core-http-server-mocks", - "packages/core/http/core-http-server-mocks" - ], - [ - "@kbn/core-http-server-utils", - "packages/core/http/core-http-server-utils" - ], - [ - "@kbn/core-i18n-browser", - "packages/core/i18n/core-i18n-browser" - ], - [ - "@kbn/core-i18n-browser-internal", - "packages/core/i18n/core-i18n-browser-internal" - ], - [ - "@kbn/core-i18n-browser-mocks", - "packages/core/i18n/core-i18n-browser-mocks" - ], - [ - "@kbn/core-i18n-server", - "packages/core/i18n/core-i18n-server" - ], - [ - "@kbn/core-i18n-server-internal", - "packages/core/i18n/core-i18n-server-internal" - ], - [ - "@kbn/core-i18n-server-mocks", - "packages/core/i18n/core-i18n-server-mocks" - ], - [ - "@kbn/core-injected-metadata-browser-internal", - "packages/core/injected-metadata/core-injected-metadata-browser-internal" - ], - [ - "@kbn/core-injected-metadata-browser-mocks", - "packages/core/injected-metadata/core-injected-metadata-browser-mocks" - ], - [ - "@kbn/core-injected-metadata-common-internal", - "packages/core/injected-metadata/core-injected-metadata-common-internal" - ], - [ - "@kbn/core-integrations-browser-internal", - "packages/core/integrations/core-integrations-browser-internal" - ], - [ - "@kbn/core-integrations-browser-mocks", - "packages/core/integrations/core-integrations-browser-mocks" - ], - [ - "@kbn/core-lifecycle-browser", - "packages/core/lifecycle/core-lifecycle-browser" - ], - [ - "@kbn/core-lifecycle-browser-internal", - "packages/core/lifecycle/core-lifecycle-browser-internal" - ], - [ - "@kbn/core-lifecycle-browser-mocks", - "packages/core/lifecycle/core-lifecycle-browser-mocks" - ], - [ - "@kbn/core-lifecycle-server", - "packages/core/lifecycle/core-lifecycle-server" - ], - [ - "@kbn/core-lifecycle-server-internal", - "packages/core/lifecycle/core-lifecycle-server-internal" - ], - [ - "@kbn/core-lifecycle-server-mocks", - "packages/core/lifecycle/core-lifecycle-server-mocks" - ], - [ - "@kbn/core-logging-browser-internal", - "packages/core/logging/core-logging-browser-internal" - ], - [ - "@kbn/core-logging-browser-mocks", - "packages/core/logging/core-logging-browser-mocks" - ], - [ - "@kbn/core-logging-common-internal", - "packages/core/logging/core-logging-common-internal" - ], - [ - "@kbn/core-logging-server", - "packages/core/logging/core-logging-server" - ], - [ - "@kbn/core-logging-server-internal", - "packages/core/logging/core-logging-server-internal" - ], - [ - "@kbn/core-logging-server-mocks", - "packages/core/logging/core-logging-server-mocks" - ], - [ - "@kbn/core-metrics-collectors-server-internal", - "packages/core/metrics/core-metrics-collectors-server-internal" - ], - [ - "@kbn/core-metrics-collectors-server-mocks", - "packages/core/metrics/core-metrics-collectors-server-mocks" - ], - [ - "@kbn/core-metrics-server", - "packages/core/metrics/core-metrics-server" - ], - [ - "@kbn/core-metrics-server-internal", - "packages/core/metrics/core-metrics-server-internal" - ], - [ - "@kbn/core-metrics-server-mocks", - "packages/core/metrics/core-metrics-server-mocks" - ], - [ - "@kbn/core-mount-utils-browser", - "packages/core/mount-utils/core-mount-utils-browser" - ], - [ - "@kbn/core-mount-utils-browser-internal", - "packages/core/mount-utils/core-mount-utils-browser-internal" - ], - [ - "@kbn/core-node-server", - "packages/core/node/core-node-server" - ], - [ - "@kbn/core-node-server-internal", - "packages/core/node/core-node-server-internal" - ], - [ - "@kbn/core-node-server-mocks", - "packages/core/node/core-node-server-mocks" - ], - [ - "@kbn/core-notifications-browser", - "packages/core/notifications/core-notifications-browser" - ], - [ - "@kbn/core-notifications-browser-internal", - "packages/core/notifications/core-notifications-browser-internal" - ], - [ - "@kbn/core-notifications-browser-mocks", - "packages/core/notifications/core-notifications-browser-mocks" - ], - [ - "@kbn/core-overlays-browser", - "packages/core/overlays/core-overlays-browser" - ], - [ - "@kbn/core-overlays-browser-internal", - "packages/core/overlays/core-overlays-browser-internal" - ], - [ - "@kbn/core-overlays-browser-mocks", - "packages/core/overlays/core-overlays-browser-mocks" - ], - [ - "@kbn/core-plugin-a-plugin", - "test/plugin_functional/plugins/core_plugin_a" - ], - [ - "@kbn/core-plugin-appleave-plugin", - "test/plugin_functional/plugins/core_plugin_appleave" - ], - [ - "@kbn/core-plugin-b-plugin", - "test/plugin_functional/plugins/core_plugin_b" - ], - [ - "@kbn/core-plugin-chromeless-plugin", - "test/plugin_functional/plugins/core_plugin_chromeless" - ], - [ - "@kbn/core-plugin-deep-links-plugin", - "test/plugin_functional/plugins/core_plugin_deep_links" - ], - [ - "@kbn/core-plugin-deprecations-plugin", - "test/plugin_functional/plugins/core_plugin_deprecations" - ], - [ - "@kbn/core-plugin-dynamic-resolving-a", - "test/plugin_functional/plugins/core_dynamic_resolving_a" - ], - [ - "@kbn/core-plugin-dynamic-resolving-b", - "test/plugin_functional/plugins/core_dynamic_resolving_b" - ], - [ - "@kbn/core-plugin-execution-context-plugin", - "test/plugin_functional/plugins/core_plugin_execution_context" - ], - [ - "@kbn/core-plugin-helpmenu-plugin", - "test/plugin_functional/plugins/core_plugin_helpmenu" - ], - [ - "@kbn/core-plugin-initializer-context-plugin", - "test/node_roles_functional/plugins/core_plugin_initializer_context" - ], - [ - "@kbn/core-plugin-route-timeouts-plugin", - "test/plugin_functional/plugins/core_plugin_route_timeouts" - ], - [ - "@kbn/core-plugin-static-assets-plugin", - "test/plugin_functional/plugins/core_plugin_static_assets" - ], - [ - "@kbn/core-plugins-base-server-internal", - "packages/core/plugins/core-plugins-base-server-internal" - ], - [ - "@kbn/core-plugins-browser", - "packages/core/plugins/core-plugins-browser" - ], - [ - "@kbn/core-plugins-browser-internal", - "packages/core/plugins/core-plugins-browser-internal" - ], - [ - "@kbn/core-plugins-browser-mocks", - "packages/core/plugins/core-plugins-browser-mocks" - ], - [ - "@kbn/core-plugins-contracts-browser", - "packages/core/plugins/core-plugins-contracts-browser" - ], - [ - "@kbn/core-plugins-contracts-server", - "packages/core/plugins/core-plugins-contracts-server" - ], - [ - "@kbn/core-plugins-server", - "packages/core/plugins/core-plugins-server" - ], - [ - "@kbn/core-plugins-server-internal", - "packages/core/plugins/core-plugins-server-internal" - ], - [ - "@kbn/core-plugins-server-mocks", - "packages/core/plugins/core-plugins-server-mocks" - ], - [ - "@kbn/core-preboot-server", - "packages/core/preboot/core-preboot-server" - ], - [ - "@kbn/core-preboot-server-internal", - "packages/core/preboot/core-preboot-server-internal" - ], - [ - "@kbn/core-preboot-server-mocks", - "packages/core/preboot/core-preboot-server-mocks" - ], - [ - "@kbn/core-provider-plugin", - "test/plugin_functional/plugins/core_provider_plugin" - ], - [ - "@kbn/core-rendering-browser", - "packages/core/rendering/core-rendering-browser" - ], - [ - "@kbn/core-rendering-browser-internal", - "packages/core/rendering/core-rendering-browser-internal" - ], - [ - "@kbn/core-rendering-browser-mocks", - "packages/core/rendering/core-rendering-browser-mocks" - ], - [ - "@kbn/core-rendering-server-internal", - "packages/core/rendering/core-rendering-server-internal" - ], - [ - "@kbn/core-rendering-server-mocks", - "packages/core/rendering/core-rendering-server-mocks" - ], - [ - "@kbn/core-root-browser-internal", - "packages/core/root/core-root-browser-internal" - ], - [ - "@kbn/core-root-server-internal", - "packages/core/root/core-root-server-internal" - ], - [ - "@kbn/core-saved-objects-api-browser", - "packages/core/saved-objects/core-saved-objects-api-browser" - ], - [ - "@kbn/core-saved-objects-api-server", - "packages/core/saved-objects/core-saved-objects-api-server" - ], - [ - "@kbn/core-saved-objects-api-server-internal", - "packages/core/saved-objects/core-saved-objects-api-server-internal" - ], - [ - "@kbn/core-saved-objects-api-server-mocks", - "packages/core/saved-objects/core-saved-objects-api-server-mocks" - ], - [ - "@kbn/core-saved-objects-base-server-internal", - "packages/core/saved-objects/core-saved-objects-base-server-internal" - ], - [ - "@kbn/core-saved-objects-base-server-mocks", - "packages/core/saved-objects/core-saved-objects-base-server-mocks" - ], - [ - "@kbn/core-saved-objects-browser", - "packages/core/saved-objects/core-saved-objects-browser" - ], - [ - "@kbn/core-saved-objects-browser-internal", - "packages/core/saved-objects/core-saved-objects-browser-internal" - ], - [ - "@kbn/core-saved-objects-browser-mocks", - "packages/core/saved-objects/core-saved-objects-browser-mocks" - ], - [ - "@kbn/core-saved-objects-common", - "packages/core/saved-objects/core-saved-objects-common" - ], - [ - "@kbn/core-saved-objects-import-export-server-internal", - "packages/core/saved-objects/core-saved-objects-import-export-server-internal" - ], - [ - "@kbn/core-saved-objects-import-export-server-mocks", - "packages/core/saved-objects/core-saved-objects-import-export-server-mocks" - ], - [ - "@kbn/core-saved-objects-migration-server-internal", - "packages/core/saved-objects/core-saved-objects-migration-server-internal" - ], - [ - "@kbn/core-saved-objects-migration-server-mocks", - "packages/core/saved-objects/core-saved-objects-migration-server-mocks" - ], - [ - "@kbn/core-saved-objects-server", - "packages/core/saved-objects/core-saved-objects-server" - ], - [ - "@kbn/core-saved-objects-server-internal", - "packages/core/saved-objects/core-saved-objects-server-internal" - ], - [ - "@kbn/core-saved-objects-server-mocks", - "packages/core/saved-objects/core-saved-objects-server-mocks" - ], - [ - "@kbn/core-saved-objects-utils-server", - "packages/core/saved-objects/core-saved-objects-utils-server" - ], - [ - "@kbn/core-security-browser", - "packages/core/security/core-security-browser" - ], - [ - "@kbn/core-security-browser-internal", - "packages/core/security/core-security-browser-internal" - ], - [ - "@kbn/core-security-browser-mocks", - "packages/core/security/core-security-browser-mocks" - ], - [ - "@kbn/core-security-common", - "packages/core/security/core-security-common" - ], - [ - "@kbn/core-security-server", - "packages/core/security/core-security-server" - ], - [ - "@kbn/core-security-server-internal", - "packages/core/security/core-security-server-internal" - ], - [ - "@kbn/core-security-server-mocks", - "packages/core/security/core-security-server-mocks" - ], - [ - "@kbn/core-status-common", - "packages/core/status/core-status-common" - ], - [ - "@kbn/core-status-server", - "packages/core/status/core-status-server" - ], - [ - "@kbn/core-status-server-internal", - "packages/core/status/core-status-server-internal" - ], - [ - "@kbn/core-status-server-mocks", - "packages/core/status/core-status-server-mocks" - ], - [ - "@kbn/core-test-helpers-deprecations-getters", - "packages/core/test-helpers/core-test-helpers-deprecations-getters" - ], - [ - "@kbn/core-test-helpers-http-setup-browser", - "packages/core/test-helpers/core-test-helpers-http-setup-browser" - ], - [ - "@kbn/core-test-helpers-kbn-server", - "packages/core/test-helpers/core-test-helpers-kbn-server" - ], - [ - "@kbn/core-test-helpers-model-versions", - "packages/core/test-helpers/core-test-helpers-model-versions" - ], - [ - "@kbn/core-test-helpers-so-type-serializer", - "packages/core/test-helpers/core-test-helpers-so-type-serializer" - ], - [ - "@kbn/core-test-helpers-test-utils", - "packages/core/test-helpers/core-test-helpers-test-utils" - ], - [ - "@kbn/core-theme-browser", - "packages/core/theme/core-theme-browser" - ], - [ - "@kbn/core-theme-browser-internal", - "packages/core/theme/core-theme-browser-internal" - ], - [ - "@kbn/core-theme-browser-mocks", - "packages/core/theme/core-theme-browser-mocks" - ], - [ - "@kbn/core-ui-settings-browser", - "packages/core/ui-settings/core-ui-settings-browser" - ], - [ - "@kbn/core-ui-settings-browser-internal", - "packages/core/ui-settings/core-ui-settings-browser-internal" - ], - [ - "@kbn/core-ui-settings-browser-mocks", - "packages/core/ui-settings/core-ui-settings-browser-mocks" - ], - [ - "@kbn/core-ui-settings-common", - "packages/core/ui-settings/core-ui-settings-common" - ], - [ - "@kbn/core-ui-settings-server", - "packages/core/ui-settings/core-ui-settings-server" - ], - [ - "@kbn/core-ui-settings-server-internal", - "packages/core/ui-settings/core-ui-settings-server-internal" - ], - [ - "@kbn/core-ui-settings-server-mocks", - "packages/core/ui-settings/core-ui-settings-server-mocks" - ], - [ - "@kbn/core-usage-data-base-server-internal", - "packages/core/usage-data/core-usage-data-base-server-internal" - ], - [ - "@kbn/core-usage-data-server", - "packages/core/usage-data/core-usage-data-server" - ], - [ - "@kbn/core-usage-data-server-internal", - "packages/core/usage-data/core-usage-data-server-internal" - ], - [ - "@kbn/core-usage-data-server-mocks", - "packages/core/usage-data/core-usage-data-server-mocks" - ], - [ - "@kbn/core-user-profile-browser", - "packages/core/user-profile/core-user-profile-browser" - ], - [ - "@kbn/core-user-profile-browser-internal", - "packages/core/user-profile/core-user-profile-browser-internal" - ], - [ - "@kbn/core-user-profile-browser-mocks", - "packages/core/user-profile/core-user-profile-browser-mocks" - ], - [ - "@kbn/core-user-profile-common", - "packages/core/user-profile/core-user-profile-common" - ], - [ - "@kbn/core-user-profile-server", - "packages/core/user-profile/core-user-profile-server" - ], - [ - "@kbn/core-user-profile-server-internal", - "packages/core/user-profile/core-user-profile-server-internal" - ], - [ - "@kbn/core-user-profile-server-mocks", - "packages/core/user-profile/core-user-profile-server-mocks" - ], - [ - "@kbn/core-user-settings-server", - "packages/core/user-settings/core-user-settings-server" - ], - [ - "@kbn/core-user-settings-server-internal", - "packages/core/user-settings/core-user-settings-server-internal" - ], - [ - "@kbn/core-user-settings-server-mocks", - "packages/core/user-settings/core-user-settings-server-mocks" - ], - [ - "@kbn/cross-cluster-replication-plugin", - "x-pack/platform/plugins/private/cross_cluster_replication" - ], - [ - "@kbn/crypto", - "packages/kbn-crypto" - ], - [ - "@kbn/crypto-browser", - "packages/kbn-crypto-browser" - ], - [ - "@kbn/custom-branding-plugin", - "x-pack/plugins/custom_branding" - ], - [ - "@kbn/custom-icons", - "src/platform/packages/shared/kbn-custom-icons" - ], - [ - "@kbn/custom-integrations", - "x-pack/solutions/observability/packages/kbn-custom-integrations" - ], - [ - "@kbn/custom-integrations-plugin", - "src/platform/plugins/shared/custom_integrations" - ], - [ - "@kbn/cypress-config", - "packages/kbn-cypress-config" - ], - [ - "@kbn/dashboard-enhanced-plugin", - "x-pack/platform/plugins/shared/dashboard_enhanced" - ], - [ - "@kbn/dashboard-plugin", - "src/platform/plugins/shared/dashboard" - ], - [ - "@kbn/data-forge", - "x-pack/platform/packages/shared/kbn-data-forge" - ], - [ - "@kbn/data-plugin", - "src/plugins/data" - ], - [ - "@kbn/data-quality-plugin", - "x-pack/platform/plugins/shared/data_quality" - ], - [ - "@kbn/data-search-plugin", - "test/plugin_functional/plugins/data_search" - ], - [ - "@kbn/data-service", - "packages/kbn-data-service" - ], - [ - "@kbn/data-stream-adapter", - "x-pack/solutions/security/packages/data-stream-adapter" - ], - [ - "@kbn/data-usage-plugin", - "x-pack/platform/plugins/private/data_usage" - ], - [ - "@kbn/data-view-editor-plugin", - "src/plugins/data_view_editor" - ], - [ - "@kbn/data-view-field-editor-example-plugin", - "examples/data_view_field_editor_example" - ], - [ - "@kbn/data-view-field-editor-plugin", - "src/plugins/data_view_field_editor" - ], - [ - "@kbn/data-view-management-plugin", - "src/plugins/data_view_management" - ], - [ - "@kbn/data-view-utils", - "packages/kbn-data-view-utils" - ], - [ - "@kbn/data-views-plugin", - "src/plugins/data_views" - ], - [ - "@kbn/data-visualizer-plugin", - "x-pack/platform/plugins/private/data_visualizer" - ], - [ - "@kbn/dataset-quality-plugin", - "x-pack/platform/plugins/shared/dataset_quality" - ], - [ - "@kbn/datemath", - "packages/kbn-datemath" - ], - [ - "@kbn/deeplinks-analytics", - "packages/deeplinks/analytics" - ], - [ - "@kbn/deeplinks-devtools", - "src/platform/packages/shared/deeplinks/devtools" - ], - [ - "@kbn/deeplinks-fleet", - "src/platform/packages/shared/deeplinks/fleet" - ], - [ - "@kbn/deeplinks-management", - "src/platform/packages/shared/deeplinks/management" - ], - [ - "@kbn/deeplinks-ml", - "src/platform/packages/shared/deeplinks/ml" - ], - [ - "@kbn/deeplinks-observability", - "src/platform/packages/shared/deeplinks/observability" - ], - [ - "@kbn/deeplinks-search", - "packages/deeplinks/search" - ], - [ - "@kbn/deeplinks-security", - "src/platform/packages/shared/deeplinks/security" - ], - [ - "@kbn/deeplinks-shared", - "packages/deeplinks/shared" - ], - [ - "@kbn/default-nav-analytics", - "packages/default-nav/analytics" - ], - [ - "@kbn/default-nav-devtools", - "src/platform/packages/private/default-nav/devtools" - ], - [ - "@kbn/default-nav-management", - "src/platform/packages/private/default-nav/management" - ], - [ - "@kbn/default-nav-ml", - "src/platform/packages/private/default-nav/ml" - ], - [ - "@kbn/dependency-ownership", - "packages/kbn-dependency-ownership" - ], - [ - "@kbn/dependency-usage", - "packages/kbn-dependency-usage" - ], - [ - "@kbn/dev-cli-errors", - "packages/kbn-dev-cli-errors" - ], - [ - "@kbn/dev-cli-runner", - "packages/kbn-dev-cli-runner" - ], - [ - "@kbn/dev-proc-runner", - "packages/kbn-dev-proc-runner" - ], - [ - "@kbn/dev-tools-plugin", - "src/platform/plugins/shared/dev_tools" - ], - [ - "@kbn/dev-utils", - "packages/kbn-dev-utils" - ], - [ - "@kbn/developer-examples-plugin", - "examples/developer_examples" - ], - [ - "@kbn/discover-contextual-components", - "src/platform/packages/shared/kbn-discover-contextual-components" - ], - [ - "@kbn/discover-customization-examples-plugin", - "examples/discover_customization_examples" - ], - [ - "@kbn/discover-enhanced-plugin", - "x-pack/plugins/discover_enhanced" - ], - [ - "@kbn/discover-plugin", - "src/plugins/discover" - ], - [ - "@kbn/discover-shared-plugin", - "src/plugins/discover_shared" - ], - [ - "@kbn/discover-utils", - "packages/kbn-discover-utils" - ], - [ - "@kbn/doc-links", - "src/platform/packages/shared/kbn-doc-links" - ], - [ - "@kbn/docs-utils", - "packages/kbn-docs-utils" - ], - [ - "@kbn/dom-drag-drop", - "packages/kbn-dom-drag-drop" - ], - [ - "@kbn/ebt-tools", - "packages/kbn-ebt-tools" - ], - [ - "@kbn/ecs-data-quality-dashboard", - "x-pack/solutions/security/packages/ecs_data_quality_dashboard" - ], - [ - "@kbn/ecs-data-quality-dashboard-plugin", - "x-pack/solutions/security/plugins/ecs_data_quality_dashboard" - ], - [ - "@kbn/elastic-agent-utils", - "src/platform/packages/shared/kbn-elastic-agent-utils" - ], - [ - "@kbn/elastic-assistant", - "x-pack/platform/packages/shared/kbn-elastic-assistant" - ], - [ - "@kbn/elastic-assistant-common", - "x-pack/platform/packages/shared/kbn-elastic-assistant-common" - ], - [ - "@kbn/elastic-assistant-plugin", - "x-pack/solutions/security/plugins/elastic_assistant" - ], - [ - "@kbn/elasticsearch-client-plugin", - "test/plugin_functional/plugins/elasticsearch_client_plugin" - ], - [ - "@kbn/elasticsearch-client-xpack-plugin", - "x-pack/test/plugin_api_integration/plugins/elasticsearch_client" - ], - [ - "@kbn/embeddable-enhanced-plugin", - "x-pack/platform/plugins/shared/embeddable_enhanced" - ], - [ - "@kbn/embeddable-examples-plugin", - "examples/embeddable_examples" - ], - [ - "@kbn/embeddable-plugin", - "src/platform/plugins/shared/embeddable" - ], - [ - "@kbn/embedded-lens-example-plugin", - "x-pack/examples/embedded_lens_example" - ], - [ - "@kbn/encrypted-saved-objects-plugin", - "x-pack/plugins/encrypted_saved_objects" - ], - [ - "@kbn/enterprise-search-plugin", - "x-pack/plugins/enterprise_search" - ], - [ - "@kbn/entities-data-access-plugin", - "x-pack/solutions/observability/plugins/observability_solution/entities_data_access" - ], - [ - "@kbn/entities-schema", - "x-pack/platform/packages/shared/kbn-entities-schema" - ], - [ - "@kbn/entity-manager-fixture-plugin", - "x-pack/test/api_integration/apis/entity_manager/fixture_plugin" - ], - [ - "@kbn/entityManager-app-plugin", - "x-pack/solutions/observability/plugins/observability_solution/entity_manager_app" - ], - [ - "@kbn/entityManager-plugin", - "x-pack/platform/plugins/shared/entity_manager" - ], - [ - "@kbn/error-boundary-example-plugin", - "examples/error_boundary" - ], - [ - "@kbn/es", - "packages/kbn-es" - ], - [ - "@kbn/es-archiver", - "packages/kbn-es-archiver" - ], - [ - "@kbn/es-errors", - "packages/kbn-es-errors" - ], - [ - "@kbn/es-query", - "packages/kbn-es-query" - ], - [ - "@kbn/es-types", - "packages/kbn-es-types" - ], - [ - "@kbn/es-ui-shared-plugin", - "src/platform/plugins/shared/es_ui_shared" - ], - [ - "@kbn/eslint-config", - "packages/kbn-eslint-config" - ], - [ - "@kbn/eslint-plugin-css", - "packages/kbn-eslint-plugin-css" - ], - [ - "@kbn/eslint-plugin-disable", - "packages/kbn-eslint-plugin-disable" - ], - [ - "@kbn/eslint-plugin-eslint", - "packages/kbn-eslint-plugin-eslint" - ], - [ - "@kbn/eslint-plugin-i18n", - "packages/kbn-eslint-plugin-i18n" - ], - [ - "@kbn/eslint-plugin-imports", - "packages/kbn-eslint-plugin-imports" - ], - [ - "@kbn/eslint-plugin-telemetry", - "packages/kbn-eslint-plugin-telemetry" - ], - [ - "@kbn/eso-model-version-example", - "examples/eso_model_version_example" - ], - [ - "@kbn/eso-plugin", - "x-pack/test/encrypted_saved_objects_api_integration/plugins/api_consumer_plugin" - ], - [ - "@kbn/esql", - "src/platform/plugins/shared/esql" - ], - [ - "@kbn/esql-ast", - "src/platform/packages/shared/kbn-esql-ast" - ], - [ - "@kbn/esql-ast-inspector-plugin", - "examples/esql_ast_inspector" - ], - [ - "@kbn/esql-datagrid", - "src/platform/plugins/shared/esql_datagrid" - ], - [ - "@kbn/esql-editor", - "src/platform/packages/private/kbn-esql-editor" - ], - [ - "@kbn/esql-utils", - "src/platform/packages/shared/kbn-esql-utils" - ], - [ - "@kbn/esql-validation-autocomplete", - "src/platform/packages/shared/kbn-esql-validation-autocomplete" - ], - [ - "@kbn/esql-validation-example-plugin", - "examples/esql_validation_example" - ], - [ - "@kbn/eui-provider-dev-warning", - "test/plugin_functional/plugins/eui_provider_dev_warning" - ], - [ - "@kbn/event-annotation-common", - "packages/kbn-event-annotation-common" - ], - [ - "@kbn/event-annotation-components", - "packages/kbn-event-annotation-components" - ], - [ - "@kbn/event-annotation-listing-plugin", - "src/plugins/event_annotation_listing" - ], - [ - "@kbn/event-annotation-plugin", - "src/plugins/event_annotation" - ], - [ - "@kbn/event-log-fixture-plugin", - "x-pack/test/plugin_api_integration/plugins/event_log" - ], - [ - "@kbn/event-log-plugin", - "x-pack/platform/plugins/shared/event_log" - ], - [ - "@kbn/expandable-flyout", - "x-pack/solutions/security/packages/expandable-flyout" - ], - [ - "@kbn/expect", - "packages/kbn-expect" - ], - [ - "@kbn/exploratory-view-example-plugin", - "x-pack/examples/exploratory_view_example" - ], - [ - "@kbn/exploratory-view-plugin", - "x-pack/solutions/observability/plugins/exploratory_view" - ], - [ - "@kbn/expression-error-plugin", - "src/platform/plugins/shared/expression_error" - ], - [ - "@kbn/expression-gauge-plugin", - "src/plugins/chart_expressions/expression_gauge" - ], - [ - "@kbn/expression-heatmap-plugin", - "src/plugins/chart_expressions/expression_heatmap" - ], - [ - "@kbn/expression-image-plugin", - "src/platform/plugins/shared/expression_image" - ], - [ - "@kbn/expression-legacy-metric-vis-plugin", - "src/plugins/chart_expressions/expression_legacy_metric" - ], - [ - "@kbn/expression-metric-plugin", - "src/platform/plugins/shared/expression_metric" - ], - [ - "@kbn/expression-metric-vis-plugin", - "src/plugins/chart_expressions/expression_metric" - ], - [ - "@kbn/expression-partition-vis-plugin", - "src/plugins/chart_expressions/expression_partition_vis" - ], - [ - "@kbn/expression-repeat-image-plugin", - "src/platform/plugins/shared/expression_repeat_image" - ], - [ - "@kbn/expression-reveal-image-plugin", - "src/platform/plugins/shared/expression_reveal_image" - ], - [ - "@kbn/expression-shape-plugin", - "src/platform/plugins/shared/expression_shape" - ], - [ - "@kbn/expression-tagcloud-plugin", - "src/plugins/chart_expressions/expression_tagcloud" - ], - [ - "@kbn/expression-xy-plugin", - "src/plugins/chart_expressions/expression_xy" - ], - [ - "@kbn/expressions-explorer-plugin", - "examples/expressions_explorer" - ], - [ - "@kbn/expressions-plugin", - "src/plugins/expressions" - ], - [ - "@kbn/failed-test-reporter-cli", - "packages/kbn-failed-test-reporter-cli" - ], - [ - "@kbn/feature-controls-examples-plugin", - "examples/feature_control_examples" - ], - [ - "@kbn/feature-flags-example-plugin", - "examples/feature_flags_example" - ], - [ - "@kbn/feature-usage-test-plugin", - "x-pack/test/plugin_api_integration/plugins/feature_usage_test" - ], - [ - "@kbn/features-plugin", - "x-pack/plugins/features" - ], - [ - "@kbn/features-provider-plugin", - "x-pack/test/security_api_integration/plugins/features_provider" - ], - [ - "@kbn/fec-alerts-test-plugin", - "x-pack/test/functional_execution_context/plugins/alerts" - ], - [ - "@kbn/field-formats-example-plugin", - "examples/field_formats_example" - ], - [ - "@kbn/field-formats-plugin", - "src/plugins/field_formats" - ], - [ - "@kbn/field-types", - "packages/kbn-field-types" - ], - [ - "@kbn/field-utils", - "packages/kbn-field-utils" - ], - [ - "@kbn/fields-metadata-plugin", - "x-pack/platform/plugins/shared/fields_metadata" - ], - [ - "@kbn/file-upload-plugin", - "x-pack/platform/plugins/private/file_upload" - ], - [ - "@kbn/files-example-plugin", - "examples/files_example" - ], - [ - "@kbn/files-management-plugin", - "src/plugins/files_management" - ], - [ - "@kbn/files-plugin", - "src/plugins/files" - ], - [ - "@kbn/find-used-node-modules", - "packages/kbn-find-used-node-modules" - ], - [ - "@kbn/fleet-plugin", - "x-pack/platform/plugins/shared/fleet" - ], - [ - "@kbn/flot-charts", - "src/platform/packages/shared/kbn-flot-charts" - ], - [ - "@kbn/foo-plugin", - "x-pack/test/ui_capabilities/common/plugins/foo_plugin" - ], - [ - "@kbn/formatters", - "packages/kbn-formatters" - ], - [ - "@kbn/ftr-apis-plugin", - "src/plugins/ftr_apis" - ], - [ - "@kbn/ftr-common-functional-services", - "packages/kbn-ftr-common-functional-services" - ], - [ - "@kbn/ftr-common-functional-ui-services", - "packages/kbn-ftr-common-functional-ui-services" - ], - [ - "@kbn/ftr-screenshot-filename", - "packages/kbn-ftr-screenshot-filename" - ], - [ - "@kbn/functional-with-es-ssl-cases-test-plugin", - "x-pack/test/functional_with_es_ssl/plugins/cases" - ], - [ - "@kbn/gen-ai-functional-testing", - "packages/kbn-gen-ai-functional-testing" - ], - [ - "@kbn/gen-ai-streaming-response-example-plugin", - "x-pack/examples/gen_ai_streaming_response_example" - ], - [ - "@kbn/generate", - "packages/kbn-generate" - ], - [ - "@kbn/generate-console-definitions", - "packages/kbn-generate-console-definitions" - ], - [ - "@kbn/generate-csv", - "packages/kbn-generate-csv" - ], - [ - "@kbn/get-repo-files", - "packages/kbn-get-repo-files" - ], - [ - "@kbn/global-search-bar-plugin", - "x-pack/plugins/global_search_bar" - ], - [ - "@kbn/global-search-plugin", - "x-pack/plugins/global_search" - ], - [ - "@kbn/global-search-providers-plugin", - "x-pack/plugins/global_search_providers" - ], - [ - "@kbn/global-search-test-plugin", - "x-pack/test/plugin_functional/plugins/global_search_test" - ], - [ - "@kbn/graph-plugin", - "x-pack/plugins/graph" - ], - [ - "@kbn/grid-example-plugin", - "examples/grid_example" - ], - [ - "@kbn/grid-layout", - "packages/kbn-grid-layout" - ], - [ - "@kbn/grokdebugger-plugin", - "x-pack/platform/plugins/private/grokdebugger" - ], - [ - "@kbn/grouping", - "src/platform/packages/shared/kbn-grouping" - ], - [ - "@kbn/guided-onboarding", - "packages/kbn-guided-onboarding" - ], - [ - "@kbn/guided-onboarding-example-plugin", - "examples/guided_onboarding_example" - ], - [ - "@kbn/guided-onboarding-plugin", - "src/plugins/guided_onboarding" - ], - [ - "@kbn/handlebars", - "packages/kbn-handlebars" - ], - [ - "@kbn/hapi-mocks", - "packages/kbn-hapi-mocks" - ], - [ - "@kbn/hardening-plugin", - "test/plugin_functional/plugins/hardening" - ], - [ - "@kbn/health-gateway-server", - "packages/kbn-health-gateway-server" - ], - [ - "@kbn/hello-world-plugin", - "examples/hello_world" - ], - [ - "@kbn/home-plugin", - "src/plugins/home" - ], - [ - "@kbn/home-sample-data-card", - "packages/home/sample_data_card" - ], - [ - "@kbn/home-sample-data-tab", - "packages/home/sample_data_tab" - ], - [ - "@kbn/home-sample-data-types", - "packages/home/sample_data_types" - ], - [ - "@kbn/i18n", - "packages/kbn-i18n" - ], - [ - "@kbn/i18n-react", - "packages/kbn-i18n-react" - ], - [ - "@kbn/iframe-embedded-plugin", - "x-pack/test/functional_embedded/plugins/iframe_embedded" - ], - [ - "@kbn/image-embeddable-plugin", - "src/plugins/image_embeddable" - ], - [ - "@kbn/import-locator", - "packages/kbn-import-locator" - ], - [ - "@kbn/import-resolver", - "packages/kbn-import-resolver" - ], - [ - "@kbn/index-adapter", - "x-pack/solutions/security/packages/index-adapter" - ], - [ - "@kbn/index-lifecycle-management-common-shared", - "x-pack/platform/packages/shared/index-lifecycle-management/index_lifecycle_management_common_shared" - ], - [ - "@kbn/index-lifecycle-management-plugin", - "x-pack/platform/plugins/private/index_lifecycle_management" - ], - [ - "@kbn/index-management-plugin", - "x-pack/platform/plugins/shared/index_management" - ], - [ - "@kbn/index-management-shared-types", - "x-pack/platform/packages/shared/index-management/index_management_shared_types" - ], - [ - "@kbn/index-patterns-test-plugin", - "test/plugin_functional/plugins/index_patterns" - ], - [ - "@kbn/inference_integration_flyout", - "x-pack/platform/packages/private/ml/inference_integration_flyout" - ], - [ - "@kbn/inference-common", - "x-pack/platform/packages/shared/ai-infra/inference-common" - ], - [ - "@kbn/inference-endpoint-ui-common", - "x-pack/platform/packages/shared/kbn-inference-endpoint-ui-common" - ], - [ - "@kbn/inference-plugin", - "x-pack/platform/plugins/shared/inference" - ], - [ - "@kbn/infra-forge", - "x-pack/platform/packages/private/kbn-infra-forge" - ], - [ - "@kbn/infra-plugin", - "x-pack/solutions/observability/plugins/infra" - ], - [ - "@kbn/ingest-pipelines-plugin", - "x-pack/platform/plugins/shared/ingest_pipelines" - ], - [ - "@kbn/input-control-vis-plugin", - "src/platform/plugins/private/input_control_vis" - ], - [ - "@kbn/inspector-plugin", - "src/platform/plugins/shared/inspector" - ], - [ - "@kbn/integration-assistant-plugin", - "x-pack/platform/plugins/shared/integration_assistant" - ], - [ - "@kbn/interactive-setup-plugin", - "src/plugins/interactive_setup" - ], - [ - "@kbn/interactive-setup-test-endpoints-plugin", - "test/interactive_setup_api_integration/plugins/test_endpoints" - ], - [ - "@kbn/interpreter", - "packages/kbn-interpreter" - ], - [ - "@kbn/inventory-e2e", - "x-pack/plugins/observability_solution/inventory/e2e" - ], - [ - "@kbn/inventory-plugin", - "x-pack/plugins/observability_solution/inventory" - ], - [ - "@kbn/investigate-app-plugin", - "x-pack/solutions/observability/plugins/investigate_app" - ], - [ - "@kbn/investigate-plugin", - "x-pack/solutions/observability/plugins/investigate" - ], - [ - "@kbn/investigation-shared", - "x-pack/solutions/observability/packages/kbn-investigation-shared" - ], - [ - "@kbn/io-ts-utils", - "src/platform/packages/shared/kbn-io-ts-utils" - ], - [ - "@kbn/ipynb", - "packages/kbn-ipynb" - ], - [ - "@kbn/item-buffer", - "packages/kbn-item-buffer" - ], - [ - "@kbn/jest-serializers", - "packages/kbn-jest-serializers" - ], - [ - "@kbn/journeys", - "packages/kbn-journeys" - ], - [ - "@kbn/json-ast", - "packages/kbn-json-ast" - ], - [ - "@kbn/json-schemas", - "x-pack/platform/packages/private/ml/json_schemas" - ], - [ - "@kbn/kbn-health-gateway-status-plugin", - "test/health_gateway/plugins/status" - ], - [ - "@kbn/kbn-sample-panel-action-plugin", - "test/plugin_functional/plugins/kbn_sample_panel_action" - ], - [ - "@kbn/kbn-top-nav-plugin", - "test/plugin_functional/plugins/kbn_top_nav" - ], - [ - "@kbn/kbn-tp-custom-visualizations-plugin", - "test/plugin_functional/plugins/kbn_tp_custom_visualizations" - ], - [ - "@kbn/kbn-tp-run-pipeline-plugin", - "test/interpreter_functional/plugins/kbn_tp_run_pipeline" - ], - [ - "@kbn/kibana-cors-test-plugin", - "x-pack/test/functional_cors/plugins/kibana_cors_test" - ], - [ - "@kbn/kibana-manifest-schema", - "packages/kbn-kibana-manifest-schema" - ], - [ - "@kbn/kibana-overview-plugin", - "src/plugins/kibana_overview" - ], - [ - "@kbn/kibana-react-plugin", - "src/plugins/kibana_react" - ], - [ - "@kbn/kibana-usage-collection-plugin", - "src/plugins/kibana_usage_collection" - ], - [ - "@kbn/kibana-utils-plugin", - "src/plugins/kibana_utils" - ], - [ - "@kbn/kubernetes-security-plugin", - "x-pack/solutions/security/plugins/kubernetes_security" - ], - [ - "@kbn/langchain", - "x-pack/platform/packages/shared/kbn-langchain" - ], - [ - "@kbn/language-documentation", - "src/platform/packages/private/kbn-language-documentation" - ], - [ - "@kbn/lens-config-builder-example-plugin", - "x-pack/examples/lens_config_builder_example" - ], - [ - "@kbn/lens-embeddable-utils", - "packages/kbn-lens-embeddable-utils" - ], - [ - "@kbn/lens-formula-docs", - "packages/kbn-lens-formula-docs" - ], - [ - "@kbn/lens-inline-editing-example-plugin", - "x-pack/examples/lens_embeddable_inline_editing_example" - ], - [ - "@kbn/lens-plugin", - "x-pack/plugins/lens" - ], - [ - "@kbn/license-api-guard-plugin", - "x-pack/platform/plugins/private/license_api_guard" - ], - [ - "@kbn/license-management-plugin", - "x-pack/platform/plugins/shared/license_management" - ], - [ - "@kbn/licensing-plugin", - "x-pack/plugins/licensing" - ], - [ - "@kbn/links-plugin", - "src/platform/plugins/private/links" - ], - [ - "@kbn/lint-packages-cli", - "packages/kbn-lint-packages-cli" - ], - [ - "@kbn/lint-ts-projects-cli", - "packages/kbn-lint-ts-projects-cli" - ], - [ - "@kbn/lists-plugin", - "x-pack/solutions/security/plugins/lists" - ], - [ - "@kbn/llm-tasks-plugin", - "x-pack/platform/plugins/shared/ai_infra/llm_tasks" - ], - [ - "@kbn/locator-examples-plugin", - "examples/locator_examples" - ], - [ - "@kbn/locator-explorer-plugin", - "examples/locator_explorer" - ], - [ - "@kbn/logging", - "packages/kbn-logging" - ], - [ - "@kbn/logging-mocks", - "packages/kbn-logging-mocks" - ], - [ - "@kbn/logs-data-access-plugin", - "x-pack/platform/plugins/shared/logs_data_access" - ], - [ - "@kbn/logs-explorer-plugin", - "x-pack/solutions/observability/plugins/logs_explorer" - ], - [ - "@kbn/logs-shared-plugin", - "x-pack/platform/plugins/shared/logs_shared" - ], - [ - "@kbn/logstash-plugin", - "x-pack/platform/plugins/private/logstash" - ], - [ - "@kbn/managed-content-badge", - "packages/kbn-managed-content-badge" - ], - [ - "@kbn/managed-vscode-config", - "packages/kbn-managed-vscode-config" - ], - [ - "@kbn/managed-vscode-config-cli", - "packages/kbn-managed-vscode-config-cli" - ], - [ - "@kbn/management-cards-navigation", - "src/platform/packages/shared/kbn-management/cards_navigation" - ], - [ - "@kbn/management-plugin", - "src/platform/plugins/shared/management" - ], - [ - "@kbn/management-settings-application", - "src/platform/packages/private/kbn-management/settings/application" - ], - [ - "@kbn/management-settings-components-field-category", - "src/platform/packages/private/kbn-management/settings/components/field_category" - ], - [ - "@kbn/management-settings-components-field-input", - "src/platform/packages/shared/kbn-management/settings/components/field_input" - ], - [ - "@kbn/management-settings-components-field-row", - "src/platform/packages/shared/kbn-management/settings/components/field_row" - ], - [ - "@kbn/management-settings-components-form", - "src/platform/packages/private/kbn-management/settings/components/form" - ], - [ - "@kbn/management-settings-field-definition", - "src/platform/packages/shared/kbn-management/settings/field_definition" - ], - [ - "@kbn/management-settings-ids", - "packages/kbn-management/settings/setting_ids" - ], - [ - "@kbn/management-settings-section-registry", - "packages/kbn-management/settings/section_registry" - ], - [ - "@kbn/management-settings-types", - "src/platform/packages/shared/kbn-management/settings/types" - ], - [ - "@kbn/management-settings-utilities", - "src/platform/packages/shared/kbn-management/settings/utilities" - ], - [ - "@kbn/management-storybook-config", - "packages/kbn-management/storybook/config" - ], - [ - "@kbn/management-test-plugin", - "test/plugin_functional/plugins/management_test_plugin" - ], - [ - "@kbn/manifest", - "packages/kbn-manifest" - ], - [ - "@kbn/mapbox-gl", - "src/platform/packages/private/kbn-mapbox-gl" - ], - [ - "@kbn/maps-custom-raster-source-plugin", - "x-pack/examples/third_party_maps_source_example" - ], - [ - "@kbn/maps-ems-plugin", - "src/platform/plugins/private/maps_ems" - ], - [ - "@kbn/maps-plugin", - "x-pack/platform/plugins/shared/maps" - ], - [ - "@kbn/maps-vector-tile-utils", - "x-pack/platform/packages/private/maps/vector_tile_utils" - ], - [ - "@kbn/metrics-data-access-plugin", - "x-pack/plugins/observability_solution/metrics_data_access" - ], - [ - "@kbn/ml-agg-utils", - "x-pack/platform/packages/private/ml/agg_utils" - ], - [ - "@kbn/ml-anomaly-utils", - "x-pack/platform/packages/shared/ml/anomaly_utils" - ], - [ - "@kbn/ml-cancellable-search", - "x-pack/platform/packages/private/ml/cancellable_search" - ], - [ - "@kbn/ml-category-validator", - "x-pack/platform/packages/private/ml/category_validator" - ], - [ - "@kbn/ml-chi2test", - "x-pack/platform/packages/shared/ml/chi2test" - ], - [ - "@kbn/ml-creation-wizard-utils", - "x-pack/platform/packages/private/ml/creation_wizard_utils" - ], - [ - "@kbn/ml-data-frame-analytics-utils", - "x-pack/platform/packages/private/ml/data_frame_analytics_utils" - ], - [ - "@kbn/ml-data-grid", - "x-pack/platform/packages/private/ml/data_grid" - ], - [ - "@kbn/ml-data-view-utils", - "x-pack/platform/packages/private/ml/data_view_utils" - ], - [ - "@kbn/ml-date-picker", - "x-pack/platform/packages/private/ml/date_picker" - ], - [ - "@kbn/ml-date-utils", - "x-pack/platform/packages/private/ml/date_utils" - ], - [ - "@kbn/ml-error-utils", - "x-pack/platform/packages/shared/ml/error_utils" - ], - [ - "@kbn/ml-field-stats-flyout", - "x-pack/platform/packages/private/ml/field_stats_flyout" - ], - [ - "@kbn/ml-in-memory-table", - "x-pack/platform/packages/private/ml/in_memory_table" - ], - [ - "@kbn/ml-is-defined", - "x-pack/platform/packages/private/ml/is_defined" - ], - [ - "@kbn/ml-is-populated-object", - "x-pack/platform/packages/private/ml/is_populated_object" - ], - [ - "@kbn/ml-kibana-theme", - "x-pack/platform/packages/private/ml/kibana_theme" - ], - [ - "@kbn/ml-local-storage", - "x-pack/platform/packages/private/ml/local_storage" - ], - [ - "@kbn/ml-nested-property", - "x-pack/platform/packages/private/ml/nested_property" - ], - [ - "@kbn/ml-number-utils", - "x-pack/platform/packages/private/ml/number_utils" - ], - [ - "@kbn/ml-parse-interval", - "x-pack/platform/packages/private/ml/parse_interval" - ], - [ - "@kbn/ml-plugin", - "x-pack/platform/plugins/shared/ml" - ], - [ - "@kbn/ml-query-utils", - "x-pack/platform/packages/private/ml/query_utils" - ], - [ - "@kbn/ml-random-sampler-utils", - "x-pack/platform/packages/shared/ml/random_sampler_utils" - ], - [ - "@kbn/ml-response-stream", - "x-pack/platform/packages/shared/ml/response_stream" - ], - [ - "@kbn/ml-route-utils", - "x-pack/platform/packages/private/ml/route_utils" - ], - [ - "@kbn/ml-runtime-field-utils", - "x-pack/platform/packages/shared/ml/runtime_field_utils" - ], - [ - "@kbn/ml-string-hash", - "x-pack/platform/packages/private/ml/string_hash" - ], - [ - "@kbn/ml-time-buckets", - "x-pack/platform/packages/private/ml/time_buckets" - ], - [ - "@kbn/ml-trained-models-utils", - "x-pack/platform/packages/shared/ml/trained_models_utils" - ], - [ - "@kbn/ml-ui-actions", - "x-pack/platform/packages/private/ml/ui_actions" - ], - [ - "@kbn/ml-url-state", - "x-pack/platform/packages/private/ml/url_state" - ], - [ - "@kbn/ml-validators", - "x-pack/platform/packages/private/ml/validators" - ], - [ - "@kbn/mock-idp-plugin", - "packages/kbn-mock-idp-plugin" - ], - [ - "@kbn/mock-idp-utils", - "packages/kbn-mock-idp-utils" - ], - [ - "@kbn/monaco", - "packages/kbn-monaco" - ], - [ - "@kbn/monitoring-collection-plugin", - "x-pack/platform/plugins/private/monitoring_collection" - ], - [ - "@kbn/monitoring-plugin", - "x-pack/platform/plugins/private/monitoring" - ], - [ - "@kbn/navigation-plugin", - "src/plugins/navigation" - ], - [ - "@kbn/newsfeed-plugin", - "src/plugins/newsfeed" - ], - [ - "@kbn/newsfeed-test-plugin", - "test/common/plugins/newsfeed" - ], - [ - "@kbn/no-data-page-plugin", - "src/plugins/no_data_page" - ], - [ - "@kbn/notifications-plugin", - "x-pack/plugins/notifications" - ], - [ - "@kbn/object-versioning", - "packages/kbn-object-versioning" - ], - [ - "@kbn/object-versioning-utils", - "packages/kbn-object-versioning-utils" - ], - [ - "@kbn/observability-ai-assistant-app-plugin", - "x-pack/solutions/observability/plugins/observability_ai_assistant_app" - ], - [ - "@kbn/observability-ai-assistant-management-plugin", - "x-pack/solutions/observability/plugins/observability_ai_assistant_management" - ], - [ - "@kbn/observability-ai-assistant-plugin", - "x-pack/platform/plugins/shared/observability_solution/observability_ai_assistant" - ], - [ - "@kbn/observability-ai-common", - "x-pack/solutions/observability/packages/observability_ai/observability_ai_common" - ], - [ - "@kbn/observability-ai-server", - "x-pack/solutions/observability/packages/observability_ai/observability_ai_server" - ], - [ - "@kbn/observability-alert-details", - "x-pack/solutions/observability/packages/alert_details" - ], - [ - "@kbn/observability-alerting-rule-utils", - "x-pack/platform/packages/shared/observability/alerting_rule_utils" - ], - [ - "@kbn/observability-alerting-test-data", - "x-pack/solutions/observability/packages/alerting_test_data" - ], - [ - "@kbn/observability-fixtures-plugin", - "x-pack/test/cases_api_integration/common/plugins/observability" - ], - [ - "@kbn/observability-get-padded-alert-time-range-util", - "x-pack/solutions/observability/packages/get_padded_alert_time_range_util" - ], - [ - "@kbn/observability-logs-explorer-plugin", - "x-pack/solutions/observability/plugins/observability_logs_explorer" - ], - [ - "@kbn/observability-logs-overview", - "x-pack/platform/packages/shared/observability/logs_overview" - ], - [ - "@kbn/observability-onboarding-e2e", - "x-pack/solutions/observability/plugins/observability_onboarding/e2e" - ], - [ - "@kbn/observability-onboarding-plugin", - "x-pack/solutions/observability/plugins/observability_onboarding" - ], - [ - "@kbn/observability-plugin", - "x-pack/solutions/observability/plugins/observability" - ], - [ - "@kbn/observability-shared-plugin", - "x-pack/solutions/observability/plugins/observability_shared" - ], - [ - "@kbn/observability-synthetics-test-data", - "x-pack/solutions/observability/packages/synthetics_test_data" - ], - [ - "@kbn/observability-utils-browser", - "x-pack/solutions/observability/packages/utils_browser" - ], - [ - "@kbn/observability-utils-common", - "x-pack/solutions/observability/packages/utils_common" - ], - [ - "@kbn/observability-utils-server", - "x-pack/solutions/observability/packages/utils_server" - ], - [ - "@kbn/oidc-provider-plugin", - "x-pack/test/security_api_integration/plugins/oidc_provider" - ], - [ - "@kbn/open-telemetry-instrumented-plugin", - "test/common/plugins/otel_metrics" - ], - [ - "@kbn/openapi-bundler", - "packages/kbn-openapi-bundler" - ], - [ - "@kbn/openapi-common", - "src/platform/packages/shared/kbn-openapi-common" - ], - [ - "@kbn/openapi-generator", - "packages/kbn-openapi-generator" - ], - [ - "@kbn/optimizer", - "packages/kbn-optimizer" - ], - [ - "@kbn/optimizer-webpack-helpers", - "packages/kbn-optimizer-webpack-helpers" - ], - [ - "@kbn/osquery-io-ts-types", - "src/platform/packages/shared/kbn-osquery-io-ts-types" - ], - [ - "@kbn/osquery-plugin", - "x-pack/platform/plugins/shared/osquery" - ], - [ - "@kbn/paertial-results-example-plugin", - "examples/partial_results_example" - ], - [ - "@kbn/painless-lab-plugin", - "x-pack/platform/plugins/private/painless_lab" - ], - [ - "@kbn/palettes", - "packages/kbn-palettes" - ], - [ - "@kbn/panel-loader", - "src/platform/packages/private/kbn-panel-loader" - ], - [ - "@kbn/peggy", - "packages/kbn-peggy" - ], - [ - "@kbn/peggy-loader", - "packages/kbn-peggy-loader" - ], - [ - "@kbn/performance-testing-dataset-extractor", - "packages/kbn-performance-testing-dataset-extractor" - ], - [ - "@kbn/picomatcher", - "packages/kbn-picomatcher" - ], - [ - "@kbn/plugin-check", - "packages/kbn-plugin-check" - ], - [ - "@kbn/plugin-generator", - "packages/kbn-plugin-generator" - ], - [ - "@kbn/plugin-helpers", - "packages/kbn-plugin-helpers" - ], - [ - "@kbn/portable-dashboards-example", - "examples/portable_dashboards_example" - ], - [ - "@kbn/preboot-example-plugin", - "examples/preboot_example" - ], - [ - "@kbn/presentation-containers", - "src/platform/packages/shared/presentation/presentation_containers" - ], - [ - "@kbn/presentation-panel-plugin", - "src/platform/plugins/private/presentation_panel" - ], - [ - "@kbn/presentation-publishing", - "src/platform/packages/shared/presentation/presentation_publishing" - ], - [ - "@kbn/presentation-util-plugin", - "src/platform/plugins/shared/presentation_util" - ], - [ - "@kbn/product-doc-artifact-builder", - "x-pack/packages/ai-infra/product-doc-artifact-builder" - ], - [ - "@kbn/product-doc-base-plugin", - "x-pack/platform/plugins/shared/ai_infra/product_doc_base" - ], - [ - "@kbn/product-doc-common", - "x-pack/platform/packages/shared/ai-infra/product-doc-common" - ], - [ - "@kbn/profiling-data-access-plugin", - "x-pack/plugins/observability_solution/profiling_data_access" - ], - [ - "@kbn/profiling-plugin", - "x-pack/plugins/observability_solution/profiling" - ], - [ - "@kbn/profiling-utils", - "packages/kbn-profiling-utils" - ], - [ - "@kbn/random-sampling", - "x-pack/packages/kbn-random-sampling" - ], - [ - "@kbn/react-field", - "packages/kbn-react-field" - ], - [ - "@kbn/react-hooks", - "src/platform/packages/shared/kbn-react-hooks" - ], - [ - "@kbn/react-kibana-context-common", - "packages/react/kibana_context/common" - ], - [ - "@kbn/react-kibana-context-render", - "packages/react/kibana_context/render" - ], - [ - "@kbn/react-kibana-context-root", - "packages/react/kibana_context/root" - ], - [ - "@kbn/react-kibana-context-styled", - "packages/react/kibana_context/styled" - ], - [ - "@kbn/react-kibana-context-theme", - "packages/react/kibana_context/theme" - ], - [ - "@kbn/react-kibana-mount", - "packages/react/kibana_mount" - ], - [ - "@kbn/react-mute-legacy-root-warning", - "packages/kbn-react-mute-legacy-root-warning" - ], - [ - "@kbn/recently-accessed", - "packages/kbn-recently-accessed" - ], - [ - "@kbn/relocate", - "packages/kbn-relocate" - ], - [ - "@kbn/remote-clusters-plugin", - "x-pack/platform/plugins/private/remote_clusters" - ], - [ - "@kbn/rendering-plugin", - "test/plugin_functional/plugins/rendering_plugin" - ], - [ - "@kbn/repo-file-maps", - "packages/kbn-repo-file-maps" - ], - [ - "@kbn/repo-info", - "packages/kbn-repo-info" - ], - [ - "@kbn/repo-linter", - "packages/kbn-repo-linter" - ], - [ - "@kbn/repo-packages", - "packages/kbn-repo-packages" - ], - [ - "@kbn/repo-path", - "packages/kbn-repo-path" - ], - [ - "@kbn/repo-source-classifier", - "packages/kbn-repo-source-classifier" - ], - [ - "@kbn/repo-source-classifier-cli", - "packages/kbn-repo-source-classifier-cli" - ], - [ - "@kbn/reporting-common", - "packages/kbn-reporting/common" - ], - [ - "@kbn/reporting-csv-share-panel", - "packages/kbn-reporting/get_csv_panel_actions" - ], - [ - "@kbn/reporting-export-types-csv", - "packages/kbn-reporting/export_types/csv" - ], - [ - "@kbn/reporting-export-types-csv-common", - "packages/kbn-reporting/export_types/csv_common" - ], - [ - "@kbn/reporting-export-types-pdf", - "packages/kbn-reporting/export_types/pdf" - ], - [ - "@kbn/reporting-export-types-pdf-common", - "packages/kbn-reporting/export_types/pdf_common" - ], - [ - "@kbn/reporting-export-types-png", - "packages/kbn-reporting/export_types/png" - ], - [ - "@kbn/reporting-export-types-png-common", - "packages/kbn-reporting/export_types/png_common" - ], - [ - "@kbn/reporting-mocks-server", - "packages/kbn-reporting/mocks_server" - ], - [ - "@kbn/reporting-plugin", - "x-pack/plugins/reporting" - ], - [ - "@kbn/reporting-public", - "packages/kbn-reporting/public" - ], - [ - "@kbn/reporting-server", - "packages/kbn-reporting/server" - ], - [ - "@kbn/resizable-layout", - "packages/kbn-resizable-layout" - ], - [ - "@kbn/resizable-layout-examples-plugin", - "examples/resizable_layout_examples" - ], - [ - "@kbn/resolver-test-plugin", - "x-pack/test/plugin_functional/plugins/resolver_test" - ], - [ - "@kbn/response-ops-feature-flag-service", - "packages/response-ops/feature_flag_service" - ], - [ - "@kbn/response-ops-rule-form", - "packages/response-ops/rule_form" - ], - [ - "@kbn/response-ops-rule-params", - "src/platform/packages/private/response-ops/rule_params" - ], - [ - "@kbn/response-stream-plugin", - "examples/response_stream" - ], - [ - "@kbn/rison", - "packages/kbn-rison" - ], - [ - "@kbn/rollup", - "x-pack/platform/packages/private/rollup" - ], - [ - "@kbn/rollup-plugin", - "x-pack/platform/plugins/private/rollup" - ], - [ - "@kbn/router-to-openapispec", - "packages/kbn-router-to-openapispec" - ], - [ - "@kbn/router-utils", - "src/platform/packages/shared/kbn-router-utils" - ], - [ - "@kbn/routing-example-plugin", - "examples/routing_example" - ], - [ - "@kbn/rrule", - "src/platform/packages/shared/kbn-rrule" - ], - [ - "@kbn/rule-data-utils", - "src/platform/packages/shared/kbn-rule-data-utils" - ], - [ - "@kbn/rule-registry-plugin", - "x-pack/platform/plugins/shared/rule_registry" - ], - [ - "@kbn/runtime-fields-plugin", - "x-pack/platform/plugins/private/runtime_fields" - ], - [ - "@kbn/safer-lodash-set", - "packages/kbn-safer-lodash-set" - ], - [ - "@kbn/saml-provider-plugin", - "x-pack/test/security_api_integration/plugins/saml_provider" - ], - [ - "@kbn/sample-task-plugin", - "x-pack/test/plugin_api_integration/plugins/sample_task_plugin" - ], - [ - "@kbn/sample-task-plugin-update-by-query", - "x-pack/test/task_manager_claimer_update_by_query/plugins/sample_task_plugin_mget" - ], - [ - "@kbn/saved-object-export-transforms-plugin", - "test/plugin_functional/plugins/saved_object_export_transforms" - ], - [ - "@kbn/saved-object-import-warnings-plugin", - "test/plugin_functional/plugins/saved_object_import_warnings" - ], - [ - "@kbn/saved-object-test-plugin", - "x-pack/test/saved_object_api_integration/common/plugins/saved_object_test_plugin" - ], - [ - "@kbn/saved-objects-finder-plugin", - "src/plugins/saved_objects_finder" - ], - [ - "@kbn/saved-objects-hidden-from-http-apis-type-plugin", - "test/plugin_functional/plugins/saved_objects_hidden_from_http_apis_type" - ], - [ - "@kbn/saved-objects-hidden-type-plugin", - "test/plugin_functional/plugins/saved_objects_hidden_type" - ], - [ - "@kbn/saved-objects-management-plugin", - "src/plugins/saved_objects_management" - ], - [ - "@kbn/saved-objects-plugin", - "src/plugins/saved_objects" - ], - [ - "@kbn/saved-objects-settings", - "packages/kbn-saved-objects-settings" - ], - [ - "@kbn/saved-objects-tagging-oss-plugin", - "src/plugins/saved_objects_tagging_oss" - ], - [ - "@kbn/saved-objects-tagging-plugin", - "x-pack/plugins/saved_objects_tagging" - ], - [ - "@kbn/saved-search-component", - "packages/kbn-saved-search-component" - ], - [ - "@kbn/saved-search-plugin", - "src/plugins/saved_search" - ], - [ - "@kbn/scout", - "packages/kbn-scout" - ], - [ - "@kbn/scout-info", - "packages/kbn-scout-info" - ], - [ - "@kbn/scout-reporting", - "packages/kbn-scout-reporting" - ], - [ - "@kbn/screenshot-mode-example-plugin", - "examples/screenshot_mode_example" - ], - [ - "@kbn/screenshot-mode-plugin", - "src/plugins/screenshot_mode" - ], - [ - "@kbn/screenshotting-example-plugin", - "x-pack/examples/screenshotting_example" - ], - [ - "@kbn/screenshotting-plugin", - "x-pack/platform/plugins/shared/screenshotting" - ], - [ - "@kbn/screenshotting-server", - "packages/kbn-screenshotting-server" - ], - [ - "@kbn/search-api-keys-components", - "packages/kbn-search-api-keys-components" - ], - [ - "@kbn/search-api-keys-server", - "packages/kbn-search-api-keys-server" - ], - [ - "@kbn/search-api-panels", - "packages/kbn-search-api-panels" - ], - [ - "@kbn/search-assistant", - "x-pack/plugins/search_assistant" - ], - [ - "@kbn/search-connectors", - "packages/kbn-search-connectors" - ], - [ - "@kbn/search-connectors-plugin", - "x-pack/plugins/search_connectors" - ], - [ - "@kbn/search-errors", - "packages/kbn-search-errors" - ], - [ - "@kbn/search-examples-plugin", - "examples/search_examples" - ], - [ - "@kbn/search-homepage", - "x-pack/plugins/search_homepage" - ], - [ - "@kbn/search-index-documents", - "packages/kbn-search-index-documents" - ], - [ - "@kbn/search-indices", - "x-pack/plugins/search_indices" - ], - [ - "@kbn/search-inference-endpoints", - "x-pack/plugins/search_inference_endpoints" - ], - [ - "@kbn/search-navigation", - "x-pack/plugins/search_solution/search_navigation" - ], - [ - "@kbn/search-notebooks", - "x-pack/plugins/search_notebooks" - ], - [ - "@kbn/search-playground", - "x-pack/plugins/search_playground" - ], - [ - "@kbn/search-response-warnings", - "packages/kbn-search-response-warnings" - ], - [ - "@kbn/search-shared-ui", - "x-pack/packages/search/shared_ui" - ], - [ - "@kbn/search-types", - "packages/kbn-search-types" - ], - [ - "@kbn/searchprofiler-plugin", - "x-pack/platform/plugins/shared/searchprofiler" - ], - [ - "@kbn/security-api-integration-helpers", - "x-pack/test/security_api_integration/packages/helpers" - ], - [ - "@kbn/security-api-key-management", - "x-pack/packages/security/api_key_management" - ], - [ - "@kbn/security-authorization-core", - "x-pack/packages/security/authorization_core" - ], - [ - "@kbn/security-authorization-core-common", - "x-pack/packages/security/authorization_core_common" - ], - [ - "@kbn/security-form-components", - "x-pack/packages/security/form_components" - ], - [ - "@kbn/security-hardening", - "packages/kbn-security-hardening" - ], - [ - "@kbn/security-plugin", - "x-pack/plugins/security" - ], - [ - "@kbn/security-plugin-types-common", - "x-pack/packages/security/plugin_types_common" - ], - [ - "@kbn/security-plugin-types-public", - "x-pack/packages/security/plugin_types_public" - ], - [ - "@kbn/security-plugin-types-server", - "x-pack/packages/security/plugin_types_server" - ], - [ - "@kbn/security-role-management-model", - "x-pack/packages/security/role_management_model" - ], - [ - "@kbn/security-solution-distribution-bar", - "x-pack/solutions/security/packages/distribution_bar" - ], - [ - "@kbn/security-solution-ess", - "x-pack/solutions/security/plugins/security_solution_ess" - ], - [ - "@kbn/security-solution-features", - "x-pack/solutions/security/packages/features" - ], - [ - "@kbn/security-solution-fixtures-plugin", - "x-pack/test/cases_api_integration/common/plugins/security_solution" - ], - [ - "@kbn/security-solution-navigation", - "x-pack/solutions/security/packages/navigation" - ], - [ - "@kbn/security-solution-plugin", - "x-pack/solutions/security/plugins/security_solution" - ], - [ - "@kbn/security-solution-serverless", - "x-pack/solutions/security/plugins/security_solution_serverless" - ], - [ - "@kbn/security-solution-side-nav", - "x-pack/solutions/security/packages/side_nav" - ], - [ - "@kbn/security-solution-storybook-config", - "x-pack/solutions/security/packages/storybook/config" - ], - [ - "@kbn/security-solution-upselling", - "x-pack/solutions/security/packages/upselling" - ], - [ - "@kbn/security-test-endpoints-plugin", - "x-pack/test/security_functional/plugins/test_endpoints" - ], - [ - "@kbn/security-ui-components", - "x-pack/packages/security/ui_components" - ], - [ - "@kbn/securitysolution-autocomplete", - "x-pack/solutions/security/packages/kbn-securitysolution-autocomplete" - ], - [ - "@kbn/securitysolution-data-table", - "x-pack/solutions/security/packages/data_table" - ], - [ - "@kbn/securitysolution-ecs", - "src/platform/packages/shared/kbn-securitysolution-ecs" - ], - [ - "@kbn/securitysolution-endpoint-exceptions-common", - "x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common" - ], - [ - "@kbn/securitysolution-es-utils", - "src/platform/packages/shared/kbn-securitysolution-es-utils" - ], - [ - "@kbn/securitysolution-exception-list-components", - "x-pack/solutions/security/packages/kbn-securitysolution-exception-list-components" - ], - [ - "@kbn/securitysolution-exceptions-common", - "x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common" - ], - [ - "@kbn/securitysolution-hook-utils", - "x-pack/solutions/security/packages/kbn-securitysolution-hook-utils" - ], - [ - "@kbn/securitysolution-io-ts-alerting-types", - "x-pack/solutions/security/packages/kbn-securitysolution-io-ts-alerting-types" - ], - [ - "@kbn/securitysolution-io-ts-list-types", - "x-pack/solutions/security/packages/kbn-securitysolution-io-ts-list-types" - ], - [ - "@kbn/securitysolution-io-ts-types", - "src/platform/packages/shared/kbn-securitysolution-io-ts-types" - ], - [ - "@kbn/securitysolution-io-ts-utils", - "src/platform/packages/shared/kbn-securitysolution-io-ts-utils" - ], - [ - "@kbn/securitysolution-list-api", - "x-pack/solutions/security/packages/kbn-securitysolution-list-api" - ], - [ - "@kbn/securitysolution-list-constants", - "x-pack/solutions/security/packages/kbn-securitysolution-list-constants" - ], - [ - "@kbn/securitysolution-list-hooks", - "x-pack/solutions/security/packages/kbn-securitysolution-list-hooks" - ], - [ - "@kbn/securitysolution-list-utils", - "x-pack/solutions/security/packages/kbn-securitysolution-list-utils" - ], - [ - "@kbn/securitysolution-lists-common", - "x-pack/solutions/security/packages/kbn-securitysolution-lists-common" - ], - [ - "@kbn/securitysolution-rules", - "src/platform/packages/shared/kbn-securitysolution-rules" - ], - [ - "@kbn/securitysolution-t-grid", - "x-pack/solutions/security/packages/kbn-securitysolution-t-grid" - ], - [ - "@kbn/securitysolution-utils", - "x-pack/solutions/security/packages/kbn-securitysolution-utils" - ], - [ - "@kbn/server-http-tools", - "packages/kbn-server-http-tools" - ], - [ - "@kbn/server-route-repository", - "src/platform/packages/shared/kbn-server-route-repository" - ], - [ - "@kbn/server-route-repository-client", - "src/platform/packages/shared/kbn-server-route-repository-client" - ], - [ - "@kbn/server-route-repository-utils", - "src/platform/packages/shared/kbn-server-route-repository-utils" - ], - [ - "@kbn/serverless", - "x-pack/plugins/serverless" - ], - [ - "@kbn/serverless-common-settings", - "packages/serverless/settings/common" - ], - [ - "@kbn/serverless-observability", - "x-pack/solutions/observability/plugins/serverless_observability" - ], - [ - "@kbn/serverless-observability-settings", - "packages/serverless/settings/observability_project" - ], - [ - "@kbn/serverless-project-switcher", - "packages/serverless/project_switcher" - ], - [ - "@kbn/serverless-search", - "x-pack/plugins/serverless_search" - ], - [ - "@kbn/serverless-search-settings", - "packages/serverless/settings/search_project" - ], - [ - "@kbn/serverless-security-settings", - "src/platform/packages/shared/serverless/settings/security_project" - ], - [ - "@kbn/serverless-storybook-config", - "packages/serverless/storybook/config" - ], - [ - "@kbn/serverless-types", - "packages/serverless/types" - ], - [ - "@kbn/session-notifications-plugin", - "test/plugin_functional/plugins/session_notifications" - ], - [ - "@kbn/session-view-plugin", - "x-pack/solutions/security/plugins/session_view" - ], - [ - "@kbn/set-map", - "packages/kbn-set-map" - ], - [ - "@kbn/share-examples-plugin", - "examples/share_examples" - ], - [ - "@kbn/share-plugin", - "src/plugins/share" - ], - [ - "@kbn/shared-svg", - "packages/kbn-shared-svg" - ], - [ - "@kbn/shared-ux-avatar-solution", - "packages/shared-ux/avatar/solution" - ], - [ - "@kbn/shared-ux-button-exit-full-screen", - "packages/shared-ux/button/exit_full_screen" - ], - [ - "@kbn/shared-ux-button-toolbar", - "packages/shared-ux/button_toolbar" - ], - [ - "@kbn/shared-ux-card-no-data", - "packages/shared-ux/card/no_data/impl" - ], - [ - "@kbn/shared-ux-card-no-data-mocks", - "packages/shared-ux/card/no_data/mocks" - ], - [ - "@kbn/shared-ux-card-no-data-types", - "packages/shared-ux/card/no_data/types" - ], - [ - "@kbn/shared-ux-chrome-navigation", - "packages/shared-ux/chrome/navigation" - ], - [ - "@kbn/shared-ux-error-boundary", - "packages/shared-ux/error_boundary" - ], - [ - "@kbn/shared-ux-file-context", - "packages/shared-ux/file/context" - ], - [ - "@kbn/shared-ux-file-image", - "packages/shared-ux/file/image/impl" - ], - [ - "@kbn/shared-ux-file-image-mocks", - "packages/shared-ux/file/image/mocks" - ], - [ - "@kbn/shared-ux-file-mocks", - "packages/shared-ux/file/mocks" - ], - [ - "@kbn/shared-ux-file-picker", - "packages/shared-ux/file/file_picker/impl" - ], - [ - "@kbn/shared-ux-file-types", - "packages/shared-ux/file/types" - ], - [ - "@kbn/shared-ux-file-upload", - "packages/shared-ux/file/file_upload/impl" - ], - [ - "@kbn/shared-ux-file-util", - "packages/shared-ux/file/util" - ], - [ - "@kbn/shared-ux-link-redirect-app", - "packages/shared-ux/link/redirect_app/impl" - ], - [ - "@kbn/shared-ux-link-redirect-app-mocks", - "packages/shared-ux/link/redirect_app/mocks" - ], - [ - "@kbn/shared-ux-link-redirect-app-types", - "packages/shared-ux/link/redirect_app/types" - ], - [ - "@kbn/shared-ux-markdown", - "packages/shared-ux/markdown/impl" - ], - [ - "@kbn/shared-ux-markdown-mocks", - "packages/shared-ux/markdown/mocks" - ], - [ - "@kbn/shared-ux-markdown-types", - "packages/shared-ux/markdown/types" - ], - [ - "@kbn/shared-ux-page-analytics-no-data", - "packages/shared-ux/page/analytics_no_data/impl" - ], - [ - "@kbn/shared-ux-page-analytics-no-data-mocks", - "packages/shared-ux/page/analytics_no_data/mocks" - ], - [ - "@kbn/shared-ux-page-analytics-no-data-types", - "packages/shared-ux/page/analytics_no_data/types" - ], - [ - "@kbn/shared-ux-page-kibana-no-data", - "packages/shared-ux/page/kibana_no_data/impl" - ], - [ - "@kbn/shared-ux-page-kibana-no-data-mocks", - "packages/shared-ux/page/kibana_no_data/mocks" - ], - [ - "@kbn/shared-ux-page-kibana-no-data-types", - "packages/shared-ux/page/kibana_no_data/types" - ], - [ - "@kbn/shared-ux-page-kibana-template", - "packages/shared-ux/page/kibana_template/impl" - ], - [ - "@kbn/shared-ux-page-kibana-template-mocks", - "packages/shared-ux/page/kibana_template/mocks" - ], - [ - "@kbn/shared-ux-page-kibana-template-types", - "packages/shared-ux/page/kibana_template/types" - ], - [ - "@kbn/shared-ux-page-no-data", - "packages/shared-ux/page/no_data/impl" - ], - [ - "@kbn/shared-ux-page-no-data-config", - "packages/shared-ux/page/no_data_config/impl" - ], - [ - "@kbn/shared-ux-page-no-data-config-mocks", - "packages/shared-ux/page/no_data_config/mocks" - ], - [ - "@kbn/shared-ux-page-no-data-config-types", - "packages/shared-ux/page/no_data_config/types" - ], - [ - "@kbn/shared-ux-page-no-data-mocks", - "packages/shared-ux/page/no_data/mocks" - ], - [ - "@kbn/shared-ux-page-no-data-types", - "packages/shared-ux/page/no_data/types" - ], - [ - "@kbn/shared-ux-page-solution-nav", - "packages/shared-ux/page/solution_nav" - ], - [ - "@kbn/shared-ux-prompt-no-data-views", - "packages/shared-ux/prompt/no_data_views/impl" - ], - [ - "@kbn/shared-ux-prompt-no-data-views-mocks", - "packages/shared-ux/prompt/no_data_views/mocks" - ], - [ - "@kbn/shared-ux-prompt-no-data-views-types", - "packages/shared-ux/prompt/no_data_views/types" - ], - [ - "@kbn/shared-ux-prompt-not-found", - "packages/shared-ux/prompt/not_found" - ], - [ - "@kbn/shared-ux-router", - "packages/shared-ux/router/impl" - ], - [ - "@kbn/shared-ux-router-mocks", - "packages/shared-ux/router/mocks" - ], - [ - "@kbn/shared-ux-router-types", - "packages/shared-ux/router/types" - ], - [ - "@kbn/shared-ux-storybook-config", - "packages/shared-ux/storybook/config" - ], - [ - "@kbn/shared-ux-storybook-mock", - "packages/shared-ux/storybook/mock" - ], - [ - "@kbn/shared-ux-tabbed-modal", - "packages/shared-ux/modal/tabbed" - ], - [ - "@kbn/shared-ux-table-persist", - "packages/shared-ux/table_persist" - ], - [ - "@kbn/shared-ux-utility", - "packages/kbn-shared-ux-utility" - ], - [ - "@kbn/slo-plugin", - "x-pack/solutions/observability/plugins/slo" - ], - [ - "@kbn/slo-schema", - "x-pack/platform/packages/shared/kbn-slo-schema" - ], - [ - "@kbn/snapshot-restore-plugin", - "x-pack/platform/plugins/private/snapshot_restore" - ], - [ - "@kbn/some-dev-log", - "packages/kbn-some-dev-log" - ], - [ - "@kbn/sort-package-json", - "packages/kbn-sort-package-json" - ], - [ - "@kbn/sort-predicates", - "packages/kbn-sort-predicates" - ], - [ - "@kbn/spaces-plugin", - "x-pack/plugins/spaces" - ], - [ - "@kbn/spaces-test-plugin", - "x-pack/test/spaces_api_integration/common/plugins/spaces_test_plugin" - ], - [ - "@kbn/sse-utils", - "src/platform/packages/shared/kbn-sse-utils" - ], - [ - "@kbn/sse-utils-client", - "src/platform/packages/shared/kbn-sse-utils-client" - ], - [ - "@kbn/sse-utils-server", - "src/platform/packages/shared/kbn-sse-utils-server" - ], - [ - "@kbn/stack-alerts-plugin", - "x-pack/platform/plugins/shared/stack_alerts" - ], - [ - "@kbn/stack-connectors-plugin", - "x-pack/platform/plugins/shared/stack_connectors" - ], - [ - "@kbn/stack-management-usage-test-plugin", - "x-pack/test/usage_collection/plugins/stack_management_usage_test" - ], - [ - "@kbn/state-containers-examples-plugin", - "examples/state_containers_examples" - ], - [ - "@kbn/status-plugin-a-plugin", - "test/server_integration/plugins/status_plugin_a" - ], - [ - "@kbn/status-plugin-b-plugin", - "test/server_integration/plugins/status_plugin_b" - ], - [ - "@kbn/std", - "packages/kbn-std" - ], - [ - "@kbn/stdio-dev-helpers", - "packages/kbn-stdio-dev-helpers" - ], - [ - "@kbn/storybook", - "packages/kbn-storybook" - ], - [ - "@kbn/streams-app-plugin", - "x-pack/solutions/observability/plugins/streams_app" - ], - [ - "@kbn/streams-plugin", - "x-pack/solutions/observability/plugins/streams" - ], - [ - "@kbn/streams-schema", - "x-pack/packages/kbn-streams-schema" - ], - [ - "@kbn/synthetics-e2e", - "x-pack/solutions/observability/plugins/synthetics/e2e" - ], - [ - "@kbn/synthetics-plugin", - "x-pack/solutions/observability/plugins/synthetics" - ], - [ - "@kbn/synthetics-private-location", - "x-pack/packages/kbn-synthetics-private-location" - ], - [ - "@kbn/task-manager-fixture-plugin", - "x-pack/test/alerting_api_integration/common/plugins/task_manager_fixture" - ], - [ - "@kbn/task-manager-performance-plugin", - "x-pack/test/plugin_api_perf/plugins/task_manager_performance" - ], - [ - "@kbn/task-manager-plugin", - "x-pack/platform/plugins/shared/task_manager" - ], - [ - "@kbn/telemetry-collection-manager-plugin", - "src/plugins/telemetry_collection_manager" - ], - [ - "@kbn/telemetry-collection-xpack-plugin", - "x-pack/plugins/telemetry_collection_xpack" - ], - [ - "@kbn/telemetry-management-section-plugin", - "src/plugins/telemetry_management_section" - ], - [ - "@kbn/telemetry-plugin", - "src/plugins/telemetry" - ], - [ - "@kbn/telemetry-test-plugin", - "test/plugin_functional/plugins/telemetry" - ], - [ - "@kbn/telemetry-tools", - "packages/kbn-telemetry-tools" - ], - [ - "@kbn/test", - "packages/kbn-test" - ], - [ - "@kbn/test-eui-helpers", - "packages/kbn-test-eui-helpers" - ], - [ - "@kbn/test-feature-usage-plugin", - "x-pack/test/licensing_plugin/plugins/test_feature_usage" - ], - [ - "@kbn/test-jest-helpers", - "packages/kbn-test-jest-helpers" - ], - [ - "@kbn/test-subj-selector", - "packages/kbn-test-subj-selector" - ], - [ - "@kbn/test-suites-serverless", - "x-pack/test_serverless" - ], - [ - "@kbn/test-suites-src", - "test" - ], - [ - "@kbn/test-suites-xpack", - "x-pack/test" - ], - [ - "@kbn/test-suites-xpack-performance", - "x-pack/performance" - ], - [ - "@kbn/testing-embedded-lens-plugin", - "x-pack/examples/testing_embedded_lens" - ], - [ - "@kbn/third-party-lens-navigation-prompt-plugin", - "x-pack/examples/third_party_lens_navigation_prompt" - ], - [ - "@kbn/third-party-vis-lens-example-plugin", - "x-pack/examples/third_party_vis_lens_example" - ], - [ - "@kbn/threat-intelligence-plugin", - "x-pack/solutions/security/plugins/threat_intelligence" - ], - [ - "@kbn/timelines-plugin", - "x-pack/solutions/security/plugins/timelines" - ], - [ - "@kbn/timelion-grammar", - "packages/kbn-timelion-grammar" - ], - [ - "@kbn/timerange", - "src/platform/packages/shared/kbn-timerange" - ], - [ - "@kbn/tinymath", - "packages/kbn-tinymath" - ], - [ - "@kbn/tooling-log", - "packages/kbn-tooling-log" - ], - [ - "@kbn/transform-plugin", - "x-pack/platform/plugins/private/transform" - ], - [ - "@kbn/translations-plugin", - "x-pack/platform/plugins/private/translations" - ], - [ - "@kbn/transpose-utils", - "packages/kbn-transpose-utils" - ], - [ - "@kbn/triggers-actions-ui-example-plugin", - "x-pack/examples/triggers_actions_ui_example" - ], - [ - "@kbn/triggers-actions-ui-plugin", - "x-pack/platform/plugins/shared/triggers_actions_ui" - ], - [ - "@kbn/triggers-actions-ui-types", - "src/platform/packages/shared/kbn-triggers-actions-ui-types" - ], - [ - "@kbn/try-in-console", - "packages/kbn-try-in-console" - ], - [ - "@kbn/ts-projects", - "packages/kbn-ts-projects" - ], - [ - "@kbn/ts-type-check-cli", - "packages/kbn-ts-type-check-cli" - ], - [ - "@kbn/typed-react-router-config", - "src/platform/packages/shared/kbn-typed-react-router-config" - ], - [ - "@kbn/ui-actions-browser", - "packages/kbn-ui-actions-browser" - ], - [ - "@kbn/ui-actions-enhanced-examples-plugin", - "x-pack/examples/ui_actions_enhanced_examples" - ], - [ - "@kbn/ui-actions-enhanced-plugin", - "src/plugins/ui_actions_enhanced" - ], - [ - "@kbn/ui-actions-examples-plugin", - "examples/ui_action_examples" - ], - [ - "@kbn/ui-actions-explorer-plugin", - "examples/ui_actions_explorer" - ], - [ - "@kbn/ui-actions-plugin", - "src/plugins/ui_actions" - ], - [ - "@kbn/ui-settings-plugin", - "test/plugin_functional/plugins/ui_settings_plugin" - ], - [ - "@kbn/ui-shared-deps-npm", - "packages/kbn-ui-shared-deps-npm" - ], - [ - "@kbn/ui-shared-deps-src", - "packages/kbn-ui-shared-deps-src" - ], - [ - "@kbn/ui-theme", - "packages/kbn-ui-theme" - ], - [ - "@kbn/unified-data-table", - "packages/kbn-unified-data-table" - ], - [ - "@kbn/unified-doc-viewer", - "packages/kbn-unified-doc-viewer" - ], - [ - "@kbn/unified-doc-viewer-examples", - "examples/unified_doc_viewer" - ], - [ - "@kbn/unified-doc-viewer-plugin", - "src/plugins/unified_doc_viewer" - ], - [ - "@kbn/unified-field-list", - "packages/kbn-unified-field-list" - ], - [ - "@kbn/unified-field-list-examples-plugin", - "examples/unified_field_list_examples" - ], - [ - "@kbn/unified-histogram-plugin", - "src/plugins/unified_histogram" - ], - [ - "@kbn/unified-search-plugin", - "src/plugins/unified_search" - ], - [ - "@kbn/unsaved-changes-badge", - "packages/kbn-unsaved-changes-badge" - ], - [ - "@kbn/unsaved-changes-prompt", - "src/platform/packages/shared/kbn-unsaved-changes-prompt" - ], - [ - "@kbn/upgrade-assistant-plugin", - "x-pack/plugins/upgrade_assistant" - ], - [ - "@kbn/uptime-plugin", - "x-pack/solutions/observability/plugins/uptime" - ], - [ - "@kbn/url-drilldown-plugin", - "x-pack/plugins/drilldowns/url_drilldown" - ], - [ - "@kbn/url-forwarding-plugin", - "src/plugins/url_forwarding" - ], - [ - "@kbn/usage-collection-plugin", - "src/plugins/usage_collection" - ], - [ - "@kbn/usage-collection-test-plugin", - "test/plugin_functional/plugins/usage_collection" - ], - [ - "@kbn/use-tracked-promise", - "packages/kbn-use-tracked-promise" - ], - [ - "@kbn/user-profile-components", - "packages/kbn-user-profile-components" - ], - [ - "@kbn/user-profile-examples-plugin", - "examples/user_profile_examples" - ], - [ - "@kbn/user-profiles-consumer-plugin", - "x-pack/test/security_api_integration/plugins/user_profiles_consumer" - ], - [ - "@kbn/utility-types", - "packages/kbn-utility-types" - ], - [ - "@kbn/utility-types-jest", - "packages/kbn-utility-types-jest" - ], - [ - "@kbn/utils", - "packages/kbn-utils" - ], - [ - "@kbn/ux-plugin", - "x-pack/solutions/observability/plugins/ux" - ], - [ - "@kbn/v8-profiler-examples-plugin", - "examples/v8_profiler_examples" - ], - [ - "@kbn/validate-next-docs-cli", - "packages/kbn-validate-next-docs-cli" - ], - [ - "@kbn/vis-default-editor-plugin", - "src/plugins/vis_default_editor" - ], - [ - "@kbn/vis-type-gauge-plugin", - "src/plugins/vis_types/gauge" - ], - [ - "@kbn/vis-type-heatmap-plugin", - "src/plugins/vis_types/heatmap" - ], - [ - "@kbn/vis-type-markdown-plugin", - "src/platform/plugins/private/vis_type_markdown" - ], - [ - "@kbn/vis-type-metric-plugin", - "src/plugins/vis_types/metric" - ], - [ - "@kbn/vis-type-pie-plugin", - "src/plugins/vis_types/pie" - ], - [ - "@kbn/vis-type-table-plugin", - "src/plugins/vis_types/table" - ], - [ - "@kbn/vis-type-tagcloud-plugin", - "src/plugins/vis_types/tagcloud" - ], - [ - "@kbn/vis-type-timelion-plugin", - "src/plugins/vis_types/timelion" - ], - [ - "@kbn/vis-type-timeseries-plugin", - "src/plugins/vis_types/timeseries" - ], - [ - "@kbn/vis-type-vega-plugin", - "src/plugins/vis_types/vega" - ], - [ - "@kbn/vis-type-vislib-plugin", - "src/plugins/vis_types/vislib" - ], - [ - "@kbn/vis-type-xy-plugin", - "src/plugins/vis_types/xy" - ], - [ - "@kbn/visualization-ui-components", - "packages/kbn-visualization-ui-components" - ], - [ - "@kbn/visualization-utils", - "packages/kbn-visualization-utils" - ], - [ - "@kbn/visualizations-plugin", - "src/plugins/visualizations" - ], - [ - "@kbn/watcher-plugin", - "x-pack/platform/plugins/private/watcher" - ], - [ - "@kbn/web-worker-stub", - "packages/kbn-web-worker-stub" - ], - [ - "@kbn/whereis-pkg-cli", - "packages/kbn-whereis-pkg-cli" - ], - [ - "@kbn/xstate-utils", - "src/platform/packages/shared/kbn-xstate-utils" - ], - [ - "@kbn/yarn-lock-validator", - "packages/kbn-yarn-lock-validator" - ], - [ - "@kbn/zod", - "packages/kbn-zod" - ], - [ - "@kbn/zod-helpers", - "src/platform/packages/shared/kbn-zod-helpers" - ] -] \ No newline at end of file From f272c1eb492499d2f83deafd608fe7b8e28d47af Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Wed, 8 Jan 2025 16:41:56 -0800 Subject: [PATCH 04/14] removing files from a separate task --- .../updates/simple_update.json | 6 ++--- .../updates/simple_update_item.json | 4 ++-- .../exceptions/items/essentials_tier/index.ts | 22 +++++++++---------- .../exceptions/lists/essentials_tier/index.ts | 22 +++++++++---------- .../assignments/assignments.cy.ts | 6 ++--- .../rule_creation/esql_rule.cy.ts | 9 ++++---- .../rule_creation/indicator_match_rule.cy.ts | 1 - .../rule_edit/eql_query_rule.cy.ts | 6 ++--- .../rule_edit/esql_rule.cy.ts | 10 ++++----- .../value_lists/value_list_items.cy.ts | 6 ++--- 10 files changed, 45 insertions(+), 47 deletions(-) diff --git a/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update.json b/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update.json index 727f06d5c5bf3..15a6f495b7a8f 100644 --- a/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update.json +++ b/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update.json @@ -1,8 +1,8 @@ { "list_id": "simple_list", - "tags": ["draft", "malware"], - "type": "detection", + "tags": ["user added string for a tag", "malware"], + "type": "endpoint", "os_types": ["linux"], "description": "Different description", - "name": "Updated exception list name" + "name": "Sample Endpoint Exception List" } diff --git a/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update_item.json b/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update_item.json index 256324815a18b..5c0ba447effdd 100644 --- a/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update_item.json +++ b/x-pack/solutions/security/plugins/lists/server/scripts/exception_lists/updates/simple_update_item.json @@ -1,6 +1,6 @@ { "comments": [], - "description": "Updated description", + "description": "Test comments - exception list item", "entries": [ { "field": "host.name", @@ -10,7 +10,7 @@ } ], "item_id": "simple_list_item", - "name": "Updated name", + "name": "Test comments - exception list item", "namespace_type": "single", "tags": [], "type": "simple" diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/items/essentials_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/items/essentials_tier/index.ts index f3351c7e00cf9..35f627cd8dede 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/items/essentials_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/items/essentials_tier/index.ts @@ -8,17 +8,17 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('Exception items APIs Authentication - Complete Tier', function () { - // loadTestFile(require.resolve('./tier_1_analyst')); - // loadTestFile(require.resolve('./tier_2_analyst')); - // loadTestFile(require.resolve('./threat_intel_analyst')); - // loadTestFile(require.resolve('./tier_3_analyst')); - // loadTestFile(require.resolve('./viewer')); - // loadTestFile(require.resolve('./rule_author')); - // loadTestFile(require.resolve('./soc_manager')); - // loadTestFile(require.resolve('./endpoint_operations_analyst')); - // loadTestFile(require.resolve('./endpoint_policy_manager')); - // loadTestFile(require.resolve('./platform_engineer')); + loadTestFile(require.resolve('./tier_1_analyst')); + loadTestFile(require.resolve('./tier_2_analyst')); + loadTestFile(require.resolve('./threat_intel_analyst')); + loadTestFile(require.resolve('./tier_3_analyst')); + loadTestFile(require.resolve('./viewer')); + loadTestFile(require.resolve('./rule_author')); + loadTestFile(require.resolve('./soc_manager')); + loadTestFile(require.resolve('./endpoint_operations_analyst')); + loadTestFile(require.resolve('./endpoint_policy_manager')); + loadTestFile(require.resolve('./platform_engineer')); loadTestFile(require.resolve('./editor')); - // loadTestFile(require.resolve('./admin')); + loadTestFile(require.resolve('./admin')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/lists/essentials_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/lists/essentials_tier/index.ts index 30f9ce73430ec..d3295ee8457c1 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/lists/essentials_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/authorization/exceptions/lists/essentials_tier/index.ts @@ -8,17 +8,17 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('Exception list APIs Authentication - Complete Tier', function () { - // loadTestFile(require.resolve('./tier_1_analyst')); - // loadTestFile(require.resolve('./tier_2_analyst')); - // loadTestFile(require.resolve('./threat_intel_analyst')); - // loadTestFile(require.resolve('./tier_3_analyst')); - // loadTestFile(require.resolve('./viewer')); - // loadTestFile(require.resolve('./rule_author')); - // loadTestFile(require.resolve('./soc_manager')); - // loadTestFile(require.resolve('./endpoint_operations_analyst')); - // loadTestFile(require.resolve('./endpoint_policy_manager')); - // loadTestFile(require.resolve('./platform_engineer')); - // loadTestFile(require.resolve('./editor')); + loadTestFile(require.resolve('./tier_1_analyst')); + loadTestFile(require.resolve('./tier_2_analyst')); + loadTestFile(require.resolve('./threat_intel_analyst')); + loadTestFile(require.resolve('./tier_3_analyst')); + loadTestFile(require.resolve('./viewer')); + loadTestFile(require.resolve('./rule_author')); + loadTestFile(require.resolve('./soc_manager')); + loadTestFile(require.resolve('./endpoint_operations_analyst')); + loadTestFile(require.resolve('./endpoint_policy_manager')); + loadTestFile(require.resolve('./platform_engineer')); + loadTestFile(require.resolve('./editor')); loadTestFile(require.resolve('./admin')); }); } diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts index fa6c20a639e6a..d1e800f13672a 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts @@ -40,7 +40,8 @@ import { } from '../../../../../tasks/alert_assignments'; import { ALERTS_COUNT } from '../../../../../screens/alerts'; -describe('Alert user assignment - ESS & Serverless', { tags: ['@ess', '@serverless'] }, () => { +// FLAKY: https://github.com/elastic/kibana/issues/183787 +describe.skip('Alert user assignment - ESS & Serverless', { tags: ['@ess', '@serverless'] }, () => { before(() => { cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' }); }); @@ -203,8 +204,7 @@ describe('Alert user assignment - ESS & Serverless', { tags: ['@ess', '@serverle cy.get(ALERTS_COUNT).contains(numberOfSelectedAlerts); }); - // FLAKY: https://github.com/elastic/kibana/issues/183787 - it.skip('by assignee and alert status', () => { + it('by assignee and alert status', () => { const totalNumberOfAlerts = 5; const numberOfAssignedAlerts = 3; selectNumberOfAlerts(numberOfAssignedAlerts); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts index d576a52fb4a24..64423a921e595 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts @@ -67,7 +67,8 @@ const workaroundForResizeObserver = () => } }); -describe( +// Failing: See https://github.com/elastic/kibana/issues/184558 +describe.skip( 'Detection ES|QL rules, creation', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], @@ -214,8 +215,7 @@ describe( login(); visit(CREATE_RULE_URL); }); - // Failing: See https://github.com/elastic/kibana/issues/184558 - xit('shows custom ES|QL field in investigation fields autocomplete and saves it in rule', function () { + it('shows custom ES|QL field in investigation fields autocomplete and saves it in rule', function () { const CUSTOM_ESQL_FIELD = '_custom_agent_name'; const queryWithCustomFields = [ `from auditbeat* metadata _id, _version, _index`, @@ -248,8 +248,7 @@ describe( login(); visit(CREATE_RULE_URL); }); - // Failing: See https://github.com/elastic/kibana/issues/184558 - xit('shows custom ES|QL field in investigation fields autocomplete and saves it in rule', function () { + it('shows custom ES|QL field in investigation fields autocomplete and saves it in rule', function () { const CUSTOM_ESQL_FIELD = '_custom_agent_name'; const SUPPRESS_BY_FIELDS = [CUSTOM_ESQL_FIELD, 'agent.type']; diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts index bf04321fb5f82..deccc1a205f61 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts @@ -213,7 +213,6 @@ describe('indicator match', { tags: ['@ess', '@serverless', '@skipInServerlessMK }); // FLAKY: https://github.com/elastic/kibana/issues/182669 - // FLAKY: https://github.com/elastic/kibana/issues/179187 describe.skip('Indicator mapping', () => { beforeEach(() => { const rule = getNewThreatIndicatorRule(); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/eql_query_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/eql_query_rule.cy.ts index 4e90c1c204216..d7bd6d8ebce77 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/eql_query_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/eql_query_rule.cy.ts @@ -15,15 +15,15 @@ import { } from '../../../../tasks/edit_rule'; import { login } from '../../../../tasks/login'; -describe('EQL query rules', { tags: ['@ess', '@serverless'] }, () => { +// Failing: See https://github.com/elastic/kibana/issues/201334 +describe.skip('EQL query rules', { tags: ['@ess', '@serverless'] }, () => { context('Editing rule with non-blocking query validation errors', () => { beforeEach(() => { login(); deleteAlertsAndRules(); }); - // Failing: See https://github.com/elastic/kibana/issues/201334 - xit('should allow user to save a rule and show confirmation modal when data source does not exist', () => { + it('should allow user to save a rule and show confirmation modal when data source does not exist', () => { const rule = { ...getEqlRule(), index: ['fake*'], diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts index 592207b0980e9..33589e6655174 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts @@ -56,7 +56,9 @@ const expectedValidEsqlQuery = 'from auditbeat* | stats _count=count(event.category) by event.category'; // Skipping in MKI due to flake -describe( +// Failing: See https://github.com/elastic/kibana/issues/184557 +// Failing: See https://github.com/elastic/kibana/issues/184556 +describe.skip( 'Detection ES|QL rules, edit', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], @@ -128,8 +130,7 @@ describe( }); }); - // Failing: See https://github.com/elastic/kibana/issues/184556 - it.skip('displays suppress options correctly on edit form and allows its editing', () => { + it('displays suppress options correctly on edit form and allows its editing', () => { visit(RULES_MANAGEMENT_URL); interceptEsqlQueryFieldsRequest(expectedValidEsqlQuery, 'esqlSuppressionFieldsRequest'); @@ -173,8 +174,7 @@ describe( }); }); - // Failing: See https://github.com/elastic/kibana/issues/184557 - it.skip('enables suppression on time interval', () => { + it('enables suppression on time interval', () => { visit(RULES_MANAGEMENT_URL); interceptEsqlQueryFieldsRequest(expectedValidEsqlQuery, 'esqlSuppressionFieldsRequest'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items.cy.ts index 993243d1ee55a..11fb0aa197450 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items.cy.ts @@ -41,7 +41,8 @@ import { import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management'; import { getDefaultUsername } from '../../../../tasks/common/users'; -describe( +// Failing: See https://github.com/elastic/kibana/issues/183713 +describe.skip( 'Value list items', { tags: ['@ess', '@serverless'], @@ -121,8 +122,7 @@ describe( ); }); - // Failing: See https://github.com/elastic/kibana/issues/183713 - it.skip('displays a toaster error when list item actions fail', () => { + it('displays a toaster error when list item actions fail', () => { mockCreateListItemError(); mockUpdateListItemError(); mockDeleteListItemError(); From 2f7e5f8c73daaedfb3dc542c98dde605c93a4b07 Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Wed, 8 Jan 2025 16:44:49 -0800 Subject: [PATCH 05/14] removing files from a separate task --- .../security/plugins/security_solution/jest.config.dev.js | 2 +- .../services/security_solution_exceptions_api.gen.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/jest.config.dev.js b/x-pack/solutions/security/plugins/security_solution/jest.config.dev.js index f8d3538785c33..af3cb65d0547c 100644 --- a/x-pack/solutions/security/plugins/security_solution/jest.config.dev.js +++ b/x-pack/solutions/security/plugins/security_solution/jest.config.dev.js @@ -9,7 +9,7 @@ module.exports = { preset: '@kbn/test', rootDir: '../../../../../', projects: [ - // '/x-pack/solutions/security/plugins/security_solution/common/*/jest.config.js', + '/x-pack/solutions/security/plugins/security_solution/common/*/jest.config.js', '/x-pack/solutions/security/plugins/security_solution/server/*/jest.config.js', '/x-pack/solutions/security/plugins/security_solution/public/*/jest.config.js', '/x-pack/solutions/security/plugins/security_solution/scripts/junit_transformer/*/jest.config.js', diff --git a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts index 33f806fbb4695..e9c26ad55ebf3 100644 --- a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts @@ -166,7 +166,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) .query(props.query); }, /** - * Get a list of all exception list containers. + * Get a list of all exception lists. */ findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { return supertest From 9ff46ce3e0032c2f55edb993abf842fb49fd5b7a Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 9 Jan 2025 01:06:49 +0000 Subject: [PATCH 06/14] [CI] Auto-commit changed files from 'yarn openapi:generate' --- .../services/security_solution_exceptions_api.gen.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts index e9c26ad55ebf3..33f806fbb4695 100644 --- a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts @@ -166,7 +166,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) .query(props.query); }, /** - * Get a list of all exception lists. + * Get a list of all exception list containers. */ findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { return supertest From 7398176197a3b91021296dc3e87723db27b5b3d9 Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Wed, 8 Jan 2025 23:36:01 -0800 Subject: [PATCH 07/14] addressing pr feedback and adding more examples --- .../create_exception_list.schema.yaml | 80 ++- .../create_exception_list_item.schema.yaml | 177 +++++- .../create_rule_exceptions.schema.yaml | 15 +- .../delete_exception_list.schema.yaml | 17 +- .../delete_exception_list_item.schema.yaml | 26 +- .../duplicate_exception_list.schema.yaml | 7 + .../export_exception_list.schema.yaml | 11 + .../find_exception_list_items.schema.yaml | 18 + .../find_exception_lists.schema.yaml | 12 + .../import_exceptions.schema.yaml | 7 + .../read_exception_list.schema.yaml | 17 + .../read_exception_list_item.schema.yaml | 18 + .../read_exception_list_summary.schema.yaml | 17 + .../update_exception_list.schema.yaml | 17 + .../update_exception_list_item.schema.yaml | 18 + ...eptions_api_2023_10_31.bundled.schema.yaml | 544 +++++++++++++++++- ...eptions_api_2023_10_31.bundled.schema.yaml | 544 +++++++++++++++++- .../security_solution_exceptions_api.gen.ts | 2 +- 18 files changed, 1512 insertions(+), 35 deletions(-) diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml index 286289ec3abd6..299190581d08c 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml @@ -62,7 +62,7 @@ paths: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' examples: - simpleList: + detectionExceptionList: value: id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 list_id: simple_list @@ -80,6 +80,66 @@ paths: created_by: elastic updated_at: '2025-01-07T19:34:27.942Z' updated_by: elastic + endpointExceptionList: + value: + id: a79f4730-6e32-4278-abfc-349c0add7d54 + list_id: endpoint_list + type: endpoint + name: Sample Endpoint Exception List + description: This is a sample endpoint type exception list. + immutable: false + namespace_type: single + os_types: [linux] + tags: [malware] + version: 1 + _version: WzQsMV0= + tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee + created_at: | + 2025-01-09T01:07:49.658Z + created_by: elastic + updated_at: | + 2025-01-09T01:07:49.658Z + updated_by: elastic + agnosticExceptionList: + value: + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + type: endpoint + name: Sample Agnostic Endpoint Exception List + description: This is a sample agnostic endpoint type exception. + immutable: false + namespace_type: agnostic + os_types: [linux] + tags: [malware] + version: 1 + _version: WzUsMV0= + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + created_at: | + 2025-01-09T01:10:36.369Z + created_by: elastic + updated_at: | + 2025-01-09T01:10:36.369Z + updated_by: elastic + autogeneratedListId: + value: + id: 28243c2f-624a-4443-823d-c0b894880931 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + type: detection + name: Sample Detection Exception List + description: This is a sample detection type exception with an autogenerated list_id. + immutable: false + namespace_type: single + os_types: [] + tags: [malware] + version: 1 + _version: WzMsMV0= + tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 + created_at: | + 2025-01-09T01:05:23.019Z + created_by: elastic + updated_at: | + 2025-01-09T01:05:23.020Z + updated_by: elastic 400: description: Invalid input data response content: @@ -88,12 +148,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request body]: list_id: Expected string, received number 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + authenticationFailure: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -106,6 +178,12 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + alreadyExists: + value: + message: | + exception list id: \simple_list\ already exists + status_code: 409 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml index 48990c9d6accc..9ddcc3948e364 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml @@ -81,7 +81,7 @@ paths: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItem' examples: - simpleListItem: + detectionExceptionListItem: value: id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 item_id: simple_list_item @@ -93,6 +93,49 @@ paths: - type: exists field: actingProcess.file.signer operator: excluded + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic + autogeneratedItemId: + value: + id: 323faa75-c657-4fa0-9084-8827612c207b + item_id: 80e6edf7-4b13-4414-858f-2fa74aa52b37 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + type: simple + name: Sample Autogenerated Exception List Item ID + description: This is a sample exception that has no item_id so it is autogenerated. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + namespace_type: single + os_types: [] + tags: [malware] + comments: [] + _version: WzYsMV0= + tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 + created_at: | + 2025-01-09T01:16:23.322Z + created_by: elastic + updated_at: | + 2025-01-09T01:16:23.322Z + updated_by: elastic + withMatchAnyEntry: + value: + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: - type: match_any field: host.name value: [saturn, jupiter] @@ -103,9 +146,119 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchEntry: + value: + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: match + field: actingProcess.file.signer + value: Elastic N.V. + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withNestedEntry: + value: + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: nested + field: file.signature + entries: + - type: match + field: signer + value: Evil + operator: included + - type: match + field: trusted + value: true + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withExistEntry: + value: + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withValueListEntry: + value: + id: deb26876-297d-4677-8a1f-35467d2f1c4f + item_id: 686b129e-9b8d-4c59-8d8d-c93a9ea82c71 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + type: simple + name: Filter out good guys ip and agent.name rock01 + description: Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list + entries: + - type: list + field: source.ip + list: + id: goodguys.txt + type: ip + operator: excluded + namespace_type: single + os_types: [] + tags: [malware] + comments: [] + _version: WzcsMV0= + tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 + created_at: | + 2025-01-09T01:31:12.614Z + created_by: elastic + updated_at: | + 2025-01-09T01:31:12.614Z updated_by: elastic 400: description: Invalid input data response @@ -115,12 +268,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400, + error: Bad Request, + message: | + [request body]: list_id: Expected string, received number 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -133,6 +298,12 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + alreadyExists: + value: + message: | + exception list item id: \"simple_list_item\" already exists + status_code: 409 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml index 2ae997928eb6d..2d266678e900f 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml @@ -60,7 +60,7 @@ paths: examples: simpleList: value: - items: + ruleExceptionItems: - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 item_id: simple_list_item list_id: simple_list @@ -81,9 +81,11 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic 400: description: Invalid input data response @@ -99,6 +101,13 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml index 5358f101c1ed3..52c02d4f02205 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml @@ -40,7 +40,7 @@ paths: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' examples: - simpleList: + detectionExceptionList: value: id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 list_id: simple_list @@ -66,12 +66,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -87,7 +99,8 @@ paths: examples: notFound: value: - message: 'exception list list_id: simple-list does not exist' + message: | + exception list list_id: "foo" does not exist status_code: 404 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml index 84305302e605e..fd43402b77a63 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml @@ -40,7 +40,7 @@ paths: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItem' examples: - simpleListItem: + simpleExceptionItem: value: id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 item_id: simple_list_item @@ -62,9 +62,11 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic 400: description: Invalid input data response @@ -74,12 +76,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -92,6 +106,12 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml index c7dc27edd1eba..dcf5d6a1ea754 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml @@ -54,6 +54,13 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml index f5fa92dc15723..e498ee64e87e2 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml @@ -63,6 +63,13 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -75,6 +82,10 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml index 3a8cb72f1811f..8c461c4624a0a 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml @@ -148,12 +148,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -166,6 +178,12 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list list_id: "foo" does not exist + status_code: 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml index e190846654aa6..dbeff2915ba7f 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml @@ -125,12 +125,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml index 35b3314814ed0..fc4401771c308 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml @@ -114,6 +114,13 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml index 7a904f1a783e7..bc51bbc8bae9c 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml @@ -66,12 +66,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -84,6 +96,11 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml index b6e8436897303..ee9fc55604641 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml @@ -74,12 +74,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -92,6 +104,12 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml index 439b3301f0093..94ed9add46a3c 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml @@ -74,12 +74,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -92,6 +104,11 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml index 7d57a5346bc4e..361cf2e2240d7 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml @@ -90,12 +90,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request body]: list_id: Expected string, received number 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -108,6 +120,11 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml index e95c259e2c3f0..b43055c283e10 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml @@ -109,12 +109,24 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + example: + statusCode: 400 + error: Bad Request + message: | + [request body]: item_id: Expected string, received number 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -127,6 +139,12 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index def416d78c104..02264bbb41db8 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -68,10 +68,11 @@ paths: examples: simpleList: value: - items: + ruleExceptionItems: - _version: WzQsMV0= comments: [] - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -95,7 +96,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: items: @@ -115,6 +117,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -162,7 +175,7 @@ paths: content: application/json: examples: - simpleList: + detectionExceptionList: value: _version: WzIsMV0= created_at: 2025-01-07T19:34:27.942Z @@ -189,6 +202,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -198,6 +217,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -211,7 +241,8 @@ paths: examples: notFound: value: - message: 'exception list list_id: simple-list does not exist' + message: | + exception list list_id: "foo" does not exist status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -282,6 +313,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -291,6 +328,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -303,6 +351,11 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 description: Exception list item not found response '500': content: @@ -376,7 +429,52 @@ paths: content: application/json: examples: - simpleList: + agnosticExceptionList: + value: + _version: WzUsMV0= + created_at: | + 2025-01-09T01:10:36.369Z + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: | + 2025-01-09T01:10:36.369Z + updated_by: elastic + version: 1 + autogeneratedListId: + value: + _version: WzMsMV0= + created_at: | + 2025-01-09T01:05:23.019Z + created_by: elastic + description: >- + This is a sample detection type exception with an + autogenerated list_id. + id: 28243c2f-624a-4443-823d-c0b894880931 + immutable: false + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 + type: detection + updated_at: | + 2025-01-09T01:05:23.020Z + updated_by: elastic + version: 1 + detectionExceptionList: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -396,6 +494,28 @@ paths: updated_at: '2025-01-07T19:34:27.942Z' updated_by: elastic version: 1 + endpointExceptionList: + value: + _version: WzQsMV0= + created_at: | + 2025-01-09T01:07:49.658Z + created_by: elastic + description: This is a sample endpoint type exception list. + id: a79f4730-6e32-4278-abfc-349c0add7d54 + immutable: false + list_id: endpoint_list + name: Sample Endpoint Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee + type: endpoint + updated_at: | + 2025-01-09T01:07:49.658Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -403,6 +523,11 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -412,6 +537,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + authenticationFailure: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -424,6 +560,12 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + alreadyExists: + value: + message: | + exception list id: \simple_list\ already exists + status_code: 409 description: Exception list already exists response '500': content: @@ -513,6 +655,11 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -522,6 +669,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -534,6 +692,11 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 description: Exception list not found response '500': content: @@ -595,6 +758,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -690,6 +864,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -702,6 +887,10 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 description: Exception list not found response '500': content: @@ -838,6 +1027,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -847,6 +1042,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -977,6 +1183,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1024,11 +1241,12 @@ paths: content: application/json: examples: - simpleListItem: + simpleExceptionItem: value: _version: WzQsMV0= comments: [] - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1052,7 +1270,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1061,6 +1280,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1070,6 +1295,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1082,6 +1318,12 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 description: Exception list item not found response '500': content: @@ -1161,6 +1403,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1170,6 +1418,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1182,6 +1441,12 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 description: Exception list item not found response '500': content: @@ -1270,7 +1535,34 @@ paths: content: application/json: examples: - simpleListItem: + autogeneratedItemId: + value: + _version: WzYsMV0= + comments: [] + created_at: | + 2025-01-09T01:16:23.322Z + created_by: elastic + description: >- + This is a sample exception that has no item_id so it is + autogenerated. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 323faa75-c657-4fa0-9084-8827612c207b + item_id: 80e6edf7-4b13-4414-858f-2fa74aa52b37 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Autogenerated Exception List Item ID + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 + type: simple + updated_at: | + 2025-01-09T01:16:23.322Z + updated_by: elastic + detectionExceptionListItem: value: _version: WzQsMV0= comments: [] @@ -1281,6 +1573,54 @@ paths: - field: actingProcess.file.signer operator: excluded type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic + withExistEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchAnyEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: - field: host.name operator: included type: match_any @@ -1298,7 +1638,99 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: included + type: match + value: Elastic N.V. + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withNestedEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - entries: + - field: signer + operator: included + type: match + value: Evil + - field: trusted + operator: included + type: match + value: true + field: file.signature + type: nested + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withValueListEntry: + value: + _version: WzcsMV0= + comments: [] + created_at: | + 2025-01-09T01:31:12.614Z + created_by: elastic + description: >- + Don't signal when agent.name is rock01 and source.ip is in + the goodguys.txt list + entries: + - field: source.ip + list: + id: goodguys.txt + type: ip + operator: excluded + type: list + id: deb26876-297d-4677-8a1f-35467d2f1c4f + item_id: 686b129e-9b8d-4c59-8d8d-c93a9ea82c71 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Filter out good guys ip and agent.name rock01 + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 + type: simple + updated_at: | + 2025-01-09T01:31:12.614Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1307,6 +1739,11 @@ paths: content: application/json: schema: + example: + error: Bad Request, + message: | + [request body]: list_id: Expected string, received number + statusCode: 400, oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1316,6 +1753,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1328,6 +1776,13 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + alreadyExists: + value: + message: > + exception list item id: \"simple_list_item\" already + exists + status_code: 409 description: Exception list item already exists response '500': content: @@ -1436,6 +1891,11 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: | + [request body]: item_id: Expected string, received number + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1445,6 +1905,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1457,6 +1928,12 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 description: Exception list item not found response '500': content: @@ -1618,6 +2095,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1627,6 +2110,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1637,6 +2131,12 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: | + exception list list_id: "foo" does not exist + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Exception list not found response @@ -1715,6 +2215,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1724,6 +2230,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1736,6 +2253,11 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 description: Exception list not found response '500': content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index b92a2a4ed1073..d18cfcc569d0f 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -68,10 +68,11 @@ paths: examples: simpleList: value: - items: + ruleExceptionItems: - _version: WzQsMV0= comments: [] - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -95,7 +96,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: items: @@ -115,6 +117,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -162,7 +175,7 @@ paths: content: application/json: examples: - simpleList: + detectionExceptionList: value: _version: WzIsMV0= created_at: 2025-01-07T19:34:27.942Z @@ -189,6 +202,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -198,6 +217,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -211,7 +241,8 @@ paths: examples: notFound: value: - message: 'exception list list_id: simple-list does not exist' + message: | + exception list list_id: "foo" does not exist status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -282,6 +313,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -291,6 +328,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -303,6 +351,11 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 description: Exception list item not found response '500': content: @@ -376,7 +429,52 @@ paths: content: application/json: examples: - simpleList: + agnosticExceptionList: + value: + _version: WzUsMV0= + created_at: | + 2025-01-09T01:10:36.369Z + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: | + 2025-01-09T01:10:36.369Z + updated_by: elastic + version: 1 + autogeneratedListId: + value: + _version: WzMsMV0= + created_at: | + 2025-01-09T01:05:23.019Z + created_by: elastic + description: >- + This is a sample detection type exception with an + autogenerated list_id. + id: 28243c2f-624a-4443-823d-c0b894880931 + immutable: false + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 + type: detection + updated_at: | + 2025-01-09T01:05:23.020Z + updated_by: elastic + version: 1 + detectionExceptionList: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -396,6 +494,28 @@ paths: updated_at: '2025-01-07T19:34:27.942Z' updated_by: elastic version: 1 + endpointExceptionList: + value: + _version: WzQsMV0= + created_at: | + 2025-01-09T01:07:49.658Z + created_by: elastic + description: This is a sample endpoint type exception list. + id: a79f4730-6e32-4278-abfc-349c0add7d54 + immutable: false + list_id: endpoint_list + name: Sample Endpoint Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee + type: endpoint + updated_at: | + 2025-01-09T01:07:49.658Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response @@ -403,6 +523,11 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -412,6 +537,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + authenticationFailure: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -424,6 +560,12 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + alreadyExists: + value: + message: | + exception list id: \simple_list\ already exists + status_code: 409 description: Exception list already exists response '500': content: @@ -513,6 +655,11 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -522,6 +669,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -534,6 +692,11 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 description: Exception list not found response '500': content: @@ -595,6 +758,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -690,6 +864,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -702,6 +887,10 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 description: Exception list not found response '500': content: @@ -838,6 +1027,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -847,6 +1042,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -977,6 +1183,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1024,11 +1241,12 @@ paths: content: application/json: examples: - simpleListItem: + simpleExceptionItem: value: _version: WzQsMV0= comments: [] - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1052,7 +1270,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1061,6 +1280,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1070,6 +1295,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1082,6 +1318,12 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 description: Exception list item not found response '500': content: @@ -1161,6 +1403,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1170,6 +1418,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1182,6 +1441,12 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 description: Exception list item not found response '500': content: @@ -1270,7 +1535,34 @@ paths: content: application/json: examples: - simpleListItem: + autogeneratedItemId: + value: + _version: WzYsMV0= + comments: [] + created_at: | + 2025-01-09T01:16:23.322Z + created_by: elastic + description: >- + This is a sample exception that has no item_id so it is + autogenerated. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 323faa75-c657-4fa0-9084-8827612c207b + item_id: 80e6edf7-4b13-4414-858f-2fa74aa52b37 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Autogenerated Exception List Item ID + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 + type: simple + updated_at: | + 2025-01-09T01:16:23.322Z + updated_by: elastic + detectionExceptionListItem: value: _version: WzQsMV0= comments: [] @@ -1281,6 +1573,54 @@ paths: - field: actingProcess.file.signer operator: excluded type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: 2025-01-07T20:07:33.119Z + updated_by: elastic + withExistEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchAnyEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: - field: host.name operator: included type: match_any @@ -1298,7 +1638,99 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: included + type: match + value: Elastic N.V. + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withNestedEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - entries: + - field: signer + operator: included + type: match + value: Evil + - field: trusted + operator: included + type: match + value: true + field: file.signature + type: nested + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withValueListEntry: + value: + _version: WzcsMV0= + comments: [] + created_at: | + 2025-01-09T01:31:12.614Z + created_by: elastic + description: >- + Don't signal when agent.name is rock01 and source.ip is in + the goodguys.txt list + entries: + - field: source.ip + list: + id: goodguys.txt + type: ip + operator: excluded + type: list + id: deb26876-297d-4677-8a1f-35467d2f1c4f + item_id: 686b129e-9b8d-4c59-8d8d-c93a9ea82c71 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Filter out good guys ip and agent.name rock01 + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 + type: simple + updated_at: | + 2025-01-09T01:31:12.614Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1307,6 +1739,11 @@ paths: content: application/json: schema: + example: + error: Bad Request, + message: | + [request body]: list_id: Expected string, received number + statusCode: 400, oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1316,6 +1753,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + cannotAuthenticate: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1328,6 +1776,13 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + alreadyExists: + value: + message: > + exception list item id: \"simple_list_item\" already + exists + status_code: 409 description: Exception list item already exists response '500': content: @@ -1436,6 +1891,11 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: | + [request body]: item_id: Expected string, received number + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1445,6 +1905,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1457,6 +1928,12 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 description: Exception list item not found response '500': content: @@ -1618,6 +2095,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1627,6 +2110,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1637,6 +2131,12 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: | + exception list list_id: "foo" does not exist + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Exception list not found response @@ -1715,6 +2215,12 @@ paths: content: application/json: schema: + example: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1724,6 +2230,17 @@ paths: application/json: schema: $ref: '#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1736,6 +2253,11 @@ paths: application/json: schema: $ref: '#/components/schemas/SiemErrorResponse' + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 description: Exception list not found response '500': content: diff --git a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts index e9c26ad55ebf3..33f806fbb4695 100644 --- a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts @@ -166,7 +166,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) .query(props.query); }, /** - * Get a list of all exception lists. + * Get a list of all exception list containers. */ findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { return supertest From a89b2e95466014c5298f9d5ec8ddcc1ddc71cb7a Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Thu, 9 Jan 2025 09:40:24 -0800 Subject: [PATCH 08/14] addressing pr feedback and adding more examples --- .../create_exception_list.schema.yaml | 43 +- .../create_exception_list_item.schema.yaml | 43 +- .../create_rule_exceptions.schema.yaml | 87 +- .../delete_exception_list.schema.yaml | 31 +- .../delete_exception_list_item.schema.yaml | 31 +- .../duplicate_exception_list.schema.yaml | 47 +- .../export_exception_list.schema.yaml | 33 +- .../find_exception_list_items.schema.yaml | 31 +- .../find_exception_lists.schema.yaml | 31 +- .../import_exceptions.schema.yaml | 41 +- .../read_exception_list.schema.yaml | 41 +- .../read_exception_list_item.schema.yaml | 49 +- .../read_exception_list_summary.schema.yaml | 42 +- .../update_exception_list.schema.yaml | 47 +- .../update_exception_list_item.schema.yaml | 43 +- ...eptions_api_2023_10_31.bundled.schema.yaml | 809 +++++++++++------- ...eptions_api_2023_10_31.bundled.schema.yaml | 809 +++++++++++------- .../execute/execute.schema.yaml | 8 + 18 files changed, 1421 insertions(+), 845 deletions(-) diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml index 299190581d08c..f95e9f24b7bd6 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml @@ -148,24 +148,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request body]: list_id: Expected string, received number + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request body]: list_id: Expected string, received number 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - authenticationFailure: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -178,15 +180,20 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - examples: - alreadyExists: - value: - message: | - exception list id: \simple_list\ already exists - status_code: 409 + examples: + alreadyExists: + value: + message: | + exception list id: \simple_list\ already exists + status_code: 409 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml index 9ddcc3948e364..b78cf358b60cc 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml @@ -268,24 +268,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400, - error: Bad Request, - message: | - [request body]: list_id: Expected string, received number + examples: + badRequest: + value: + statusCode: 400, + error: Bad Request, + message: | + [request body]: list_id: Expected string, received number 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -298,18 +300,23 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - examples: - alreadyExists: - value: - message: | - exception list item id: \"simple_list_item\" already exists - status_code: 409 + examples: + alreadyExists: + value: + message: | + exception list item id: \"simple_list_item\" already exists + status_code: 409 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 components: x-codegen-enabled: true diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml index 2d266678e900f..067d2629ad04e 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml @@ -58,35 +58,34 @@ paths: items: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItem' examples: - simpleList: + ruleExceptionItems: value: - ruleExceptionItems: - - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - type: simple - name: Sample Exception List Item - description: This is a sample detection type exception item. - entries: - - type: exists - field: actingProcess.file.signer - operator: excluded - - type: match_any - field: host.name - value: [saturn, jupiter] - operator: included - namespace_type: single - os_types: [linux] - tags: [malware] - comments: [] - _version: WzQsMV0= - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: | - 2025-01-07T20:07:33.119Z - created_by: elastic - updated_at: | - 2025-01-07T20:07:33.119Z - updated_by: elastic + - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + type: simple + name: Sample Exception List Item + description: This is a sample detection type exception item. + entries: + - type: exists + field: actingProcess.file.signer + operator: excluded + - type: match_any + field: host.name + value: [saturn, jupiter] + operator: included + namespace_type: single + os_types: [linux] + tags: [malware] + comments: [] + _version: WzQsMV0= + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic 400: description: Invalid input data response content: @@ -95,19 +94,32 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request params]: id: Invalid uuid + badPayload: + value: + statusCode: 400 + error: Bad Request + message: | + Invalid request payload JSON format 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -120,6 +132,11 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 components: schemas: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml index 52c02d4f02205..2f59a3095bff2 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml @@ -66,24 +66,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -108,3 +110,8 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml index fd43402b77a63..6435c71d6920b 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml @@ -87,13 +87,13 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -106,15 +106,20 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml index dcf5d6a1ea754..78591c3b60774 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml @@ -40,6 +40,27 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' + examples: + detectionExceptionList: + value: + id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 + list_id: d6390d60-bce3-4a48-9002-52db600f329c + type: detection + name: Sample Detection Exception List [Duplicate] + description: This is a sample detection type exception + immutable: false + namespace_type: single + os_types: [] + tags: [malware] + version: 1 + _version: WzExNDY1LDFd + tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 + created_at: | + 2025-01-09T16:19:50.280Z + created_by: elastic + updated_at: | + 2025-01-09T16:19:50.280Z + updated_by: elastic 400: description: Invalid input data response content: @@ -48,19 +69,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -90,3 +118,8 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml index e498ee64e87e2..631e0a44c08bd 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml @@ -49,6 +49,12 @@ paths: type: string format: binary description: A `.ndjson` file containing specified exception list and its items + examples: + exportSavedObjectsResponse: + value: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + {"exported_exception_list_count":1,"exported_exception_list_item_count":1,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0} 400: description: Invalid input data response content: @@ -57,19 +63,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request query]: list_id: Required, namespace_type: Required 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -82,6 +95,7 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: notFound: value: message": 'exception list id: "foo" does not exist' @@ -92,3 +106,8 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml index 8c461c4624a0a..e59f427ce9cc9 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml @@ -148,24 +148,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -190,6 +192,11 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 components: schemas: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml index dbeff2915ba7f..cb05bf4fa9289 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml @@ -125,24 +125,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -155,6 +157,11 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 components: schemas: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml index fc4401771c308..6ba524796f8f3 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml @@ -91,7 +91,7 @@ paths: - success_exception_list_items - success_count_exception_list_items examples: - summary: + withoutErrors: value: errors: [] success: true @@ -100,6 +100,26 @@ paths: success_count_exception_lists: 1 success_exception_list_items: true success_count_exception_list_items: 1 + withErrors: + value: + errors: + - error: + status_code: 400 + message: | + Error found importing exception list: Invalid value \"4\" supplied to \"list_id\" + list_id: (unknown list_id) + - error: + status_code: 409 + message: | + Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped. + list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee + item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 + success: false, + success_count: 0, + success_exception_lists: false, + success_count_exception_lists: 0, + success_exception_list_items: false, + success_count_exception_list_items: 0 400: description: Invalid input data response content: @@ -114,13 +134,13 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -133,6 +153,11 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 components: schemas: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml index bc51bbc8bae9c..c77fd1f5f8306 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml @@ -66,24 +66,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -96,14 +98,19 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml index ee9fc55604641..d81e0314ae7c6 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml @@ -62,9 +62,11 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic 400: description: Invalid input data response @@ -74,24 +76,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -104,15 +108,20 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml index 94ed9add46a3c..a67af4999390f 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml @@ -74,24 +74,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -104,14 +106,20 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 + examples: + notFound: + value: + message": | + exception list id: "foo" does not exist + status_code": 404 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml index 361cf2e2240d7..73ae846ed998e 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml @@ -78,9 +78,11 @@ paths: version: 2 _version: WzExLDFd tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f - created_at: 2025-01-07T20:43:55.264Z + created_at: | + 2025-01-07T20:43:55.264Z created_by: elastic - updated_at: 2025-01-07T21:32:03.726Z + updated_at: | + 2025-01-07T21:32:03.726Z updated_by: elastic 400: description: Invalid input data response @@ -90,24 +92,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request body]: list_id: Expected string, received number + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request body]: list_id: Expected string, received number 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -120,14 +124,19 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml index b43055c283e10..ecc32502ba786 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml @@ -109,24 +109,26 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - example: - statusCode: 400 - error: Bad Request - message: | - [request body]: item_id: Expected string, received number + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: | + [request body]: item_id: Expected string, received number 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - statusCode: 401 - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] 403: description: Not enough privileges response content: @@ -139,18 +141,23 @@ paths: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 components: x-codegen-enabled: true diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index 02264bbb41db8..bfc9710a26eb9 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -66,39 +66,38 @@ paths: content: application/json: examples: - simpleList: + ruleExceptionItems: value: - ruleExceptionItems: - - _version: WzQsMV0= - comments: [] - created_at: | - 2025-01-07T20:07:33.119Z - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: | - 2025-01-07T20:07:33.119Z - updated_by: elastic + - _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic schema: items: $ref: '#/components/schemas/ExceptionListItem' @@ -107,6 +106,19 @@ paths: '400': content: application/json: + examples: + badPayload: + value: + error: Bad Request + message: | + Invalid request payload JSON format + statusCode: 400 + badRequest: + value: + error: Bad Request + message: | + [request params]: id: Invalid uuid + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' @@ -115,19 +127,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -138,6 +150,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -201,13 +218,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -215,19 +234,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -250,6 +269,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -312,13 +336,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -326,19 +352,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -349,17 +375,22 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 description: Exception list item not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -522,12 +553,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 schema: - example: - error: Bad Request - message: | - [request body]: list_id: Expected string, received number - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -535,19 +568,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - authenticationFailure: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -558,18 +591,23 @@ paths: '409': content: application/json: + examples: + alreadyExists: + value: + message: | + exception list id: \simple_list\ already exists + status_code: 409 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - alreadyExists: - value: - message: | - exception list id: \simple_list\ already exists - status_code: 409 description: Exception list already exists response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -632,7 +670,8 @@ paths: simpleList: value: _version: WzExLDFd - created_at: 2025-01-07T20:43:55.264Z + created_at: | + 2025-01-07T20:43:55.264Z created_by: elastic description: Different description id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 @@ -645,7 +684,8 @@ paths: - draft malware tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f type: detection - updated_at: 2025-01-07T21:32:03.726Z + updated_at: | + 2025-01-07T21:32:03.726Z updated_by: elastic version: 2 schema: @@ -654,12 +694,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 schema: - example: - error: Bad Request - message: | - [request body]: list_id: Expected string, received number - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -667,19 +709,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -690,17 +732,22 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 description: Exception list not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -742,12 +789,42 @@ paths: '200': content: application/json: + examples: + detectionExceptionList: + value: + _version: WzExNDY1LDFd + created_at: | + 2025-01-09T16:19:50.280Z + created_by: elastic + description: This is a sample detection type exception + id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 + immutable: false + list_id: d6390d60-bce3-4a48-9002-52db600f329c + name: Sample Detection Exception List [Duplicate] + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 + type: detection + updated_at: | + 2025-01-09T16:19:50.280Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type: Invalid enum value. + Expected 'agnostic' | 'single', received 'foo' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' @@ -756,19 +833,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -796,6 +873,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -844,6 +926,28 @@ paths: '200': content: application/ndjson: + examples: + exportSavedObjectsResponse: + value: > + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This + is a sample detection type + exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample + Detection Exception + List","namespace_type":"single","os_types":[],"tags":["user + added string for a + tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This + is a sample endpoint type + exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some + host","another + host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample + Endpoint Exception + List","namespace_type":"single","os_types":["linux"],"tags":["user + added string for a + tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + + {"exported_exception_list_count":1,"exported_exception_list_item_count":1,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0} schema: description: >- A `.ndjson` file containing specified exception list and its @@ -854,6 +958,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: list_id: Required, namespace_type: + Required + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' @@ -862,19 +974,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -885,16 +997,22 @@ paths: '404': content: application/json: - schema: - $ref: '#/components/schemas/SiemErrorResponse' + examples: notFound: value: message": 'exception list id: "foo" does not exist' status_code": 404 + schema: + $ref: '#/components/schemas/SiemErrorResponse' description: Exception list not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1026,13 +1144,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1040,19 +1160,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1063,6 +1183,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1132,7 +1257,31 @@ paths: content: application/json: examples: - summary: + withErrors: + value: + errors: + - error: + message: > + Error found importing exception list: Invalid value + \"4\" supplied to \"list_id\" + status_code: 400 + list_id: (unknown list_id) + - error: + message: > + Found that item_id: + \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already + exists. Import of item_id: + \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped. + status_code: 409 + item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 + list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee + success: false, + success_count: 0, + success_count_exception_list_items: 0 + success_count_exception_lists: 0, + success_exception_list_items: false, + success_exception_lists: false, + withoutErrors: value: errors: [] success: true @@ -1181,19 +1330,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1204,6 +1353,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1293,19 +1447,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1316,18 +1470,23 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 description: Exception list item not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1370,7 +1529,8 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1394,7 +1554,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1402,13 +1563,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1416,19 +1579,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1439,18 +1602,23 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 description: Exception list item not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1738,12 +1906,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request, + message: | + [request body]: list_id: Expected string, received number + statusCode: 400, schema: - example: - error: Bad Request, - message: | - [request body]: list_id: Expected string, received number - statusCode: 400, oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1751,19 +1921,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1774,19 +1944,24 @@ paths: '409': content: application/json: + examples: + alreadyExists: + value: + message: > + exception list item id: \"simple_list_item\" already + exists + status_code: 409 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - alreadyExists: - value: - message: > - exception list item id: \"simple_list_item\" already - exists - status_code: 409 description: Exception list item already exists response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1890,12 +2065,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: item_id: Expected string, received number + statusCode: 400 schema: - example: - error: Bad Request - message: | - [request body]: item_id: Expected string, received number - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1903,19 +2080,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1926,18 +2103,23 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 description: Exception list item not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -2094,13 +2276,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -2108,19 +2292,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -2143,6 +2327,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -2214,13 +2403,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -2228,19 +2419,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -2251,17 +2442,23 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message": | + exception list id: "foo" does not exist + status_code": 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 description: Exception list not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index d18cfcc569d0f..5055a7b15257c 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -66,39 +66,38 @@ paths: content: application/json: examples: - simpleList: + ruleExceptionItems: value: - ruleExceptionItems: - - _version: WzQsMV0= - comments: [] - created_at: | - 2025-01-07T20:07:33.119Z - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: | - 2025-01-07T20:07:33.119Z - updated_by: elastic + - _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic schema: items: $ref: '#/components/schemas/ExceptionListItem' @@ -107,6 +106,19 @@ paths: '400': content: application/json: + examples: + badPayload: + value: + error: Bad Request + message: | + Invalid request payload JSON format + statusCode: 400 + badRequest: + value: + error: Bad Request + message: | + [request params]: id: Invalid uuid + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' @@ -115,19 +127,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -138,6 +150,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -201,13 +218,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -215,19 +234,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -250,6 +269,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -312,13 +336,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -326,19 +352,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -349,17 +375,22 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 description: Exception list item not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -522,12 +553,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 schema: - example: - error: Bad Request - message: | - [request body]: list_id: Expected string, received number - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -535,19 +568,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - authenticationFailure: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -558,18 +591,23 @@ paths: '409': content: application/json: + examples: + alreadyExists: + value: + message: | + exception list id: \simple_list\ already exists + status_code: 409 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - alreadyExists: - value: - message: | - exception list id: \simple_list\ already exists - status_code: 409 description: Exception list already exists response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -632,7 +670,8 @@ paths: simpleList: value: _version: WzExLDFd - created_at: 2025-01-07T20:43:55.264Z + created_at: | + 2025-01-07T20:43:55.264Z created_by: elastic description: Different description id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 @@ -645,7 +684,8 @@ paths: - draft malware tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f type: detection - updated_at: 2025-01-07T21:32:03.726Z + updated_at: | + 2025-01-07T21:32:03.726Z updated_by: elastic version: 2 schema: @@ -654,12 +694,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 schema: - example: - error: Bad Request - message: | - [request body]: list_id: Expected string, received number - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -667,19 +709,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -690,17 +732,22 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 description: Exception list not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -742,12 +789,42 @@ paths: '200': content: application/json: + examples: + detectionExceptionList: + value: + _version: WzExNDY1LDFd + created_at: | + 2025-01-09T16:19:50.280Z + created_by: elastic + description: This is a sample detection type exception + id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 + immutable: false + list_id: d6390d60-bce3-4a48-9002-52db600f329c + name: Sample Detection Exception List [Duplicate] + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 + type: detection + updated_at: | + 2025-01-09T16:19:50.280Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type: Invalid enum value. + Expected 'agnostic' | 'single', received 'foo' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' @@ -756,19 +833,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -796,6 +873,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -844,6 +926,28 @@ paths: '200': content: application/ndjson: + examples: + exportSavedObjectsResponse: + value: > + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This + is a sample detection type + exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample + Detection Exception + List","namespace_type":"single","os_types":[],"tags":["user + added string for a + tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This + is a sample endpoint type + exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some + host","another + host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample + Endpoint Exception + List","namespace_type":"single","os_types":["linux"],"tags":["user + added string for a + tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + + {"exported_exception_list_count":1,"exported_exception_list_item_count":1,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0} schema: description: >- A `.ndjson` file containing specified exception list and its @@ -854,6 +958,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: list_id: Required, namespace_type: + Required + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' @@ -862,19 +974,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -885,16 +997,22 @@ paths: '404': content: application/json: - schema: - $ref: '#/components/schemas/SiemErrorResponse' + examples: notFound: value: message": 'exception list id: "foo" does not exist' status_code": 404 + schema: + $ref: '#/components/schemas/SiemErrorResponse' description: Exception list not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1026,13 +1144,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1040,19 +1160,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1063,6 +1183,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1132,7 +1257,31 @@ paths: content: application/json: examples: - summary: + withErrors: + value: + errors: + - error: + message: > + Error found importing exception list: Invalid value + \"4\" supplied to \"list_id\" + status_code: 400 + list_id: (unknown list_id) + - error: + message: > + Found that item_id: + \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already + exists. Import of item_id: + \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped. + status_code: 409 + item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 + list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee + success: false, + success_count: 0, + success_count_exception_list_items: 0 + success_count_exception_lists: 0, + success_exception_list_items: false, + success_exception_lists: false, + withoutErrors: value: errors: [] success: true @@ -1181,19 +1330,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1204,6 +1353,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1293,19 +1447,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1316,18 +1470,23 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 description: Exception list item not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1370,7 +1529,8 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: 2025-01-07T20:07:33.119Z + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1394,7 +1554,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: 2025-01-07T20:07:33.119Z + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1402,13 +1563,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1416,19 +1579,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1439,18 +1602,23 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 description: Exception list item not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1738,12 +1906,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request, + message: | + [request body]: list_id: Expected string, received number + statusCode: 400, schema: - example: - error: Bad Request, - message: | - [request body]: list_id: Expected string, received number - statusCode: 400, oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1751,19 +1921,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - cannotAuthenticate: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1774,19 +1944,24 @@ paths: '409': content: application/json: + examples: + alreadyExists: + value: + message: > + exception list item id: \"simple_list_item\" already + exists + status_code: 409 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - alreadyExists: - value: - message: > - exception list item id: \"simple_list_item\" already - exists - status_code: 409 description: Exception list item already exists response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -1890,12 +2065,14 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: item_id: Expected string, received number + statusCode: 400 schema: - example: - error: Bad Request - message: | - [request body]: item_id: Expected string, received number - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -1903,19 +2080,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -1926,18 +2103,23 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message: | - exception list item item_id: \"foo\" does not exist - status_code: 404 description: Exception list item not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -2094,13 +2276,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -2108,19 +2292,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -2143,6 +2327,11 @@ paths: '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -2214,13 +2403,15 @@ paths: '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: > + [request query]: namespace_type.0: Invalid enum value. + Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: - example: - error: Bad Request - message: > - [request query]: namespace_type.0: Invalid enum value. - Expected 'agnostic' | 'single', received 'blob' - statusCode: 400 oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' - $ref: '#/components/schemas/SiemErrorResponse' @@ -2228,19 +2419,19 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: > + [security_exception\n\tRoot + causes:\n\t\tsecurity_exception: unable to authenticate + user [elastic] for REST request + [/_security/_authenticate]]: unable to authenticate user + [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' - examples: - unauthorized: - value: - error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] - statusCode: 401 description: Unsuccessful authentication response '403': content: @@ -2251,17 +2442,23 @@ paths: '404': content: application/json: + examples: + notFound: + value: + message": | + exception list id: "foo" does not exist + status_code": 404 schema: $ref: '#/components/schemas/SiemErrorResponse' - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 description: Exception list not found response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml index f2496687b8fb0..fb81c9fea322c 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml @@ -10,6 +10,14 @@ paths: description: Run a shell command on an endpoint. x-codegen-enabled: true x-labels: [ess, serverless] + parameters: + - in: header + name: kbn-xsrf + schema: + type: string + format: string + required: true + default: 123 requestBody: required: true content: From 407e4b5a00901e36d3c81c085f11b91f2b08f125 Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Thu, 9 Jan 2025 09:42:36 -0800 Subject: [PATCH 09/14] removing unnecessary changes --- .../actions/response_actions/execute/execute.schema.yaml | 8 -------- .../services/security_solution_exceptions_api.gen.ts | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml index fb81c9fea322c..f2496687b8fb0 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml @@ -10,14 +10,6 @@ paths: description: Run a shell command on an endpoint. x-codegen-enabled: true x-labels: [ess, serverless] - parameters: - - in: header - name: kbn-xsrf - schema: - type: string - format: string - required: true - default: 123 requestBody: required: true content: diff --git a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts index 33f806fbb4695..e9c26ad55ebf3 100644 --- a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts @@ -166,7 +166,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) .query(props.query); }, /** - * Get a list of all exception list containers. + * Get a list of all exception lists. */ findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { return supertest From 27e756a4cbb71f8d7456ed69b80d62a8a561c2b6 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 9 Jan 2025 17:56:48 +0000 Subject: [PATCH 10/14] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 709 +++++++++++++++++++++++-- oas_docs/output/kibana.yaml | 709 +++++++++++++++++++++++-- 2 files changed, 1332 insertions(+), 86 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index a1b50b51d4e40..3c2473ab53944 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -8393,37 +8393,38 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleList: + ruleExceptionItems: value: - items: - - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic + - _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic schema: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -8432,6 +8433,19 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badPayload: + value: + error: Bad Request + message: | + Invalid request payload JSON format + statusCode: 400 + badRequest: + value: + error: Bad Request + message: | + [request params]: id: Invalid uuid + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8440,6 +8454,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -8452,6 +8473,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10018,7 +10044,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleList: + detectionExceptionList: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -10044,6 +10070,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10052,6 +10085,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10067,7 +10107,8 @@ paths: examples: notFound: value: - message: 'exception list list_id: simple-list does not exist' + message: | + exception list list_id: "foo" does not exist status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -10075,6 +10116,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10138,6 +10184,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10146,6 +10199,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10158,12 +10218,22 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10225,7 +10295,50 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleList: + agnosticExceptionList: + value: + _version: WzUsMV0= + created_at: | + 2025-01-09T01:10:36.369Z + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: | + 2025-01-09T01:10:36.369Z + updated_by: elastic + version: 1 + autogeneratedListId: + value: + _version: WzMsMV0= + created_at: | + 2025-01-09T01:05:23.019Z + created_by: elastic + description: This is a sample detection type exception with an autogenerated list_id. + id: 28243c2f-624a-4443-823d-c0b894880931 + immutable: false + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 + type: detection + updated_at: | + 2025-01-09T01:05:23.020Z + updated_by: elastic + version: 1 + detectionExceptionList: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -10245,12 +10358,41 @@ paths: updated_at: '2025-01-07T19:34:27.942Z' updated_by: elastic version: 1 + endpointExceptionList: + value: + _version: WzQsMV0= + created_at: | + 2025-01-09T01:07:49.658Z + created_by: elastic + description: This is a sample endpoint type exception list. + id: a79f4730-6e32-4278-abfc-349c0add7d54 + immutable: false + list_id: endpoint_list + name: Sample Endpoint Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee + type: endpoint + updated_at: | + 2025-01-09T01:07:49.658Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10259,6 +10401,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10271,12 +10420,23 @@ paths: '409': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + alreadyExists: + value: + message: | + exception list id: \simple_list\ already exists + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10340,7 +10500,8 @@ paths: simpleList: value: _version: WzExLDFd - created_at: '2025-01-07T20:43:55.264Z' + created_at: | + 2025-01-07T20:43:55.264Z created_by: elastic description: Different description id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 @@ -10353,7 +10514,8 @@ paths: - draft malware tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f type: detection - updated_at: '2025-01-07T21:32:03.726Z' + updated_at: | + 2025-01-07T21:32:03.726Z updated_by: elastic version: 2 schema: @@ -10362,6 +10524,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10370,6 +10539,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10382,12 +10558,22 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10428,12 +10614,41 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + detectionExceptionList: + value: + _version: WzExNDY1LDFd + created_at: | + 2025-01-09T16:19:50.280Z + created_by: elastic + description: This is a sample detection type exception + id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 + immutable: false + list_id: d6390d60-bce3-4a48-9002-52db600f329c + name: Sample Detection Exception List [Duplicate] + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 + type: detection + updated_at: | + 2025-01-09T16:19:50.280Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10442,6 +10657,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10471,6 +10693,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10518,6 +10745,12 @@ paths: '200': content: application/ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + value: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + {"exported_exception_list_count":1,"exported_exception_list_item_count":1,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0} schema: description: A `.ndjson` file containing specified exception list and its items format: binary @@ -10526,6 +10759,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: list_id: Required, namespace_type: Required + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10534,6 +10774,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10546,12 +10793,22 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10676,6 +10933,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10684,6 +10948,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10696,6 +10967,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10759,7 +11035,27 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - summary: + withErrors: + value: + errors: + - error: + message: | + Error found importing exception list: Invalid value \"4\" supplied to \"list_id\" + status_code: 400 + list_id: (unknown list_id) + - error: + message: | + Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped. + status_code: 409 + item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 + list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee + success: false, + success_count: 0, + success_count_exception_list_items: 0 + success_count_exception_lists: 0, + success_exception_list_items: false, + success_exception_lists: false, + withoutErrors: value: errors: [] success: true @@ -10808,6 +11104,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10820,6 +11123,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10858,11 +11166,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleListItem: + simpleExceptionItem: value: _version: WzQsMV0= comments: [] - created_at: '2025-01-07T20:07:33.119Z' + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -10886,7 +11195,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: '2025-01-07T20:07:33.119Z' + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -10895,6 +11205,11 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -10902,6 +11217,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10914,12 +11236,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -10961,7 +11294,8 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: '2025-01-07T20:07:33.119Z' + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -10985,7 +11319,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: '2025-01-07T20:07:33.119Z' + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -10993,6 +11328,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11001,6 +11343,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -11013,12 +11362,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -11101,7 +11461,32 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleListItem: + autogeneratedItemId: + value: + _version: WzYsMV0= + comments: [] + created_at: | + 2025-01-09T01:16:23.322Z + created_by: elastic + description: This is a sample exception that has no item_id so it is autogenerated. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 323faa75-c657-4fa0-9084-8827612c207b + item_id: 80e6edf7-4b13-4414-858f-2fa74aa52b37 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Autogenerated Exception List Item ID + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 + type: simple + updated_at: | + 2025-01-09T01:16:23.322Z + updated_by: elastic + detectionExceptionListItem: value: _version: WzQsMV0= comments: [] @@ -11112,6 +11497,54 @@ paths: - field: actingProcess.file.signer operator: excluded type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withExistEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchAnyEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: - field: host.name operator: included type: match_any @@ -11129,7 +11562,97 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: '2025-01-07T20:07:33.119Z' + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: included + type: match + value: Elastic N.V. + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withNestedEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - entries: + - field: signer + operator: included + type: match + value: Evil + - field: trusted + operator: included + type: match + value: true + field: file.signature + type: nested + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withValueListEntry: + value: + _version: WzcsMV0= + comments: [] + created_at: | + 2025-01-09T01:31:12.614Z + created_by: elastic + description: Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list + entries: + - field: source.ip + list: + id: goodguys.txt + type: ip + operator: excluded + type: list + id: deb26876-297d-4677-8a1f-35467d2f1c4f + item_id: 686b129e-9b8d-4c59-8d8d-c93a9ea82c71 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Filter out good guys ip and agent.name rock01 + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 + type: simple + updated_at: | + 2025-01-09T01:31:12.614Z updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -11137,6 +11660,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request, + message: | + [request body]: list_id: Expected string, received number + statusCode: 400, schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11145,6 +11675,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -11157,12 +11694,23 @@ paths: '409': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + alreadyExists: + value: + message: | + exception list item id: \"simple_list_item\" already exists + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -11267,6 +11815,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: item_id: Expected string, received number + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11275,6 +11830,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -11287,12 +11849,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -11446,6 +12019,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11454,6 +12034,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -11466,12 +12053,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: | + exception list list_id: "foo" does not exist + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -11542,6 +12140,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11550,6 +12155,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -11562,12 +12174,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": | + exception list id: "foo" does not exist + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 104090a2b778f..cef378f79ca0b 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -10214,37 +10214,38 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleList: + ruleExceptionItems: value: - items: - - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic + - _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic schema: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -10253,6 +10254,19 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badPayload: + value: + error: Bad Request + message: | + Invalid request payload JSON format + statusCode: 400 + badRequest: + value: + error: Bad Request + message: | + [request params]: id: Invalid uuid + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10261,6 +10275,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -10273,6 +10294,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12180,7 +12206,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleList: + detectionExceptionList: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -12206,6 +12232,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12214,6 +12247,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -12229,7 +12269,8 @@ paths: examples: notFound: value: - message: 'exception list list_id: simple-list does not exist' + message: | + exception list list_id: "foo" does not exist status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -12237,6 +12278,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12299,6 +12345,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12307,6 +12360,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -12319,12 +12379,22 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12385,7 +12455,50 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleList: + agnosticExceptionList: + value: + _version: WzUsMV0= + created_at: | + 2025-01-09T01:10:36.369Z + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: | + 2025-01-09T01:10:36.369Z + updated_by: elastic + version: 1 + autogeneratedListId: + value: + _version: WzMsMV0= + created_at: | + 2025-01-09T01:05:23.019Z + created_by: elastic + description: This is a sample detection type exception with an autogenerated list_id. + id: 28243c2f-624a-4443-823d-c0b894880931 + immutable: false + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 + type: detection + updated_at: | + 2025-01-09T01:05:23.020Z + updated_by: elastic + version: 1 + detectionExceptionList: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -12405,12 +12518,41 @@ paths: updated_at: '2025-01-07T19:34:27.942Z' updated_by: elastic version: 1 + endpointExceptionList: + value: + _version: WzQsMV0= + created_at: | + 2025-01-09T01:07:49.658Z + created_by: elastic + description: This is a sample endpoint type exception list. + id: a79f4730-6e32-4278-abfc-349c0add7d54 + immutable: false + list_id: endpoint_list + name: Sample Endpoint Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee + type: endpoint + updated_at: | + 2025-01-09T01:07:49.658Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12419,6 +12561,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -12431,12 +12580,23 @@ paths: '409': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + alreadyExists: + value: + message: | + exception list id: \simple_list\ already exists + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12499,7 +12659,8 @@ paths: simpleList: value: _version: WzExLDFd - created_at: '2025-01-07T20:43:55.264Z' + created_at: | + 2025-01-07T20:43:55.264Z created_by: elastic description: Different description id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 @@ -12512,7 +12673,8 @@ paths: - draft malware tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f type: detection - updated_at: '2025-01-07T21:32:03.726Z' + updated_at: | + 2025-01-07T21:32:03.726Z updated_by: elastic version: 2 schema: @@ -12521,6 +12683,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: list_id: Expected string, received number + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12529,6 +12698,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -12541,12 +12717,22 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12586,12 +12772,41 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + detectionExceptionList: + value: + _version: WzExNDY1LDFd + created_at: | + 2025-01-09T16:19:50.280Z + created_by: elastic + description: This is a sample detection type exception + id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 + immutable: false + list_id: d6390d60-bce3-4a48-9002-52db600f329c + name: Sample Detection Exception List [Duplicate] + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 + type: detection + updated_at: | + 2025-01-09T16:19:50.280Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12600,6 +12815,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -12629,6 +12851,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12675,6 +12902,12 @@ paths: '200': content: application/ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + value: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + {"exported_exception_list_count":1,"exported_exception_list_item_count":1,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0} schema: description: A `.ndjson` file containing specified exception list and its items format: binary @@ -12683,6 +12916,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: list_id: Required, namespace_type: Required + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12691,6 +12931,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -12703,12 +12950,22 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12832,6 +13089,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12840,6 +13104,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -12852,6 +13123,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12914,7 +13190,27 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - summary: + withErrors: + value: + errors: + - error: + message: | + Error found importing exception list: Invalid value \"4\" supplied to \"list_id\" + status_code: 400 + list_id: (unknown list_id) + - error: + message: | + Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped. + status_code: 409 + item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 + list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee + success: false, + success_count: 0, + success_count_exception_list_items: 0 + success_count_exception_lists: 0, + success_exception_list_items: false, + success_exception_lists: false, + withoutErrors: value: errors: [] success: true @@ -12963,6 +13259,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -12975,6 +13278,11 @@ paths: '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13012,11 +13320,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleListItem: + simpleExceptionItem: value: _version: WzQsMV0= comments: [] - created_at: '2025-01-07T20:07:33.119Z' + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -13040,7 +13349,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: '2025-01-07T20:07:33.119Z' + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -13049,6 +13359,11 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -13056,6 +13371,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -13068,12 +13390,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13114,7 +13447,8 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: '2025-01-07T20:07:33.119Z' + created_at: | + 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -13138,7 +13472,8 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: '2025-01-07T20:07:33.119Z' + updated_at: | + 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -13146,6 +13481,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13154,6 +13496,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -13166,12 +13515,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13253,7 +13613,32 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleListItem: + autogeneratedItemId: + value: + _version: WzYsMV0= + comments: [] + created_at: | + 2025-01-09T01:16:23.322Z + created_by: elastic + description: This is a sample exception that has no item_id so it is autogenerated. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 323faa75-c657-4fa0-9084-8827612c207b + item_id: 80e6edf7-4b13-4414-858f-2fa74aa52b37 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Autogenerated Exception List Item ID + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 + type: simple + updated_at: | + 2025-01-09T01:16:23.322Z + updated_by: elastic + detectionExceptionListItem: value: _version: WzQsMV0= comments: [] @@ -13264,6 +13649,54 @@ paths: - field: actingProcess.file.signer operator: excluded type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withExistEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchAnyEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: - field: host.name operator: included type: match_any @@ -13281,7 +13714,97 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: '2025-01-07T20:07:33.119Z' + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withMatchEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: included + type: match + value: Elastic N.V. + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withNestedEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: | + 2025-01-07T20:07:33.119Z + created_by: elastic + description: This is a sample detection type exception item. + entries: + - entries: + - field: signer + operator: included + type: match + value: Evil + - field: trusted + operator: included + type: match + value: true + field: file.signature + type: nested + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: | + 2025-01-07T20:07:33.119Z + updated_by: elastic + withValueListEntry: + value: + _version: WzcsMV0= + comments: [] + created_at: | + 2025-01-09T01:31:12.614Z + created_by: elastic + description: Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list + entries: + - field: source.ip + list: + id: goodguys.txt + type: ip + operator: excluded + type: list + id: deb26876-297d-4677-8a1f-35467d2f1c4f + item_id: 686b129e-9b8d-4c59-8d8d-c93a9ea82c71 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Filter out good guys ip and agent.name rock01 + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 + type: simple + updated_at: | + 2025-01-09T01:31:12.614Z updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -13289,6 +13812,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request, + message: | + [request body]: list_id: Expected string, received number + statusCode: 400, schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13297,6 +13827,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -13309,12 +13846,23 @@ paths: '409': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + alreadyExists: + value: + message: | + exception list item id: \"simple_list_item\" already exists + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13418,6 +13966,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request body]: item_id: Expected string, received number + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13426,6 +13981,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -13438,12 +14000,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: | + exception list item item_id: \"foo\" does not exist + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13596,6 +14169,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13604,6 +14184,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -13616,12 +14203,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message: | + exception list list_id: "foo" does not exist + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13691,6 +14289,13 @@ paths: '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: | + [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13699,6 +14304,13 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -13711,12 +14323,23 @@ paths: '404': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + notFound: + value: + message": | + exception list id: "foo" does not exist + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response From 0be332dd5139a45d4f8ceb654936ba2746d3bb72 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 9 Jan 2025 18:18:20 +0000 Subject: [PATCH 11/14] [CI] Auto-commit changed files from 'yarn openapi:generate' --- .../services/security_solution_exceptions_api.gen.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts index e9c26ad55ebf3..33f806fbb4695 100644 --- a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts @@ -166,7 +166,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) .query(props.query); }, /** - * Get a list of all exception lists. + * Get a list of all exception list containers. */ findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { return supertest From f7cd1df3700a7c8acd5d3d2f62ce1970af5f5b7e Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Tue, 14 Jan 2025 21:21:30 -0800 Subject: [PATCH 12/14] updating examples --- .../create_exception_list.schema.yaml | 45 +- .../create_exception_list_item.gen.ts | 3 +- .../create_exception_list_item.schema.yaml | 54 +- .../create_rule_exceptions.schema.yaml | 23 +- .../create_shared_exceptions_list.schema.yaml | 53 ++ .../delete_exception_list.gen.ts | 4 +- .../delete_exception_list.schema.yaml | 32 +- .../delete_exception_list_item.gen.ts | 4 +- .../delete_exception_list_item.schema.yaml | 33 +- .../duplicate_exception_list.gen.ts | 5 +- .../duplicate_exception_list.schema.yaml | 30 +- .../export_exception_list.gen.ts | 8 +- .../export_exception_list.schema.yaml | 24 +- .../find_exception_list_items.gen.ts | 6 +- .../find_exception_list_items.schema.yaml | 38 +- .../find_exception_lists.gen.ts | 4 +- .../find_exception_lists.schema.yaml | 63 +- .../import_exceptions.gen.ts | 2 - .../import_exceptions.schema.yaml | 36 +- .../api/model/exception_list_common.gen.ts | 124 ++- .../model/exception_list_common.schema.yaml | 79 +- .../api/quickstart_client.gen.ts | 2 +- .../read_exception_list.gen.ts | 4 +- .../read_exception_list.schema.yaml | 26 +- .../read_exception_list_item.gen.ts | 4 +- .../read_exception_list_item.schema.yaml | 33 +- .../read_exception_list_summary.gen.ts | 4 +- .../read_exception_list_summary.schema.yaml | 29 +- .../update_exception_list.gen.ts | 3 + .../update_exception_list.schema.yaml | 19 +- .../update_exception_list_item.gen.ts | 6 +- .../update_exception_list_item.schema.yaml | 19 +- ...eptions_api_2023_10_31.bundled.schema.yaml | 774 ++++++++++++------ ...eptions_api_2023_10_31.bundled.schema.yaml | 774 ++++++++++++------ .../security_solution_exceptions_api.gen.ts | 4 +- 35 files changed, 1588 insertions(+), 783 deletions(-) diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml index f95e9f24b7bd6..1826d94495dcb 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list/create_exception_list.schema.yaml @@ -10,7 +10,7 @@ paths: x-codegen-enabled: true summary: Create an exception list description: | - An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. + An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. > info > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. requestBody: @@ -62,7 +62,7 @@ paths: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' examples: - detectionExceptionList: + typeDetection: value: id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 list_id: simple_list @@ -76,11 +76,11 @@ paths: version: 1 _version: WzIsMV0= tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - created_at: '2025-01-07T19:34:27.942Z' + created_at: 2025-01-07T19:34:27.942Z created_by: elastic - updated_at: '2025-01-07T19:34:27.942Z' + updated_at: 2025-01-07T19:34:27.942Z updated_by: elastic - endpointExceptionList: + typeEndpoint: value: id: a79f4730-6e32-4278-abfc-349c0add7d54 list_id: endpoint_list @@ -94,13 +94,11 @@ paths: version: 1 _version: WzQsMV0= tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee - created_at: | - 2025-01-09T01:07:49.658Z + created_at: 2025-01-09T01:07:49.658Z created_by: elastic - updated_at: | - 2025-01-09T01:07:49.658Z + updated_at: 2025-01-09T01:07:49.658Z updated_by: elastic - agnosticExceptionList: + namespaceAgnostic: value: id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 @@ -114,11 +112,9 @@ paths: version: 1 _version: WzUsMV0= tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 - created_at: | - 2025-01-09T01:10:36.369Z + created_at: 2025-01-09T01:10:36.369Z created_by: elastic - updated_at: | - 2025-01-09T01:10:36.369Z + updated_at: 2025-01-09T01:10:36.369Z updated_by: elastic autogeneratedListId: value: @@ -134,11 +130,9 @@ paths: version: 1 _version: WzMsMV0= tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 - created_at: | - 2025-01-09T01:05:23.019Z + created_at: 2025-01-09T01:05:23.019Z created_by: elastic - updated_at: | - 2025-01-09T01:05:23.020Z + updated_at: 2025-01-09T01:05:23.020Z updated_by: elastic 400: description: Invalid input data response @@ -153,8 +147,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' 401: description: Unsuccessful authentication response content: @@ -166,14 +159,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [POST /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 409: description: Exception list already exists response content: @@ -183,8 +181,7 @@ paths: examples: alreadyExists: value: - message: | - exception list id: \simple_list\ already exists + message: 'exception list id: "simple_list" already exists' status_code: 409 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen.ts index dba75c11fde83..7f007b0ce30bb 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen.ts @@ -27,6 +27,7 @@ import { ExceptionListItemOsTypeArray, ExceptionListItemTags, ExceptionListItemMeta, + ExceptionListItemExpireTime, ExceptionListItem, } from '../model/exception_list_common.gen'; import { ExceptionListItemEntryArray } from '../model/exception_list_item_entry.gen'; @@ -53,7 +54,7 @@ export const CreateExceptionListItemRequestBody = z.object({ os_types: ExceptionListItemOsTypeArray.optional().default([]), tags: ExceptionListItemTags.optional().default([]), meta: ExceptionListItemMeta.optional(), - expire_time: z.string().datetime().optional(), + expire_time: ExceptionListItemExpireTime.optional(), comments: CreateExceptionListItemCommentArray.optional().default([]), }); export type CreateExceptionListItemRequestBodyInput = z.input< diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml index b78cf358b60cc..e2afedbce5b35 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.schema.yaml @@ -62,8 +62,7 @@ paths: meta: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemMeta' expire_time: - type: string - format: date-time + $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemExpireTime' comments: $ref: '#/components/schemas/CreateExceptionListItemCommentArray' default: [] @@ -121,11 +120,9 @@ paths: comments: [] _version: WzYsMV0= tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 - created_at: | - 2025-01-09T01:16:23.322Z + created_at: 2025-01-09T01:16:23.322Z created_by: elastic - updated_at: | - 2025-01-09T01:16:23.322Z + updated_at: 2025-01-09T01:16:23.322Z updated_by: elastic withMatchAnyEntry: value: @@ -146,11 +143,9 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withMatchEntry: value: @@ -171,11 +166,9 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withNestedEntry: value: @@ -203,11 +196,9 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withExistEntry: value: @@ -227,11 +218,9 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withValueListEntry: value: @@ -254,11 +243,9 @@ paths: comments: [] _version: WzcsMV0= tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 - created_at: | - 2025-01-09T01:31:12.614Z + created_at: 2025-01-09T01:31:12.614Z created_by: elastic - updated_at: | - 2025-01-09T01:31:12.614Z + updated_at: 2025-01-09T01:31:12.614Z updated_by: elastic 400: description: Invalid input data response @@ -273,8 +260,7 @@ paths: value: statusCode: 400, error: Bad Request, - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' 401: description: Unsuccessful authentication response content: @@ -286,14 +272,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [POST /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 409: description: Exception list item already exists response content: @@ -303,8 +294,7 @@ paths: examples: alreadyExists: value: - message: | - exception list item id: \"simple_list_item\" already exists + message: 'exception list item id: \"simple_list_item\" already exists' status_code: 409 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml index 067d2629ad04e..f466f50839ead 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.schema.yaml @@ -17,6 +17,9 @@ paths: description: Detection rule's identifier schema: $ref: '#/components/schemas/RuleId' + examples: + id: + value: 330bdd28-eedf-40e1-bed0-f10176c7f9e0 requestBody: description: Rule exception items. required: true @@ -80,11 +83,9 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic 400: description: Invalid input data response @@ -99,14 +100,12 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request params]: id: Invalid uuid + message: '[request params]: id: Invalid uuid' badPayload: value: statusCode: 400 error: Bad Request - message: | - Invalid request payload JSON format + message: 'Invalid request payload JSON format' 401: description: Unsuccessful authentication response content: @@ -118,14 +117,18 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + message: 'Unable to create exception-list' + status_code: 403 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.schema.yaml index 5ac7e8e78ccbb..221064a285037 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.schema.yaml @@ -27,6 +27,13 @@ paths: required: - name - description + example: + list_id: simple_list + name: Sample Detection Exception List + description: This is a sample detection type exception list. + namespace_type: single + tags: [malware] + os_types: [linux] responses: 200: description: Successful response @@ -34,6 +41,25 @@ paths: application/json: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' + examples: + sharedList: + value: + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + list_id: simple_list + type: detection + name: Sample Detection Exception List + description: This is a sample detection type exception list. + immutable: false + namespace_type: single + os_types: [linux] + tags: [malware] + version: 1 + _version: WzIsMV0= + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic 400: description: Invalid input data response content: @@ -42,27 +68,54 @@ paths: oneOf: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + badRequest: + value: + statusCode: 400 + error: Bad Request + message: '[request body]: list_id: Expected string, received number' 401: description: Unsuccessful authentication response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + unauthorized: + value: + statusCode: 401 + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + message: 'Unable to create exception-list' + status_code: 403 409: description: Exception list already exists response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 500: description: Internal server error response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/SiemErrorResponse' + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen.ts index 0842dc7c74637..9a53ef944f5f8 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen.ts @@ -26,11 +26,11 @@ import { export type DeleteExceptionListRequestQuery = z.infer; export const DeleteExceptionListRequestQuery = z.object({ /** - * Either `id` or `list_id` must be specified + * Exception list's identifier. Either `id` or `list_id` must be specified. */ id: ExceptionListId.optional(), /** - * Either `id` or `list_id` must be specified + * Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. */ list_id: ExceptionListHumanId.optional(), namespace_type: ExceptionNamespaceType.optional().default('single'), diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml index 2f59a3095bff2..0135f0fa86557 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.schema.yaml @@ -14,24 +14,31 @@ paths: - name: id in: query required: false - description: Either `id` or `list_id` must be specified + description: Exception list's identifier. Either `id` or `list_id` must be specified. schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListId' - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - name: list_id in: query required: false - description: Either `id` or `list_id` must be specified + description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' - example: simple_list + examples: + list_id: + value: simple_list + autogeneratedId: + value: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single - example: single + examples: + single: + value: single + agnostic: + value: agnostic responses: 200: description: Successful response @@ -71,8 +78,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'" 401: description: Unsuccessful authentication response content: @@ -84,14 +90,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [DELETE /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 404: description: Exception list not found response content: @@ -101,8 +112,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen.ts index 429568c33f1c6..be7ff9b9279e4 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen.ts @@ -28,11 +28,11 @@ export type DeleteExceptionListItemRequestQuery = z.infer< >; export const DeleteExceptionListItemRequestQuery = z.object({ /** - * Either `id` or `item_id` must be specified + * Exception item's identifier. Either `id` or `item_id` must be specified */ id: ExceptionListItemId.optional(), /** - * Either `id` or `item_id` must be specified + * Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified */ item_id: ExceptionListItemHumanId.optional(), namespace_type: ExceptionNamespaceType.optional().default('single'), diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml index 6435c71d6920b..47853cade34f8 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.schema.yaml @@ -14,24 +14,26 @@ paths: - name: id in: query required: false - description: Either `id` or `item_id` must be specified + description: Exception item's identifier. Either `id` or `item_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemId' - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - name: item_id in: query required: false - description: Either `id` or `item_id` must be specified + description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemHumanId' - example: simple_list_item - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single - example: single + examples: + single: + value: single + agnostic: + value: agnostic responses: 200: description: Successful response @@ -62,11 +64,9 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic 400: description: Invalid input data response @@ -79,8 +79,7 @@ paths: example: statusCode: 400 error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'" 401: description: Unsuccessful authentication response content: @@ -92,14 +91,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [DELETE /api/exception_lists/items?item_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 404: description: Exception list item not found response content: @@ -109,8 +113,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen.ts index d259d37b23487..46ea69aa82d4b 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen.ts @@ -24,13 +24,10 @@ import { export type DuplicateExceptionListRequestQuery = z.infer; export const DuplicateExceptionListRequestQuery = z.object({ - /** - * Exception list's human identifier - */ list_id: ExceptionListHumanId, namespace_type: ExceptionNamespaceType, /** - * Determines whether to include expired exceptions in the exported list + * Determines whether to include expired exceptions in the duplicated list. Expiration date defined by `expire_time`. */ include_expired_exceptions: z.enum(['true', 'false']).default('true'), }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml index 78591c3b60774..6d3ab96bb122f 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.schema.yaml @@ -14,25 +14,27 @@ paths: - name: list_id in: query required: true - description: Exception list's human identifier schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' - example: simple_list - name: namespace_type in: query required: true schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' - example: single + examples: + single: + value: single + agnostic: + value: agnostic - name: include_expired_exceptions in: query required: true - description: Determines whether to include expired exceptions in the exported list + description: Determines whether to include expired exceptions in the duplicated list. Expiration date defined by `expire_time`. schema: type: string enum: ['true', 'false'] default: 'true' - example: true + example: true responses: 200: description: Successful response @@ -55,11 +57,9 @@ paths: version: 1 _version: WzExNDY1LDFd tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 - created_at: | - 2025-01-09T16:19:50.280Z + created_at: 2025-01-09T16:19:50.280Z created_by: elastic - updated_at: | - 2025-01-09T16:19:50.280Z + updated_at: 2025-01-09T16:19:50.280Z updated_by: elastic 400: description: Invalid input data response @@ -74,8 +74,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo' + message: "[request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo'" 401: description: Unsuccessful authentication response content: @@ -87,14 +86,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [POST /api/exception_lists/_duplicate] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 404: description: Exception list not found content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen.ts index 280884c7d749d..f464a458dffb4 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen.ts @@ -24,17 +24,11 @@ import { export type ExportExceptionListRequestQuery = z.infer; export const ExportExceptionListRequestQuery = z.object({ - /** - * Exception list's identifier - */ id: ExceptionListId, - /** - * Exception list's human identifier - */ list_id: ExceptionListHumanId, namespace_type: ExceptionNamespaceType, /** - * Determines whether to include expired exceptions in the exported list + * Determines whether to include expired exceptions in the exported list. Expiration date defined by `expire_time`. */ include_expired_exceptions: z.enum(['true', 'false']).default('true'), }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml index 631e0a44c08bd..fe15640bf2cc3 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/export_exception_list/export_exception_list.schema.yaml @@ -14,27 +14,27 @@ paths: - name: id in: query required: true - description: Exception list's identifier schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListId' - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - name: list_id in: query required: true - description: Exception list's human identifier schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' - example: simple_list - name: namespace_type in: query required: true schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' - example: single + examples: + single: + value: single + agnostic: + value: agnostic - name: include_expired_exceptions in: query required: true - description: Determines whether to include expired exceptions in the exported list + description: Determines whether to include expired exceptions in the exported list. Expiration date defined by `expire_time`. schema: type: string enum: ['true', 'false'] @@ -68,8 +68,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request query]: list_id: Required, namespace_type: Required + message: '[request query]: list_id: Required, namespace_type: Required' 401: description: Unsuccessful authentication response content: @@ -81,14 +80,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [POST /api/exception_lists/_export] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 404: description: Exception list not found response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen.ts index d7606bbccff37..0af303b491fc5 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen.ts @@ -30,7 +30,7 @@ export const FindExceptionListItemsFilter = NonEmptyString; export type FindExceptionListItemsRequestQuery = z.infer; export const FindExceptionListItemsRequestQuery = z.object({ /** - * List's id + * The `list_id`s of the items to fetch. */ list_id: ArrayFromString(ExceptionListHumanId), /** @@ -55,11 +55,11 @@ or available in all spaces (`agnostic` or `single`) */ per_page: z.coerce.number().int().min(0).optional(), /** - * Determines which field is used to sort the results + * Determines which field is used to sort the results. */ sort_field: NonEmptyString.optional(), /** - * Determines the sort order, which can be `desc` or `asc` + * Determines the sort order, which can be `desc` or `asc`. */ sort_order: z.enum(['desc', 'asc']).optional(), }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml index e59f427ce9cc9..640ec9b69efad 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.schema.yaml @@ -14,12 +14,11 @@ paths: - name: list_id in: query required: true - description: List's id + description: The `list_id`s of the items to fetch. schema: type: array items: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' - example: simple_list - name: filter in: query required: false @@ -31,7 +30,9 @@ paths: items: $ref: '#/components/schemas/FindExceptionListItemsFilter' default: [] - example: [exception-list.attributes.name:%My%20item] + examples: + singleFilter: + value: [exception-list.attributes.name:%My%20item] - name: namespace_type in: query required: false @@ -43,13 +44,15 @@ paths: items: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: [single] - example: [single] + examples: + single: + value: [single] - name: search in: query required: false schema: type: string - example: host.name + example: host.name - name: page in: query required: false @@ -57,7 +60,7 @@ paths: schema: type: integer minimum: 0 - example: 1 + example: 1 - name: per_page in: query required: false @@ -65,22 +68,22 @@ paths: schema: type: integer minimum: 0 - example: 20 + example: 20 - name: sort_field in: query required: false - description: Determines which field is used to sort the results + description: Determines which field is used to sort the results. schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' example: 'name' - name: sort_order in: query required: false - description: Determines the sort order, which can be `desc` or `asc` + description: Determines the sort order, which can be `desc` or `asc`. schema: type: string enum: [desc, asc] - example: desc + example: desc responses: 200: description: Successful response @@ -153,8 +156,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'" 401: description: Unsuccessful authentication response content: @@ -166,14 +168,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [GET /api/exception_lists/items/_find?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]' 404: description: Exception list not found response content: @@ -183,8 +190,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen.ts index 82f5de2f5a157..7b1b670a3877b 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen.ts @@ -49,11 +49,11 @@ or available in all spaces (`agnostic` or `single`) */ per_page: z.coerce.number().int().min(1).optional(), /** - * Determines which field is used to sort the results + * Determines which field is used to sort the results. */ sort_field: z.string().optional(), /** - * Determines the sort order, which can be `desc` or `asc` + * Determines the sort order, which can be `desc` or `asc`. */ sort_order: z.enum(['desc', 'asc']).optional(), }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml index cb05bf4fa9289..78d87881e38e2 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.schema.yaml @@ -23,7 +23,6 @@ paths: - `exception-list-agnostic`: Specify an exception list that is shared across spaces. schema: $ref: '#/components/schemas/FindExceptionListsFilter' - example: exception-list.attributes.name:%Detection%20List - name: namespace_type in: query required: false @@ -35,7 +34,11 @@ paths: items: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: [single] - example: single + examples: + single: + value: single + agnostic: + value: agnostic - name: page in: query required: false @@ -43,7 +46,7 @@ paths: schema: type: integer minimum: 1 - example: 1 + example: 1 - name: per_page in: query required: false @@ -51,22 +54,22 @@ paths: schema: type: integer minimum: 1 - example: 20 + example: 20 - name: sort_field in: query required: false - description: Determines which field is used to sort the results + description: Determines which field is used to sort the results. schema: type: string - example: 'name' + example: 'name' - name: sort_order in: query required: false - description: Determines the sort order, which can be `desc` or `asc` + description: Determines the sort order, which can be `desc` or `asc`. schema: type: string enum: [desc, asc] - example: 'desc' + example: 'desc' responses: 200: description: Successful response @@ -98,22 +101,21 @@ paths: value: data: - id: '9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85' - - list_id: 'simple_list' - - type: 'detection' - - name: 'Detection Exception List' - - description: 'This is a sample detection type exception list.' - - immutable: false - - namespace_type: 'single' - - os_types: [] - - tags: - - 'malware' - - version: 1 - - _version: 'WzIsMV0=' - - tie_breaker_id: '78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3' - - created_at: '2025-01-07T19:34:27.942Z' - - created_by: 'elastic' - - updated_at: '2025-01-07T19:34:27.942Z' - - updated_by: 'elastic' + list_id: 'simple_list' + type: 'detection' + name: 'Detection Exception List' + description: 'This is a sample detection type exception list.' + immutable: false + namespace_type: 'single' + os_types: [] + tags: ['malware'] + version: 1 + _version: 'WzIsMV0=' + tie_breaker_id: '78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3' + created_at: 2025-01-07T19:34:27.942Z + created_by: 'elastic' + updated_at: 2025-01-07T19:34:27.942Z + updated_by: 'elastic' page: 1 per_page: 20 total: 1 @@ -130,8 +132,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'" 401: description: Unsuccessful authentication response content: @@ -143,14 +144,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [GET /api/exception_lists/_find?namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]' 500: description: Internal server error response content: @@ -167,3 +173,4 @@ components: schemas: FindExceptionListsFilter: type: string + example: exception-list.attributes.name:%Detection%20List diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen.ts index 738ce79dd97d0..b7da0f541552c 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen.ts @@ -45,8 +45,6 @@ If any exception items have the same `item_id`, those are also overwritten. */ overwrite: BooleanFromString.optional().default(false), - overwrite_exceptions: BooleanFromString.optional().default(false), - overwrite_action_connectors: BooleanFromString.optional().default(false), /** * Determines whether the list being imported will have a new `list_id` generated. Additional `item_id`'s are generated for each exception item. Both the exception diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml index 6ba524796f8f3..c3bd0eb853e0c 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/import_exceptions/import_exceptions.schema.yaml @@ -21,6 +21,9 @@ paths: type: string format: binary description: A `.ndjson` file containing the exception list + example: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} parameters: - name: overwrite in: query @@ -31,21 +34,7 @@ paths: schema: type: boolean default: false - example: false - - name: overwrite_exceptions - in: query - required: false - schema: - type: boolean - default: false - example: false - - name: overwrite_action_connectors - in: query - required: false - schema: - type: boolean - default: false - example: false + example: false - name: as_new_list in: query required: false @@ -56,7 +45,7 @@ paths: schema: type: boolean default: false - example: false + example: false responses: 200: description: Successful response @@ -105,13 +94,11 @@ paths: errors: - error: status_code: 400 - message: | - Error found importing exception list: Invalid value \"4\" supplied to \"list_id\" + message: 'Error found importing exception list: Invalid value \"4\" supplied to \"list_id\"' list_id: (unknown list_id) - error: status_code: 409 - message: | - Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped. + message: 'Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped.' list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 success: false, @@ -139,14 +126,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [POST /api/exception_lists/_import] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 500: description: Internal server error response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/model/exception_list_common.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/model/exception_list_common.gen.ts index 2ee44afa69b9f..1f4e41bdce711 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/model/exception_list_common.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/model/exception_list_common.gen.ts @@ -15,19 +15,26 @@ */ import { z } from '@kbn/zod'; +import { isNonEmptyString } from '@kbn/zod-helpers'; import { NonEmptyString } from '@kbn/openapi-common/schemas/primitives.gen'; import { ExceptionListItemEntryArray } from './exception_list_item_entry.gen'; +/** + * Exception list's identifier. + */ export type ExceptionListId = z.infer; -export const ExceptionListId = NonEmptyString; +export const ExceptionListId = z.string().min(1).superRefine(isNonEmptyString); /** - * Human readable string identifier, e.g. `trusted-linux-processes` + * Exception list's human readable string identifier, e.g. `trusted-linux-processes`. */ export type ExceptionListHumanId = z.infer; -export const ExceptionListHumanId = NonEmptyString; +export const ExceptionListHumanId = z.string().min(1).superRefine(isNonEmptyString); +/** + * The type of exception list to be created. Different list types may denote where they can be utilized. + */ export type ExceptionListType = z.infer; export const ExceptionListType = z.enum([ 'detection', @@ -41,12 +48,21 @@ export const ExceptionListType = z.enum([ export type ExceptionListTypeEnum = typeof ExceptionListType.enum; export const ExceptionListTypeEnum = ExceptionListType.enum; +/** + * The name of the exception list. + */ export type ExceptionListName = z.infer; export const ExceptionListName = z.string(); +/** + * Describes the exception list. + */ export type ExceptionListDescription = z.infer; export const ExceptionListDescription = z.string(); +/** + * Placeholder for metadata about the list container. + */ export type ExceptionListMeta = z.infer; export const ExceptionListMeta = z.object({}).catchall(z.unknown()); @@ -63,17 +79,29 @@ export const ExceptionNamespaceType = z.enum(['agnostic', 'single']); export type ExceptionNamespaceTypeEnum = typeof ExceptionNamespaceType.enum; export const ExceptionNamespaceTypeEnum = ExceptionNamespaceType.enum; +/** + * String array containing words and phrases to help categorize exception containers. + */ export type ExceptionListTags = z.infer; export const ExceptionListTags = z.array(z.string()); +/** + * Use this field to specify the operating system. + */ export type ExceptionListOsType = z.infer; export const ExceptionListOsType = z.enum(['linux', 'macos', 'windows']); export type ExceptionListOsTypeEnum = typeof ExceptionListOsType.enum; export const ExceptionListOsTypeEnum = ExceptionListOsType.enum; +/** + * Use this field to specify the operating system. Only enter one value. + */ export type ExceptionListOsTypeArray = z.infer; export const ExceptionListOsTypeArray = z.array(ExceptionListOsType); +/** + * The document version, automatically increasd on updates. + */ export type ExceptionListVersion = z.infer; export const ExceptionListVersion = z.number().int().min(1); @@ -90,34 +118,70 @@ export const ExceptionList = z.object({ tags: ExceptionListTags.optional(), meta: ExceptionListMeta.optional(), version: ExceptionListVersion, + /** + * The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. + */ _version: z.string().optional(), + /** + * Field used in search to ensure all containers are sorted and returned correctly. + */ tie_breaker_id: z.string(), + /** + * Autogenerated date of object creation. + */ created_at: z.string().datetime(), + /** + * Autogenerated value - user that created object. + */ created_by: z.string(), + /** + * Autogenerated date of last object update. + */ updated_at: z.string().datetime(), + /** + * Autogenerated value - user that last updated object. + */ updated_by: z.string(), }); +/** + * Exception's identifier. + */ export type ExceptionListItemId = z.infer; -export const ExceptionListItemId = NonEmptyString; +export const ExceptionListItemId = z.string().min(1).superRefine(isNonEmptyString); +/** + * Human readable string identifier, e.g. `trusted-linux-processes` + */ export type ExceptionListItemHumanId = z.infer; -export const ExceptionListItemHumanId = NonEmptyString; +export const ExceptionListItemHumanId = z.string().min(1).superRefine(isNonEmptyString); export type ExceptionListItemType = z.infer; export const ExceptionListItemType = z.literal('simple'); +/** + * Exception list name. + */ export type ExceptionListItemName = z.infer; -export const ExceptionListItemName = NonEmptyString; +export const ExceptionListItemName = z.string().min(1).superRefine(isNonEmptyString); +/** + * Describes the exception list. + */ export type ExceptionListItemDescription = z.infer; export const ExceptionListItemDescription = z.string(); export type ExceptionListItemMeta = z.infer; export const ExceptionListItemMeta = z.object({}).catchall(z.unknown()); +/** + * The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + */ +export type ExceptionListItemExpireTime = z.infer; +export const ExceptionListItemExpireTime = z.string().datetime(); + export type ExceptionListItemTags = z.infer; -export const ExceptionListItemTags = z.array(NonEmptyString); +export const ExceptionListItemTags = z.array(z.string().min(1).superRefine(isNonEmptyString)); export type ExceptionListItemOsType = z.infer; export const ExceptionListItemOsType = z.enum(['linux', 'macos', 'windows']); @@ -131,12 +195,24 @@ export type ExceptionListItemComment = z.infer; export const ExceptionListItemComment = z.object({ id: NonEmptyString, comment: NonEmptyString, + /** + * Autogenerated date of object creation. + */ created_at: z.string().datetime(), created_by: NonEmptyString, + /** + * Autogenerated date of last object update. + */ updated_at: z.string().datetime().optional(), updated_by: NonEmptyString.optional(), }); +/** + * Array of comment fields: + +- comment (string): Comments about the exception item. + + */ export type ExceptionListItemCommentArray = z.infer; export const ExceptionListItemCommentArray = z.array(ExceptionListItemComment); @@ -153,13 +229,31 @@ export const ExceptionListItem = z.object({ os_types: ExceptionListItemOsTypeArray.optional(), tags: ExceptionListItemTags.optional(), meta: ExceptionListItemMeta.optional(), - expire_time: z.string().datetime().optional(), + expire_time: ExceptionListItemExpireTime.optional(), comments: ExceptionListItemCommentArray, + /** + * The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. + */ _version: z.string().optional(), + /** + * Field used in search to ensure all containers are sorted and returned correctly. + */ tie_breaker_id: z.string(), + /** + * Autogenerated date of object creation. + */ created_at: z.string().datetime(), + /** + * Autogenerated value - user that created object. + */ created_by: z.string(), + /** + * Autogenerated date of last object update. + */ updated_at: z.string().datetime(), + /** + * Autogenerated value - user that last updated object. + */ updated_by: z.string(), }); @@ -176,11 +270,23 @@ export const ExceptionListSO = z.object({ os_types: ExceptionListItemOsTypeArray.optional(), tags: ExceptionListItemTags.optional(), meta: ExceptionListItemMeta.optional(), - expire_time: z.string().datetime().optional(), + expire_time: ExceptionListItemExpireTime.optional(), comments: ExceptionListItemCommentArray.optional(), version: NonEmptyString.optional(), + /** + * Field used in search to ensure all containers are sorted and returned correctly. + */ tie_breaker_id: z.string(), + /** + * Autogenerated date of object creation. + */ created_at: z.string().datetime(), + /** + * Autogenerated value - user that created object. + */ created_by: z.string(), + /** + * Autogenerated value - user that last updated object. + */ updated_by: z.string(), }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/model/exception_list_common.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/model/exception_list_common.schema.yaml index 8d8cdf82b6d94..e1c2a9088e2a9 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/model/exception_list_common.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/model/exception_list_common.schema.yaml @@ -7,14 +7,22 @@ components: x-codegen-enabled: true schemas: ExceptionListId: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + minLength: 1 + format: nonempty + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 ExceptionListHumanId: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + type: string + minLength: 1 + format: nonempty + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: 'simple_list' ExceptionListType: type: string + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -26,13 +34,18 @@ components: ExceptionListName: type: string + description: The name of the exception list. + example: 'My exception list' ExceptionListDescription: type: string + description: Describes the exception list. + example: 'This list tracks allowlisted values.' ExceptionListMeta: type: object additionalProperties: true + description: Placeholder for metadata about the list container. ExceptionNamespaceType: type: string @@ -50,6 +63,7 @@ components: type: array items: type: string + description: String array containing words and phrases to help categorize exception containers. ExceptionListOsType: type: string @@ -57,15 +71,18 @@ components: - linux - macos - windows + description: Use this field to specify the operating system. ExceptionListOsTypeArray: type: array items: $ref: '#/components/schemas/ExceptionListOsType' + description: Use this field to specify the operating system. Only enter one value. ExceptionListVersion: type: integer minimum: 1 + description: The document version, automatically increasd on updates. ExceptionList: type: object @@ -94,18 +111,24 @@ components: $ref: '#/components/schemas/ExceptionListVersion' _version: type: string + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. tie_breaker_id: type: string + description: Field used in search to ensure all containers are sorted and returned correctly. created_at: type: string format: date-time + description: Autogenerated date of object creation. created_by: type: string + description: Autogenerated value - user that created object. updated_at: type: string format: date-time + description: Autogenerated date of last object update. updated_by: type: string + description: Autogenerated value - user that last updated object. required: - id - list_id @@ -122,29 +145,49 @@ components: - updated_by ExceptionListItemId: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + minLength: 1 + format: nonempty + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 ExceptionListItemHumanId: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + minLength: 1 + format: nonempty + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item ExceptionListItemType: type: string enum: [simple] ExceptionListItemName: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + minLength: 1 + format: nonempty + description: Exception list name. ExceptionListItemDescription: type: string + description: Describes the exception list. ExceptionListItemMeta: type: object additionalProperties: true + ExceptionListItemExpireTime: + type: string + format: date-time + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + ExceptionListItemTags: type: array items: - $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + minLength: 1 + format: nonempty + description: String array containing words and phrases to help categorize exception items. ExceptionListItemOsType: type: string @@ -168,11 +211,13 @@ components: created_at: type: string format: date-time + description: Autogenerated date of object creation. created_by: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' updated_at: type: string format: date-time + description: Autogenerated date of last object update. updated_by: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' required: @@ -183,6 +228,10 @@ components: ExceptionListItemCommentArray: type: array + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/ExceptionListItemComment' @@ -212,24 +261,29 @@ components: meta: $ref: '#/components/schemas/ExceptionListItemMeta' expire_time: - type: string - format: date-time + $ref: '#/components/schemas/ExceptionListItemExpireTime' comments: $ref: '#/components/schemas/ExceptionListItemCommentArray' _version: type: string + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. tie_breaker_id: type: string + description: Field used in search to ensure all containers are sorted and returned correctly. created_at: type: string format: date-time + description: Autogenerated date of object creation. created_by: type: string + description: Autogenerated value - user that created object. updated_at: type: string format: date-time + description: Autogenerated date of last object update. updated_by: type: string + description: Autogenerated value - user that last updated object. required: - id - item_id @@ -273,21 +327,24 @@ components: meta: $ref: '#/components/schemas/ExceptionListItemMeta' expire_time: - type: string - format: date-time + $ref: '#/components/schemas/ExceptionListItemExpireTime' comments: $ref: '#/components/schemas/ExceptionListItemCommentArray' version: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' tie_breaker_id: type: string + description: Field used in search to ensure all containers are sorted and returned correctly. created_at: type: string format: date-time + description: Autogenerated date of object creation. created_by: type: string + description: Autogenerated value - user that created object. updated_by: type: string + description: Autogenerated value - user that last updated object. required: - list_id - list_type diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/quickstart_client.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/quickstart_client.gen.ts index 0495db2d8b2b9..c40635cf22535 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/quickstart_client.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/quickstart_client.gen.ts @@ -97,7 +97,7 @@ export class Client { this.log = options.log; } /** - * An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. + * An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. > info > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen.ts index 87db0f9e75623..f4223e0dce91e 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen.ts @@ -26,11 +26,11 @@ import { export type ReadExceptionListRequestQuery = z.infer; export const ReadExceptionListRequestQuery = z.object({ /** - * Either `id` or `list_id` must be specified + * Exception list's identifier. Either `id` or `list_id` must be specified. */ id: ExceptionListId.optional(), /** - * Either `id` or `list_id` must be specified + * Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. */ list_id: ExceptionListHumanId.optional(), namespace_type: ExceptionNamespaceType.optional().default('single'), diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml index c77fd1f5f8306..5d5e414dfad0e 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list/read_exception_list.schema.yaml @@ -14,24 +14,26 @@ paths: - name: id in: query required: false - description: Either `id` or `list_id` must be specified + description: Exception list's identifier. Either `id` or `list_id` must be specified. schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListId' - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - name: list_id in: query required: false - description: Either `id` or `list_id` must be specified + description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' - example: simple_list - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single - example: single + examples: + single: + value: single + agnostic: + value: agnostic responses: 200: description: Successful response @@ -40,7 +42,7 @@ paths: schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionList' examples: - simpleList: + detectionType: value: id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 list_id: simple_list @@ -71,8 +73,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'" 401: description: Unsuccessful authentication response content: @@ -84,14 +85,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [GET /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]' 404: description: Exception list item not found response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen.ts index 02f6d10558389..2b8d1e8b40733 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen.ts @@ -26,11 +26,11 @@ import { export type ReadExceptionListItemRequestQuery = z.infer; export const ReadExceptionListItemRequestQuery = z.object({ /** - * Either `id` or `item_id` must be specified + * Exception list item's identifier. Either `id` or `item_id` must be specified. */ id: ExceptionListItemId.optional(), /** - * Either `id` or `item_id` must be specified + * Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified. */ item_id: ExceptionListItemHumanId.optional(), namespace_type: ExceptionNamespaceType.optional().default('single'), diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml index d81e0314ae7c6..3b451d5de9e33 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.schema.yaml @@ -14,24 +14,26 @@ paths: - name: id in: query required: false - description: Either `id` or `item_id` must be specified + description: Exception list item's identifier. Either `id` or `item_id` must be specified. schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemId' - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - name: item_id in: query required: false - description: Either `id` or `item_id` must be specified + description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified. schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemHumanId' - example: simple_list_item - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single - example: single + examples: + single: + value: single + agnostic: + value: agnostic responses: 200: description: Successful response @@ -62,11 +64,9 @@ paths: comments: [] _version: WzQsMV0= tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic 400: description: Invalid input data response @@ -81,8 +81,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'" 401: description: Unsuccessful authentication response content: @@ -94,14 +93,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [GET /api/exception_lists/items?item_id=&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read]' 404: description: Exception list item not found response content: @@ -111,8 +115,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen.ts index 8807f4b7e7812..04106c4ac6cf1 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen.ts @@ -27,11 +27,11 @@ export type ReadExceptionListSummaryRequestQuery = z.infer< >; export const ReadExceptionListSummaryRequestQuery = z.object({ /** - * Exception list's identifier generated upon creation + * Exception list's identifier generated upon creation. */ id: ExceptionListId.optional(), /** - * Exception list's human readable identifier + * Exception list's human readable identifier. */ list_id: ExceptionListHumanId.optional(), namespace_type: ExceptionNamespaceType.optional().default('single'), diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml index a67af4999390f..8037c18a14026 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.schema.yaml @@ -14,31 +14,33 @@ paths: - name: id in: query required: false - description: Exception list's identifier generated upon creation + description: Exception list's identifier generated upon creation. schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListId' - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - name: list_id in: query required: false - description: Exception list's human readable identifier + description: Exception list's human readable identifier. schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListHumanId' - example: simple_list - name: namespace_type in: query required: false schema: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionNamespaceType' default: single - example: single + examples: + single: + value: single + agnostic: + value: agnostic - name: filter in: query required: false description: Search filter clause schema: type: string - example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" + example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" responses: 200: description: Successful response @@ -79,8 +81,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: "[request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob'" 401: description: Unsuccessful authentication response content: @@ -92,14 +93,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [GET /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary]' 404: description: Exception list not found response content: @@ -109,8 +115,7 @@ paths: examples: notFound: value: - message": | - exception list id: "foo" does not exist + message": 'exception list id: "foo" does not exist' status_code": 404 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen.ts index fb5fde05dcc85..9063abdc86685 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen.ts @@ -42,6 +42,9 @@ export const UpdateExceptionListRequestBody = z.object({ tags: ExceptionListTags.optional(), meta: ExceptionListMeta.optional(), version: ExceptionListVersion.optional(), + /** + * The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. + */ _version: z.string().optional(), }); export type UpdateExceptionListRequestBodyInput = z.input; diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml index 73ae846ed998e..d62845f48f17d 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list/update_exception_list.schema.yaml @@ -42,6 +42,7 @@ paths: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListVersion' _version: type: string + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. required: - name - description @@ -78,11 +79,9 @@ paths: version: 2 _version: WzExLDFd tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f - created_at: | - 2025-01-07T20:43:55.264Z + created_at: 2025-01-07T20:43:55.264Z created_by: elastic - updated_at: | - 2025-01-07T21:32:03.726Z + updated_at: 2025-01-07T21:32:03.726Z updated_by: elastic 400: description: Invalid input data response @@ -97,8 +96,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' 401: description: Unsuccessful authentication response content: @@ -110,14 +108,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [PUT /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 404: description: Exception list not found response content: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen.ts b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen.ts index 791af5f65e35f..db68f6f03e5de 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen.ts +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen.ts @@ -28,6 +28,7 @@ import { ExceptionListItemOsTypeArray, ExceptionListItemTags, ExceptionListItemMeta, + ExceptionListItemExpireTime, ExceptionListItem, } from '../model/exception_list_common.gen'; import { ExceptionListItemEntryArray } from '../model/exception_list_item_entry.gen'; @@ -62,8 +63,11 @@ export const UpdateExceptionListItemRequestBody = z.object({ os_types: ExceptionListItemOsTypeArray.optional().default([]), tags: ExceptionListItemTags.optional(), meta: ExceptionListItemMeta.optional(), - expire_time: z.string().datetime().optional(), + expire_time: ExceptionListItemExpireTime.optional(), comments: UpdateExceptionListItemCommentArray.optional().default([]), + /** + * The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. + */ _version: z.string().optional(), }); export type UpdateExceptionListItemRequestBodyInput = z.input< diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml index ecc32502ba786..376754f696249 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.schema.yaml @@ -45,13 +45,13 @@ paths: meta: $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemMeta' expire_time: - type: string - format: date-time + $ref: '../model/exception_list_common.schema.yaml#/components/schemas/ExceptionListItemExpireTime' comments: $ref: '#/components/schemas/UpdateExceptionListItemCommentArray' default: [] _version: type: string + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. required: - type - name @@ -114,8 +114,7 @@ paths: value: statusCode: 400 error: Bad Request - message: | - [request body]: item_id: Expected string, received number + message: '[request body]: item_id: Expected string, received number' 401: description: Unsuccessful authentication response content: @@ -127,14 +126,19 @@ paths: value: statusCode: 401 error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' 403: description: Not enough privileges response content: application/json: schema: $ref: '../../../../../../../src/platform/packages/shared/kbn-openapi-common/schemas/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse' + examples: + forbidden: + value: + statusCode: 403 + error: Forbidden + message: 'API [PUT /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]' 404: description: Exception list item not found response content: @@ -144,8 +148,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 500: description: Internal server error response diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index bfc9710a26eb9..32b7141662a7f 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -20,6 +20,9 @@ paths: operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier + examples: + id: + value: 330bdd28-eedf-40e1-bed0-f10176c7f9e0 in: path name: id required: true @@ -70,8 +73,7 @@ paths: value: - _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -95,8 +97,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic schema: items: @@ -110,14 +111,12 @@ paths: badPayload: value: error: Bad Request - message: | - Invalid request payload JSON format + message: Invalid request payload JSON format statusCode: 400 badRequest: value: error: Bad Request - message: | - [request params]: id: Invalid uuid + message: '[request params]: id: Invalid uuid' statusCode: 400 schema: oneOf: @@ -131,7 +130,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -144,6 +143,11 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -166,21 +170,33 @@ paths: description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - - description: Either `id` or `list_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: >- + Exception list's identifier. Either `id` or `list_id` must be + specified. in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - - description: Either `id` or `list_id` must be specified - example: simple_list + - description: >- + Human readable exception list string identifier, e.g. + `trusted-linux-processes`. Either `id` or `list_id` must be + specified. + examples: + autogeneratedId: + value: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + list_id: + value: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -222,7 +238,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -238,7 +254,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -251,6 +267,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [DELETE + /api/exception_lists?list_id=simple_list&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -260,8 +286,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -284,21 +309,28 @@ paths: description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - - description: Either `id` or `list_id` must be specified - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - description: >- + Exception list's identifier. Either `id` or `list_id` must be + specified. in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - - description: Either `id` or `list_id` must be specified - example: simple_list + - description: >- + Human readable exception list string identifier, e.g. + `trusted-linux-processes`. Either `id` or `list_id` must be + specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -310,7 +342,7 @@ paths: content: application/json: examples: - simpleList: + detectionType: value: _version: WzIsMV0= created_at: 2025-01-07T19:34:27.942Z @@ -340,7 +372,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -356,7 +388,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -369,6 +401,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET + /api/exception_lists?list_id=simple_list&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -400,8 +442,8 @@ paths: post: description: > An exception list groups exception items and can be associated with - detection rules. You can assign detection rules with multiple exception - lists. + detection rules. You can assign exception lists to multiple detection + rules. > info @@ -460,33 +502,10 @@ paths: content: application/json: examples: - agnosticExceptionList: - value: - _version: WzUsMV0= - created_at: | - 2025-01-09T01:10:36.369Z - created_by: elastic - description: This is a sample agnostic endpoint type exception. - id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 - immutable: false - list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 - name: Sample Agnostic Endpoint Exception List - namespace_type: agnostic - os_types: - - linux - tags: - - malware - tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 - type: endpoint - updated_at: | - 2025-01-09T01:10:36.369Z - updated_by: elastic - version: 1 autogeneratedListId: value: _version: WzMsMV0= - created_at: | - 2025-01-09T01:05:23.019Z + created_at: 2025-01-09T01:05:23.019Z created_by: elastic description: >- This is a sample detection type exception with an @@ -501,14 +520,33 @@ paths: - malware tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 type: detection - updated_at: | - 2025-01-09T01:05:23.020Z + updated_at: 2025-01-09T01:05:23.020Z updated_by: elastic version: 1 - detectionExceptionList: + namespaceAgnostic: + value: + _version: WzUsMV0= + created_at: 2025-01-09T01:10:36.369Z + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: 2025-01-09T01:10:36.369Z + updated_by: elastic + version: 1 + typeDetection: value: _version: WzIsMV0= - created_at: '2025-01-07T19:34:27.942Z' + created_at: 2025-01-07T19:34:27.942Z created_by: elastic description: This is a sample detection type exception list. id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 @@ -522,14 +560,13 @@ paths: - malware tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 type: detection - updated_at: '2025-01-07T19:34:27.942Z' + updated_at: 2025-01-07T19:34:27.942Z updated_by: elastic version: 1 - endpointExceptionList: + typeEndpoint: value: _version: WzQsMV0= - created_at: | - 2025-01-09T01:07:49.658Z + created_at: 2025-01-09T01:07:49.658Z created_by: elastic description: This is a sample endpoint type exception list. id: a79f4730-6e32-4278-abfc-349c0add7d54 @@ -543,8 +580,7 @@ paths: - malware tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee type: endpoint - updated_at: | - 2025-01-09T01:07:49.658Z + updated_at: 2025-01-09T01:07:49.658Z updated_by: elastic version: 1 schema: @@ -557,8 +593,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -572,12 +607,7 @@ paths: unauthorized: value: error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' @@ -585,6 +615,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists] is unauthorized for user, + this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -594,8 +633,7 @@ paths: examples: alreadyExists: value: - message: | - exception list id: \simple_list\ already exists + message: 'exception list id: "simple_list" already exists' status_code: 409 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -633,6 +671,10 @@ paths: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item + was retrieved. Use it ensure updates are done against the + latest version. type: string description: $ref: '#/components/schemas/ExceptionListDescription' @@ -670,8 +712,7 @@ paths: simpleList: value: _version: WzExLDFd - created_at: | - 2025-01-07T20:43:55.264Z + created_at: 2025-01-07T20:43:55.264Z created_by: elastic description: Different description id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 @@ -684,8 +725,7 @@ paths: - draft malware tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f type: detection - updated_at: | - 2025-01-07T21:32:03.726Z + updated_at: 2025-01-07T21:32:03.726Z updated_by: elastic version: 2 schema: @@ -698,8 +738,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -713,7 +752,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -726,6 +765,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [PUT /api/exception_lists] is unauthorized for user, + this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -759,23 +807,24 @@ paths: description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - - description: Exception list's human identifier - example: simple_list - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: true schema: $ref: '#/components/schemas/ExceptionNamespaceType' - description: >- - Determines whether to include expired exceptions in the exported - list - example: true + Determines whether to include expired exceptions in the duplicated + list. Expiration date defined by `expire_time`. in: query name: include_expired_exceptions required: true @@ -784,6 +833,7 @@ paths: enum: - 'true' - 'false' + example: true type: string responses: '200': @@ -793,8 +843,7 @@ paths: detectionExceptionList: value: _version: WzExNDY1LDFd - created_at: | - 2025-01-09T16:19:50.280Z + created_at: 2025-01-09T16:19:50.280Z created_by: elastic description: This is a sample detection type exception id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 @@ -807,8 +856,7 @@ paths: - malware tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 type: detection - updated_at: | - 2025-01-09T16:19:50.280Z + updated_at: 2025-01-09T16:19:50.280Z updated_by: elastic version: 1 schema: @@ -821,7 +869,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo' statusCode: 400 @@ -837,7 +885,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -850,6 +898,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists/_duplicate] is unauthorized + for user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -889,21 +946,21 @@ paths: description: Export an exception list and its associated items to an NDJSON file. operationId: ExportExceptionList parameters: - - description: Exception list's identifier - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - in: query + - in: query name: id required: true schema: $ref: '#/components/schemas/ExceptionListId' - - description: Exception list's human identifier - example: simple_list - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: true @@ -911,7 +968,7 @@ paths: $ref: '#/components/schemas/ExceptionNamespaceType' - description: >- Determines whether to include expired exceptions in the exported - list + list. Expiration date defined by `expire_time`. example: true in: query name: include_expired_exceptions @@ -962,7 +1019,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: list_id: Required, namespace_type: Required statusCode: 400 @@ -978,7 +1035,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -991,6 +1048,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists/_export] is unauthorized + for user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1037,7 +1103,6 @@ paths: - `exception-list-agnostic`: Specify an exception list that is shared across spaces. - example: exception-list.attributes.name:%Detection%20List in: query name: filter required: false @@ -1048,7 +1113,11 @@ paths: with a Kibana space or available in all spaces (`agnostic` or `single`) - example: single + examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -1059,30 +1128,29 @@ paths: $ref: '#/components/schemas/ExceptionNamespaceType' type: array - description: The page number to return - example: 1 in: query name: page required: false schema: + example: 1 minimum: 1 type: integer - description: The number of exception lists to return per page - example: 20 in: query name: per_page required: false schema: + example: 20 minimum: 1 type: integer - - description: Determines which field is used to sort the results - example: name + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: + example: name type: string - - description: Determines the sort order, which can be `desc` or `asc` - example: desc + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -1090,6 +1158,7 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': @@ -1099,23 +1168,23 @@ paths: simpleLists: value: data: - - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - - list_id: simple_list - - type: detection - - name: Detection Exception List - - description: This is a sample detection type exception list. - - immutable: false - - namespace_type: single - - os_types: [] - - tags: - - malware - - version: 1 - _version: WzIsMV0= - - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - - created_at: '2025-01-07T19:34:27.942Z' - - created_by: elastic - - updated_at: '2025-01-07T19:34:27.942Z' - - updated_by: elastic + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic + version: 1 page: 1 per_page: 20 total: 1 @@ -1148,7 +1217,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -1164,7 +1233,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1177,6 +1246,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET /api/exception_lists/_find?namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1205,26 +1283,12 @@ paths: If any exception items have the same `item_id`, those are also overwritten. - example: false in: query name: overwrite required: false schema: default: false - type: boolean - - example: false - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - example: false - in: query - name: overwrite_action_connectors - required: false - schema: - default: false + example: false type: boolean - description: > Determines whether the list being imported will have a new `list_id` @@ -1234,12 +1298,12 @@ paths: the exception list and its items are overwritten. - example: false in: query name: as_new_list required: false schema: default: false + example: false type: boolean requestBody: content: @@ -1249,6 +1313,24 @@ paths: properties: file: description: A `.ndjson` file containing the exception list + example: > + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This + is a sample detection type + exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample + Detection Exception + List","namespace_type":"single","os_types":[],"tags":["user + added string for a + tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This + is a sample endpoint type + exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some + host","another + host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample + Endpoint Exception + List","namespace_type":"single","os_types":["linux"],"tags":["user + added string for a + tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} format: binary type: string required: true @@ -1261,13 +1343,13 @@ paths: value: errors: - error: - message: > + message: >- Error found importing exception list: Invalid value \"4\" supplied to \"list_id\" status_code: 400 list_id: (unknown list_id) - error: - message: > + message: >- Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: @@ -1334,7 +1416,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1347,6 +1429,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists/_import] is unauthorized + for user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1369,21 +1460,28 @@ paths: description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: >- + Exception item's identifier. Either `id` or `item_id` must be + specified in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - example: simple_list_item + - description: >- + Human readable exception item string identifier, e.g. + `trusted-linux-processes`. Either `id` or `item_id` must be + specified in: query name: item_id required: false schema: $ref: '#/components/schemas/ExceptionListItemHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -1399,8 +1497,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1424,8 +1521,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1436,7 +1532,7 @@ paths: schema: example: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -1451,7 +1547,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1464,6 +1560,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [DELETE + /api/exception_lists/items?item_id=simple_list&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1473,8 +1579,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -1499,21 +1604,28 @@ paths: field. operationId: ReadExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: >- + Exception list item's identifier. Either `id` or `item_id` must be + specified. in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - example: simple_list_item + - description: >- + Human readable exception item string identifier, e.g. + `trusted-linux-processes`. Either `id` or `item_id` must be + specified. in: query name: item_id required: false schema: $ref: '#/components/schemas/ExceptionListItemHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -1529,8 +1641,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1554,8 +1665,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1567,7 +1677,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -1583,7 +1693,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1596,6 +1706,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET + /api/exception_lists/items?item_id=&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1605,8 +1725,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -1669,8 +1788,7 @@ paths: entries: $ref: '#/components/schemas/ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/ExceptionListItemExpireTime' item_id: $ref: '#/components/schemas/ExceptionListItemHumanId' list_id: @@ -1707,8 +1825,7 @@ paths: value: _version: WzYsMV0= comments: [] - created_at: | - 2025-01-09T01:16:23.322Z + created_at: 2025-01-09T01:16:23.322Z created_by: elastic description: >- This is a sample exception that has no item_id so it is @@ -1727,8 +1844,7 @@ paths: - malware tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 type: simple - updated_at: | - 2025-01-09T01:16:23.322Z + updated_at: 2025-01-09T01:16:23.322Z updated_by: elastic detectionExceptionListItem: value: @@ -1758,8 +1874,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1777,15 +1892,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withMatchAnyEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1806,15 +1919,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withMatchEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1833,15 +1944,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withNestedEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1867,15 +1976,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withValueListEntry: value: _version: WzcsMV0= comments: [] - created_at: | - 2025-01-09T01:31:12.614Z + created_at: 2025-01-09T01:31:12.614Z created_by: elastic description: >- Don't signal when agent.name is rock01 and source.ip is in @@ -1897,8 +2004,7 @@ paths: - malware tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 type: simple - updated_at: | - 2025-01-09T01:31:12.614Z + updated_at: 2025-01-09T01:31:12.614Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1910,8 +2016,7 @@ paths: badRequest: value: error: Bad Request, - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400, schema: oneOf: @@ -1925,7 +2030,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1938,6 +2043,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists/items] is unauthorized for + user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1947,7 +2061,7 @@ paths: examples: alreadyExists: value: - message: > + message: >- exception list item id: \"simple_list_item\" already exists status_code: 409 @@ -1991,6 +2105,10 @@ paths: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item + was retrieved. Use it ensure updates are done against the + latest version. type: string comments: $ref: '#/components/schemas/UpdateExceptionListItemCommentArray' @@ -2000,8 +2118,7 @@ paths: entries: $ref: '#/components/schemas/ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/ExceptionListItemExpireTime' id: $ref: '#/components/schemas/ExceptionListItemId' description: Either `id` or `item_id` must be specified @@ -2069,8 +2186,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: item_id: Expected string, received number + message: '[request body]: item_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -2084,7 +2200,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -2097,6 +2213,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [PUT /api/exception_lists/items] is unauthorized for + user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -2106,8 +2231,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -2131,8 +2255,7 @@ paths: description: Get a list of all exception list items in the specified list. operationId: FindExceptionListItems parameters: - - description: List's id - example: simple_list + - description: The `list_id`s of the items to fetch. in: query name: list_id required: true @@ -2145,8 +2268,10 @@ paths: field, using the `:` syntax. - example: - - exception-list.attributes.name:%My%20item + examples: + singleFilter: + value: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -2160,8 +2285,10 @@ paths: with a Kibana space or available in all spaces (`agnostic` or `single`) - example: - - single + examples: + single: + value: + - single in: query name: namespace_type required: false @@ -2171,37 +2298,36 @@ paths: items: $ref: '#/components/schemas/ExceptionNamespaceType' type: array - - example: host.name - in: query + - in: query name: search required: false schema: + example: host.name type: string - description: The page number to return - example: 1 in: query name: page required: false schema: + example: 1 minimum: 0 type: integer - description: The number of exception list items to return per page - example: 20 in: query name: per_page required: false schema: + example: 20 minimum: 0 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - example: desc + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -2209,6 +2335,7 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': @@ -2280,7 +2407,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -2296,7 +2423,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -2309,6 +2436,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET + /api/exception_lists/items/_find?list_id=simple_list&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -2318,8 +2455,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -2343,21 +2479,23 @@ paths: description: Get a summary of the specified exception list. operationId: ReadExceptionListSummary parameters: - - description: Exception list's identifier generated upon creation - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - description: Exception list's identifier generated upon creation. in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - - description: Exception list's human readable identifier - example: simple_list + - description: Exception list's human readable identifier. in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -2365,13 +2503,13 @@ paths: $ref: '#/components/schemas/ExceptionNamespaceType' default: single - description: Search filter clause - example: >- - exception-list-agnostic.attributes.tags:"policy:policy-1" OR - exception-list-agnostic.attributes.tags:"policy:all" in: query name: filter required: false schema: + example: >- + exception-list-agnostic.attributes.tags:"policy:policy-1" OR + exception-list-agnostic.attributes.tags:"policy:all" type: string responses: '200': @@ -2407,7 +2545,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -2423,7 +2561,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -2436,6 +2574,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET + /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-summary] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -2445,8 +2593,7 @@ paths: examples: notFound: value: - message": | - exception list id: "foo" does not exist + message": 'exception list id: "foo" does not exist' status_code": 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -2485,6 +2632,15 @@ paths: content: application/json: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware type: object properties: description: @@ -2499,12 +2655,39 @@ paths: '200': content: application/json: + examples: + sharedList: + value: + _version: WzIsMV0= + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' @@ -2513,24 +2696,45 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response '409': content: application/json: + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Exception list already exists response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -2600,11 +2804,17 @@ components: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item was + retrieved. Use it ensure updates are done against the latest + version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/ExceptionListDescription' @@ -2625,13 +2835,18 @@ components: tags: $ref: '#/components/schemas/ExceptionListTags' tie_breaker_id: + description: >- + Field used in search to ensure all containers are sorted and + returned correctly. type: string type: $ref: '#/components/schemas/ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/ExceptionListVersion' @@ -2650,31 +2865,47 @@ components: - updated_at - updated_by ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string ExceptionListHumanId: - $ref: '#/components/schemas/NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: >- + Exception list's human readable string identifier, e.g. + `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string ExceptionListId: - $ref: '#/components/schemas/NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string ExceptionListItem: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item was + retrieved. Use it ensure updates are done against the latest + version. type: string comments: $ref: '#/components/schemas/ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/ExceptionListItemDescription' entries: $ref: '#/components/schemas/ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/ExceptionListItemExpireTime' id: $ref: '#/components/schemas/ExceptionListItemId' item_id: @@ -2692,13 +2923,18 @@ components: tags: $ref: '#/components/schemas/ExceptionListItemTags' tie_breaker_id: + description: >- + Field used in search to ensure all containers are sorted and + returned correctly. type: string type: $ref: '#/components/schemas/ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -2721,6 +2957,7 @@ components: comment: $ref: '#/components/schemas/NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -2728,6 +2965,7 @@ components: id: $ref: '#/components/schemas/NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -2738,10 +2976,15 @@ components: - created_at - created_by ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/ExceptionListItemComment' type: array ExceptionListItemDescription: + description: Describes the exception list. type: string ExceptionListItemEntry: anyOf: @@ -2883,22 +3126,44 @@ components: - excluded - included type: string + ExceptionListItemExpireTime: + description: >- + The exception item’s expiration date, in ISO format. This field is only + available for regular exception items, not endpoint exceptions. + format: date-time + type: string ExceptionListItemHumanId: - $ref: '#/components/schemas/NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string ExceptionListItemId: - $ref: '#/components/schemas/NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string ExceptionListItemMeta: additionalProperties: true type: object ExceptionListItemName: - $ref: '#/components/schemas/NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/ExceptionListOsType' type: array ExceptionListItemTags: items: - $ref: '#/components/schemas/NonEmptyString' + description: >- + String array containing words and phrases to help categorize exception + items. + format: nonempty + minLength: 1 + type: string type: array ExceptionListItemType: enum: @@ -2906,16 +3171,21 @@ components: type: string ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object ExceptionListName: + description: The name of the exception list. + example: My exception list type: string ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/ExceptionListOsType' type: array @@ -2945,10 +3215,16 @@ components: $ref: '#/components/schemas/ExceptionListsImportBulkError' type: array ExceptionListTags: + description: >- + String array containing words and phrases to help categorize exception + containers. items: type: string type: array ExceptionListType: + description: >- + The type of exception list to be created. Different list types may + denote where they can be utilized. enum: - detection - rule_default @@ -2959,6 +3235,7 @@ components: - endpoint_blocklists type: string ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer ExceptionNamespaceType: @@ -2979,6 +3256,7 @@ components: FindExceptionListItemsFilter: $ref: '#/components/schemas/NonEmptyString' FindExceptionListsFilter: + example: exception-list.attributes.name:%Detection%20List type: string ListId: $ref: '#/components/schemas/NonEmptyString' diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index 5055a7b15257c..ab0c887488760 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -20,6 +20,9 @@ paths: operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier + examples: + id: + value: 330bdd28-eedf-40e1-bed0-f10176c7f9e0 in: path name: id required: true @@ -70,8 +73,7 @@ paths: value: - _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -95,8 +97,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic schema: items: @@ -110,14 +111,12 @@ paths: badPayload: value: error: Bad Request - message: | - Invalid request payload JSON format + message: Invalid request payload JSON format statusCode: 400 badRequest: value: error: Bad Request - message: | - [request params]: id: Invalid uuid + message: '[request params]: id: Invalid uuid' statusCode: 400 schema: oneOf: @@ -131,7 +130,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -144,6 +143,11 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -166,21 +170,33 @@ paths: description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - - description: Either `id` or `list_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: >- + Exception list's identifier. Either `id` or `list_id` must be + specified. in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - - description: Either `id` or `list_id` must be specified - example: simple_list + - description: >- + Human readable exception list string identifier, e.g. + `trusted-linux-processes`. Either `id` or `list_id` must be + specified. + examples: + autogeneratedId: + value: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + list_id: + value: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -222,7 +238,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -238,7 +254,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -251,6 +267,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [DELETE + /api/exception_lists?list_id=simple_list&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -260,8 +286,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -284,21 +309,28 @@ paths: description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - - description: Either `id` or `list_id` must be specified - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - description: >- + Exception list's identifier. Either `id` or `list_id` must be + specified. in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - - description: Either `id` or `list_id` must be specified - example: simple_list + - description: >- + Human readable exception list string identifier, e.g. + `trusted-linux-processes`. Either `id` or `list_id` must be + specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -310,7 +342,7 @@ paths: content: application/json: examples: - simpleList: + detectionType: value: _version: WzIsMV0= created_at: 2025-01-07T19:34:27.942Z @@ -340,7 +372,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -356,7 +388,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -369,6 +401,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET + /api/exception_lists?list_id=simple_list&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -400,8 +442,8 @@ paths: post: description: > An exception list groups exception items and can be associated with - detection rules. You can assign detection rules with multiple exception - lists. + detection rules. You can assign exception lists to multiple detection + rules. > info @@ -460,33 +502,10 @@ paths: content: application/json: examples: - agnosticExceptionList: - value: - _version: WzUsMV0= - created_at: | - 2025-01-09T01:10:36.369Z - created_by: elastic - description: This is a sample agnostic endpoint type exception. - id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 - immutable: false - list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 - name: Sample Agnostic Endpoint Exception List - namespace_type: agnostic - os_types: - - linux - tags: - - malware - tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 - type: endpoint - updated_at: | - 2025-01-09T01:10:36.369Z - updated_by: elastic - version: 1 autogeneratedListId: value: _version: WzMsMV0= - created_at: | - 2025-01-09T01:05:23.019Z + created_at: 2025-01-09T01:05:23.019Z created_by: elastic description: >- This is a sample detection type exception with an @@ -501,14 +520,33 @@ paths: - malware tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 type: detection - updated_at: | - 2025-01-09T01:05:23.020Z + updated_at: 2025-01-09T01:05:23.020Z updated_by: elastic version: 1 - detectionExceptionList: + namespaceAgnostic: + value: + _version: WzUsMV0= + created_at: 2025-01-09T01:10:36.369Z + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: 2025-01-09T01:10:36.369Z + updated_by: elastic + version: 1 + typeDetection: value: _version: WzIsMV0= - created_at: '2025-01-07T19:34:27.942Z' + created_at: 2025-01-07T19:34:27.942Z created_by: elastic description: This is a sample detection type exception list. id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 @@ -522,14 +560,13 @@ paths: - malware tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 type: detection - updated_at: '2025-01-07T19:34:27.942Z' + updated_at: 2025-01-07T19:34:27.942Z updated_by: elastic version: 1 - endpointExceptionList: + typeEndpoint: value: _version: WzQsMV0= - created_at: | - 2025-01-09T01:07:49.658Z + created_at: 2025-01-09T01:07:49.658Z created_by: elastic description: This is a sample endpoint type exception list. id: a79f4730-6e32-4278-abfc-349c0add7d54 @@ -543,8 +580,7 @@ paths: - malware tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee type: endpoint - updated_at: | - 2025-01-09T01:07:49.658Z + updated_at: 2025-01-09T01:07:49.658Z updated_by: elastic version: 1 schema: @@ -557,8 +593,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -572,12 +607,7 @@ paths: unauthorized: value: error: Unauthorized - message: > - [security_exception\n\tRoot - causes:\n\t\tsecurity_exception: unable to authenticate - user [elastic] for REST request - [/_security/_authenticate]]: unable to authenticate user - [elastic] for REST request [/_security/_authenticate] + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' @@ -585,6 +615,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists] is unauthorized for user, + this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -594,8 +633,7 @@ paths: examples: alreadyExists: value: - message: | - exception list id: \simple_list\ already exists + message: 'exception list id: "simple_list" already exists' status_code: 409 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -633,6 +671,10 @@ paths: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item + was retrieved. Use it ensure updates are done against the + latest version. type: string description: $ref: '#/components/schemas/ExceptionListDescription' @@ -670,8 +712,7 @@ paths: simpleList: value: _version: WzExLDFd - created_at: | - 2025-01-07T20:43:55.264Z + created_at: 2025-01-07T20:43:55.264Z created_by: elastic description: Different description id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 @@ -684,8 +725,7 @@ paths: - draft malware tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f type: detection - updated_at: | - 2025-01-07T21:32:03.726Z + updated_at: 2025-01-07T21:32:03.726Z updated_by: elastic version: 2 schema: @@ -698,8 +738,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -713,7 +752,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -726,6 +765,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [PUT /api/exception_lists] is unauthorized for user, + this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -759,23 +807,24 @@ paths: description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - - description: Exception list's human identifier - example: simple_list - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: true schema: $ref: '#/components/schemas/ExceptionNamespaceType' - description: >- - Determines whether to include expired exceptions in the exported - list - example: true + Determines whether to include expired exceptions in the duplicated + list. Expiration date defined by `expire_time`. in: query name: include_expired_exceptions required: true @@ -784,6 +833,7 @@ paths: enum: - 'true' - 'false' + example: true type: string responses: '200': @@ -793,8 +843,7 @@ paths: detectionExceptionList: value: _version: WzExNDY1LDFd - created_at: | - 2025-01-09T16:19:50.280Z + created_at: 2025-01-09T16:19:50.280Z created_by: elastic description: This is a sample detection type exception id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 @@ -807,8 +856,7 @@ paths: - malware tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 type: detection - updated_at: | - 2025-01-09T16:19:50.280Z + updated_at: 2025-01-09T16:19:50.280Z updated_by: elastic version: 1 schema: @@ -821,7 +869,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo' statusCode: 400 @@ -837,7 +885,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -850,6 +898,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists/_duplicate] is unauthorized + for user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -889,21 +946,21 @@ paths: description: Export an exception list and its associated items to an NDJSON file. operationId: ExportExceptionList parameters: - - description: Exception list's identifier - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - in: query + - in: query name: id required: true schema: $ref: '#/components/schemas/ExceptionListId' - - description: Exception list's human identifier - example: simple_list - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: true @@ -911,7 +968,7 @@ paths: $ref: '#/components/schemas/ExceptionNamespaceType' - description: >- Determines whether to include expired exceptions in the exported - list + list. Expiration date defined by `expire_time`. example: true in: query name: include_expired_exceptions @@ -962,7 +1019,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: list_id: Required, namespace_type: Required statusCode: 400 @@ -978,7 +1035,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -991,6 +1048,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists/_export] is unauthorized + for user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1037,7 +1103,6 @@ paths: - `exception-list-agnostic`: Specify an exception list that is shared across spaces. - example: exception-list.attributes.name:%Detection%20List in: query name: filter required: false @@ -1048,7 +1113,11 @@ paths: with a Kibana space or available in all spaces (`agnostic` or `single`) - example: single + examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -1059,30 +1128,29 @@ paths: $ref: '#/components/schemas/ExceptionNamespaceType' type: array - description: The page number to return - example: 1 in: query name: page required: false schema: + example: 1 minimum: 1 type: integer - description: The number of exception lists to return per page - example: 20 in: query name: per_page required: false schema: + example: 20 minimum: 1 type: integer - - description: Determines which field is used to sort the results - example: name + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: + example: name type: string - - description: Determines the sort order, which can be `desc` or `asc` - example: desc + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -1090,6 +1158,7 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': @@ -1099,23 +1168,23 @@ paths: simpleLists: value: data: - - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - - list_id: simple_list - - type: detection - - name: Detection Exception List - - description: This is a sample detection type exception list. - - immutable: false - - namespace_type: single - - os_types: [] - - tags: - - malware - - version: 1 - _version: WzIsMV0= - - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - - created_at: '2025-01-07T19:34:27.942Z' - - created_by: elastic - - updated_at: '2025-01-07T19:34:27.942Z' - - updated_by: elastic + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic + version: 1 page: 1 per_page: 20 total: 1 @@ -1148,7 +1217,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -1164,7 +1233,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1177,6 +1246,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET /api/exception_lists/_find?namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1205,26 +1283,12 @@ paths: If any exception items have the same `item_id`, those are also overwritten. - example: false in: query name: overwrite required: false schema: default: false - type: boolean - - example: false - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - example: false - in: query - name: overwrite_action_connectors - required: false - schema: - default: false + example: false type: boolean - description: > Determines whether the list being imported will have a new `list_id` @@ -1234,12 +1298,12 @@ paths: the exception list and its items are overwritten. - example: false in: query name: as_new_list required: false schema: default: false + example: false type: boolean requestBody: content: @@ -1249,6 +1313,24 @@ paths: properties: file: description: A `.ndjson` file containing the exception list + example: > + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This + is a sample detection type + exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample + Detection Exception + List","namespace_type":"single","os_types":[],"tags":["user + added string for a + tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This + is a sample endpoint type + exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some + host","another + host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample + Endpoint Exception + List","namespace_type":"single","os_types":["linux"],"tags":["user + added string for a + tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} format: binary type: string required: true @@ -1261,13 +1343,13 @@ paths: value: errors: - error: - message: > + message: >- Error found importing exception list: Invalid value \"4\" supplied to \"list_id\" status_code: 400 list_id: (unknown list_id) - error: - message: > + message: >- Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: @@ -1334,7 +1416,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1347,6 +1429,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists/_import] is unauthorized + for user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1369,21 +1460,28 @@ paths: description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: >- + Exception item's identifier. Either `id` or `item_id` must be + specified in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - example: simple_list_item + - description: >- + Human readable exception item string identifier, e.g. + `trusted-linux-processes`. Either `id` or `item_id` must be + specified in: query name: item_id required: false schema: $ref: '#/components/schemas/ExceptionListItemHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -1399,8 +1497,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1424,8 +1521,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1436,7 +1532,7 @@ paths: schema: example: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -1451,7 +1547,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1464,6 +1560,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [DELETE + /api/exception_lists/items?item_id=simple_list&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1473,8 +1579,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -1499,21 +1604,28 @@ paths: field. operationId: ReadExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: >- + Exception list item's identifier. Either `id` or `item_id` must be + specified. in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - example: simple_list_item + - description: >- + Human readable exception item string identifier, e.g. + `trusted-linux-processes`. Either `id` or `item_id` must be + specified. in: query name: item_id required: false schema: $ref: '#/components/schemas/ExceptionListItemHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -1529,8 +1641,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1554,8 +1665,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1567,7 +1677,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -1583,7 +1693,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1596,6 +1706,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET + /api/exception_lists/items?item_id=&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1605,8 +1725,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -1669,8 +1788,7 @@ paths: entries: $ref: '#/components/schemas/ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/ExceptionListItemExpireTime' item_id: $ref: '#/components/schemas/ExceptionListItemHumanId' list_id: @@ -1707,8 +1825,7 @@ paths: value: _version: WzYsMV0= comments: [] - created_at: | - 2025-01-09T01:16:23.322Z + created_at: 2025-01-09T01:16:23.322Z created_by: elastic description: >- This is a sample exception that has no item_id so it is @@ -1727,8 +1844,7 @@ paths: - malware tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 type: simple - updated_at: | - 2025-01-09T01:16:23.322Z + updated_at: 2025-01-09T01:16:23.322Z updated_by: elastic detectionExceptionListItem: value: @@ -1758,8 +1874,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1777,15 +1892,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withMatchAnyEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1806,15 +1919,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withMatchEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1833,15 +1944,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withNestedEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: 2025-01-07T20:07:33.119Z created_by: elastic description: This is a sample detection type exception item. entries: @@ -1867,15 +1976,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: 2025-01-07T20:07:33.119Z updated_by: elastic withValueListEntry: value: _version: WzcsMV0= comments: [] - created_at: | - 2025-01-09T01:31:12.614Z + created_at: 2025-01-09T01:31:12.614Z created_by: elastic description: >- Don't signal when agent.name is rock01 and source.ip is in @@ -1897,8 +2004,7 @@ paths: - malware tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 type: simple - updated_at: | - 2025-01-09T01:31:12.614Z + updated_at: 2025-01-09T01:31:12.614Z updated_by: elastic schema: $ref: '#/components/schemas/ExceptionListItem' @@ -1910,8 +2016,7 @@ paths: badRequest: value: error: Bad Request, - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400, schema: oneOf: @@ -1925,7 +2030,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -1938,6 +2043,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [POST /api/exception_lists/items] is unauthorized for + user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -1947,7 +2061,7 @@ paths: examples: alreadyExists: value: - message: > + message: >- exception list item id: \"simple_list_item\" already exists status_code: 409 @@ -1991,6 +2105,10 @@ paths: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item + was retrieved. Use it ensure updates are done against the + latest version. type: string comments: $ref: '#/components/schemas/UpdateExceptionListItemCommentArray' @@ -2000,8 +2118,7 @@ paths: entries: $ref: '#/components/schemas/ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/ExceptionListItemExpireTime' id: $ref: '#/components/schemas/ExceptionListItemId' description: Either `id` or `item_id` must be specified @@ -2069,8 +2186,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: item_id: Expected string, received number + message: '[request body]: item_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -2084,7 +2200,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -2097,6 +2213,15 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [PUT /api/exception_lists/items] is unauthorized for + user, this action is granted by the Kibana privileges + [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -2106,8 +2231,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -2131,8 +2255,7 @@ paths: description: Get a list of all exception list items in the specified list. operationId: FindExceptionListItems parameters: - - description: List's id - example: simple_list + - description: The `list_id`s of the items to fetch. in: query name: list_id required: true @@ -2145,8 +2268,10 @@ paths: field, using the `:` syntax. - example: - - exception-list.attributes.name:%My%20item + examples: + singleFilter: + value: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -2160,8 +2285,10 @@ paths: with a Kibana space or available in all spaces (`agnostic` or `single`) - example: - - single + examples: + single: + value: + - single in: query name: namespace_type required: false @@ -2171,37 +2298,36 @@ paths: items: $ref: '#/components/schemas/ExceptionNamespaceType' type: array - - example: host.name - in: query + - in: query name: search required: false schema: + example: host.name type: string - description: The page number to return - example: 1 in: query name: page required: false schema: + example: 1 minimum: 0 type: integer - description: The number of exception list items to return per page - example: 20 in: query name: per_page required: false schema: + example: 20 minimum: 0 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - example: desc + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -2209,6 +2335,7 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': @@ -2280,7 +2407,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -2296,7 +2423,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -2309,6 +2436,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET + /api/exception_lists/items/_find?list_id=simple_list&namespace_type=single] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -2318,8 +2455,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -2343,21 +2479,23 @@ paths: description: Get a summary of the specified exception list. operationId: ReadExceptionListSummary parameters: - - description: Exception list's identifier generated upon creation - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - description: Exception list's identifier generated upon creation. in: query name: id required: false schema: $ref: '#/components/schemas/ExceptionListId' - - description: Exception list's human readable identifier - example: simple_list + - description: Exception list's human readable identifier. in: query name: list_id required: false schema: $ref: '#/components/schemas/ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -2365,13 +2503,13 @@ paths: $ref: '#/components/schemas/ExceptionNamespaceType' default: single - description: Search filter clause - example: >- - exception-list-agnostic.attributes.tags:"policy:policy-1" OR - exception-list-agnostic.attributes.tags:"policy:all" in: query name: filter required: false schema: + example: >- + exception-list-agnostic.attributes.tags:"policy:policy-1" OR + exception-list-agnostic.attributes.tags:"policy:all" type: string responses: '200': @@ -2407,7 +2545,7 @@ paths: badRequest: value: error: Bad Request - message: > + message: >- [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' statusCode: 400 @@ -2423,7 +2561,7 @@ paths: unauthorized: value: error: Unauthorized - message: > + message: >- [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request @@ -2436,6 +2574,16 @@ paths: '403': content: application/json: + examples: + forbidden: + value: + error: Forbidden + message: >- + API [GET + /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] + is unauthorized for user, this action is granted by the + Kibana privileges [lists-summary] + statusCode: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response @@ -2445,8 +2593,7 @@ paths: examples: notFound: value: - message": | - exception list id: "foo" does not exist + message": 'exception list id: "foo" does not exist' status_code": 404 schema: $ref: '#/components/schemas/SiemErrorResponse' @@ -2485,6 +2632,15 @@ paths: content: application/json: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware type: object properties: description: @@ -2499,12 +2655,39 @@ paths: '200': content: application/json: + examples: + sharedList: + value: + _version: WzIsMV0= + created_at: 2025-01-07T19:34:27.942Z + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: 2025-01-07T19:34:27.942Z + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/ExceptionList' description: Successful response '400': content: application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/PlatformErrorResponse' @@ -2513,24 +2696,45 @@ paths: '401': content: application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/PlatformErrorResponse' description: Not enough privileges response '409': content: application/json: + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Exception list already exists response '500': content: application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/SiemErrorResponse' description: Internal server error response @@ -2600,11 +2804,17 @@ components: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item was + retrieved. Use it ensure updates are done against the latest + version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/ExceptionListDescription' @@ -2625,13 +2835,18 @@ components: tags: $ref: '#/components/schemas/ExceptionListTags' tie_breaker_id: + description: >- + Field used in search to ensure all containers are sorted and + returned correctly. type: string type: $ref: '#/components/schemas/ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/ExceptionListVersion' @@ -2650,31 +2865,47 @@ components: - updated_at - updated_by ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string ExceptionListHumanId: - $ref: '#/components/schemas/NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: >- + Exception list's human readable string identifier, e.g. + `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string ExceptionListId: - $ref: '#/components/schemas/NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string ExceptionListItem: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item was + retrieved. Use it ensure updates are done against the latest + version. type: string comments: $ref: '#/components/schemas/ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/ExceptionListItemDescription' entries: $ref: '#/components/schemas/ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/ExceptionListItemExpireTime' id: $ref: '#/components/schemas/ExceptionListItemId' item_id: @@ -2692,13 +2923,18 @@ components: tags: $ref: '#/components/schemas/ExceptionListItemTags' tie_breaker_id: + description: >- + Field used in search to ensure all containers are sorted and + returned correctly. type: string type: $ref: '#/components/schemas/ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -2721,6 +2957,7 @@ components: comment: $ref: '#/components/schemas/NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -2728,6 +2965,7 @@ components: id: $ref: '#/components/schemas/NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -2738,10 +2976,15 @@ components: - created_at - created_by ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/ExceptionListItemComment' type: array ExceptionListItemDescription: + description: Describes the exception list. type: string ExceptionListItemEntry: anyOf: @@ -2883,22 +3126,44 @@ components: - excluded - included type: string + ExceptionListItemExpireTime: + description: >- + The exception item’s expiration date, in ISO format. This field is only + available for regular exception items, not endpoint exceptions. + format: date-time + type: string ExceptionListItemHumanId: - $ref: '#/components/schemas/NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string ExceptionListItemId: - $ref: '#/components/schemas/NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string ExceptionListItemMeta: additionalProperties: true type: object ExceptionListItemName: - $ref: '#/components/schemas/NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/ExceptionListOsType' type: array ExceptionListItemTags: items: - $ref: '#/components/schemas/NonEmptyString' + description: >- + String array containing words and phrases to help categorize exception + items. + format: nonempty + minLength: 1 + type: string type: array ExceptionListItemType: enum: @@ -2906,16 +3171,21 @@ components: type: string ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object ExceptionListName: + description: The name of the exception list. + example: My exception list type: string ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/ExceptionListOsType' type: array @@ -2945,10 +3215,16 @@ components: $ref: '#/components/schemas/ExceptionListsImportBulkError' type: array ExceptionListTags: + description: >- + String array containing words and phrases to help categorize exception + containers. items: type: string type: array ExceptionListType: + description: >- + The type of exception list to be created. Different list types may + denote where they can be utilized. enum: - detection - rule_default @@ -2959,6 +3235,7 @@ components: - endpoint_blocklists type: string ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer ExceptionNamespaceType: @@ -2979,6 +3256,7 @@ components: FindExceptionListItemsFilter: $ref: '#/components/schemas/NonEmptyString' FindExceptionListsFilter: + example: exception-list.attributes.name:%Detection%20List type: string ListId: $ref: '#/components/schemas/NonEmptyString' diff --git a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts index e9c26ad55ebf3..6b0d8dad51ef2 100644 --- a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts @@ -47,7 +47,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) return { /** - * An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. + * An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. > info > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. @@ -166,7 +166,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) .query(props.query); }, /** - * Get a list of all exception lists. + * Get a list of all exception list containers. */ findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { return supertest From 8f970ebfc498ac2191ef47aad4d2cde108b900ca Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 15 Jan 2025 05:38:34 +0000 Subject: [PATCH 13/14] [CI] Auto-commit changed files from 'yarn openapi:bundle' --- ...eptions_api_2023_10_31.bundled.schema.yaml | 91 +++++++++++++++++-- ...eptions_api_2023_10_31.bundled.schema.yaml | 91 +++++++++++++++++-- 2 files changed, 164 insertions(+), 18 deletions(-) diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml index 2aac93167d2a9..0dcdfced8b10e 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml @@ -464,11 +464,17 @@ components: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item was + retrieved. Use it ensure updates are done against the latest + version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/ExceptionListDescription' @@ -489,13 +495,18 @@ components: tags: $ref: '#/components/schemas/ExceptionListTags' tie_breaker_id: + description: >- + Field used in search to ensure all containers are sorted and + returned correctly. type: string type: $ref: '#/components/schemas/ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/ExceptionListVersion' @@ -514,31 +525,47 @@ components: - updated_at - updated_by ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string ExceptionListHumanId: - $ref: '#/components/schemas/NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: >- + Exception list's human readable string identifier, e.g. + `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string ExceptionListId: - $ref: '#/components/schemas/NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string ExceptionListItem: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item was + retrieved. Use it ensure updates are done against the latest + version. type: string comments: $ref: '#/components/schemas/ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/ExceptionListItemDescription' entries: $ref: '#/components/schemas/ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/ExceptionListItemExpireTime' id: $ref: '#/components/schemas/ExceptionListItemId' item_id: @@ -556,13 +583,18 @@ components: tags: $ref: '#/components/schemas/ExceptionListItemTags' tie_breaker_id: + description: >- + Field used in search to ensure all containers are sorted and + returned correctly. type: string type: $ref: '#/components/schemas/ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -585,6 +617,7 @@ components: comment: $ref: '#/components/schemas/NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -592,6 +625,7 @@ components: id: $ref: '#/components/schemas/NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -602,10 +636,15 @@ components: - created_at - created_by ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/ExceptionListItemComment' type: array ExceptionListItemDescription: + description: Describes the exception list. type: string ExceptionListItemEntry: anyOf: @@ -747,22 +786,44 @@ components: - excluded - included type: string + ExceptionListItemExpireTime: + description: >- + The exception item’s expiration date, in ISO format. This field is only + available for regular exception items, not endpoint exceptions. + format: date-time + type: string ExceptionListItemHumanId: - $ref: '#/components/schemas/NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string ExceptionListItemId: - $ref: '#/components/schemas/NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string ExceptionListItemMeta: additionalProperties: true type: object ExceptionListItemName: - $ref: '#/components/schemas/NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/ExceptionListOsType' type: array ExceptionListItemTags: items: - $ref: '#/components/schemas/NonEmptyString' + description: >- + String array containing words and phrases to help categorize exception + items. + format: nonempty + minLength: 1 + type: string type: array ExceptionListItemType: enum: @@ -770,24 +831,35 @@ components: type: string ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object ExceptionListName: + description: The name of the exception list. + example: My exception list type: string ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/ExceptionListOsType' type: array ExceptionListTags: + description: >- + String array containing words and phrases to help categorize exception + containers. items: type: string type: array ExceptionListType: + description: >- + The type of exception list to be created. Different list types may + denote where they can be utilized. enum: - detection - rule_default @@ -798,6 +870,7 @@ components: - endpoint_blocklists type: string ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer ExceptionNamespaceType: diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml index 1257b37622add..a472aaf164983 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml @@ -464,11 +464,17 @@ components: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item was + retrieved. Use it ensure updates are done against the latest + version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/ExceptionListDescription' @@ -489,13 +495,18 @@ components: tags: $ref: '#/components/schemas/ExceptionListTags' tie_breaker_id: + description: >- + Field used in search to ensure all containers are sorted and + returned correctly. type: string type: $ref: '#/components/schemas/ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/ExceptionListVersion' @@ -514,31 +525,47 @@ components: - updated_at - updated_by ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string ExceptionListHumanId: - $ref: '#/components/schemas/NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: >- + Exception list's human readable string identifier, e.g. + `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string ExceptionListId: - $ref: '#/components/schemas/NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string ExceptionListItem: type: object properties: _version: + description: >- + The version id, normally returned by the API when the item was + retrieved. Use it ensure updates are done against the latest + version. type: string comments: $ref: '#/components/schemas/ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/ExceptionListItemDescription' entries: $ref: '#/components/schemas/ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/ExceptionListItemExpireTime' id: $ref: '#/components/schemas/ExceptionListItemId' item_id: @@ -556,13 +583,18 @@ components: tags: $ref: '#/components/schemas/ExceptionListItemTags' tie_breaker_id: + description: >- + Field used in search to ensure all containers are sorted and + returned correctly. type: string type: $ref: '#/components/schemas/ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -585,6 +617,7 @@ components: comment: $ref: '#/components/schemas/NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -592,6 +625,7 @@ components: id: $ref: '#/components/schemas/NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -602,10 +636,15 @@ components: - created_at - created_by ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/ExceptionListItemComment' type: array ExceptionListItemDescription: + description: Describes the exception list. type: string ExceptionListItemEntry: anyOf: @@ -747,22 +786,44 @@ components: - excluded - included type: string + ExceptionListItemExpireTime: + description: >- + The exception item’s expiration date, in ISO format. This field is only + available for regular exception items, not endpoint exceptions. + format: date-time + type: string ExceptionListItemHumanId: - $ref: '#/components/schemas/NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string ExceptionListItemId: - $ref: '#/components/schemas/NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string ExceptionListItemMeta: additionalProperties: true type: object ExceptionListItemName: - $ref: '#/components/schemas/NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/ExceptionListOsType' type: array ExceptionListItemTags: items: - $ref: '#/components/schemas/NonEmptyString' + description: >- + String array containing words and phrases to help categorize exception + items. + format: nonempty + minLength: 1 + type: string type: array ExceptionListItemType: enum: @@ -770,24 +831,35 @@ components: type: string ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object ExceptionListName: + description: The name of the exception list. + example: My exception list type: string ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/ExceptionListOsType' type: array ExceptionListTags: + description: >- + String array containing words and phrases to help categorize exception + containers. items: type: string type: array ExceptionListType: + description: >- + The type of exception list to be created. Different list types may + denote where they can be utilized. enum: - detection - rule_default @@ -798,6 +870,7 @@ components: - endpoint_blocklists type: string ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer ExceptionNamespaceType: From b4c42e749e84e8305a10e37d17a8f538c87f3811 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 15 Jan 2025 05:54:30 +0000 Subject: [PATCH 14/14] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 746 ++++++++++++++++--------- oas_docs/output/kibana.yaml | 746 ++++++++++++++++--------- 2 files changed, 946 insertions(+), 546 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 17339956d2aa8..84c0b0486b5b4 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -8347,6 +8347,9 @@ paths: operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier + examples: + id: + value: 330bdd28-eedf-40e1-bed0-f10176c7f9e0 in: path name: id required: true @@ -8397,8 +8400,7 @@ paths: value: - _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -8422,8 +8424,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic schema: items: @@ -8437,14 +8438,12 @@ paths: badPayload: value: error: Bad Request - message: | - Invalid request payload JSON format + message: Invalid request payload JSON format statusCode: 400 badRequest: value: error: Bad Request - message: | - [request params]: id: Invalid uuid + message: '[request params]: id: Invalid uuid' statusCode: 400 schema: oneOf: @@ -8458,8 +8457,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8467,6 +8465,11 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -10039,21 +10042,28 @@ paths: description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - - description: Either `id` or `list_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: Exception list's identifier. Either `id` or `list_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - example: simple_list + - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. + examples: + autogeneratedId: + value: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + list_id: + value: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -10095,8 +10105,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -10110,8 +10119,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10119,6 +10127,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -10128,8 +10142,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -10153,21 +10166,23 @@ paths: description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - - description: Either `id` or `list_id` must be specified - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - description: Exception list's identifier. Either `id` or `list_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - example: simple_list + - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -10179,7 +10194,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleList: + detectionType: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -10209,8 +10224,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -10224,8 +10238,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10233,6 +10246,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -10264,7 +10283,7 @@ paths: x-beta: true post: description: | - An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. + An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. > info > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList @@ -10316,33 +10335,10 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - agnosticExceptionList: - value: - _version: WzUsMV0= - created_at: | - 2025-01-09T01:10:36.369Z - created_by: elastic - description: This is a sample agnostic endpoint type exception. - id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 - immutable: false - list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 - name: Sample Agnostic Endpoint Exception List - namespace_type: agnostic - os_types: - - linux - tags: - - malware - tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 - type: endpoint - updated_at: | - 2025-01-09T01:10:36.369Z - updated_by: elastic - version: 1 autogeneratedListId: value: _version: WzMsMV0= - created_at: | - 2025-01-09T01:05:23.019Z + created_at: '2025-01-09T01:05:23.019Z' created_by: elastic description: This is a sample detection type exception with an autogenerated list_id. id: 28243c2f-624a-4443-823d-c0b894880931 @@ -10355,11 +10351,30 @@ paths: - malware tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 type: detection - updated_at: | - 2025-01-09T01:05:23.020Z + updated_at: '2025-01-09T01:05:23.020Z' updated_by: elastic version: 1 - detectionExceptionList: + namespaceAgnostic: + value: + _version: WzUsMV0= + created_at: '2025-01-09T01:10:36.369Z' + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: '2025-01-09T01:10:36.369Z' + updated_by: elastic + version: 1 + typeDetection: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -10379,11 +10394,10 @@ paths: updated_at: '2025-01-07T19:34:27.942Z' updated_by: elastic version: 1 - endpointExceptionList: + typeEndpoint: value: _version: WzQsMV0= - created_at: | - 2025-01-09T01:07:49.658Z + created_at: '2025-01-09T01:07:49.658Z' created_by: elastic description: This is a sample endpoint type exception list. id: a79f4730-6e32-4278-abfc-349c0add7d54 @@ -10397,8 +10411,7 @@ paths: - malware tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee type: endpoint - updated_at: | - 2025-01-09T01:07:49.658Z + updated_at: '2025-01-09T01:07:49.658Z' updated_by: elastic version: 1 schema: @@ -10411,8 +10424,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -10426,8 +10438,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10435,6 +10446,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -10444,8 +10461,7 @@ paths: examples: alreadyExists: value: - message: | - exception list id: \simple_list\ already exists + message: 'exception list id: "simple_list" already exists' status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -10484,6 +10500,7 @@ paths: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -10521,8 +10538,7 @@ paths: simpleList: value: _version: WzExLDFd - created_at: | - 2025-01-07T20:43:55.264Z + created_at: '2025-01-07T20:43:55.264Z' created_by: elastic description: Different description id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 @@ -10535,8 +10551,7 @@ paths: - draft malware tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f type: detection - updated_at: | - 2025-01-07T21:32:03.726Z + updated_at: '2025-01-07T21:32:03.726Z' updated_by: elastic version: 2 schema: @@ -10549,8 +10564,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -10564,8 +10578,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10573,6 +10586,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -10607,21 +10626,22 @@ paths: description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - - description: Exception list's human identifier - example: simple_list - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list - example: true + - description: Determines whether to include expired exceptions in the duplicated list. Expiration date defined by `expire_time`. in: query name: include_expired_exceptions required: true @@ -10630,6 +10650,7 @@ paths: enum: - 'true' - 'false' + example: true type: string responses: '200': @@ -10639,8 +10660,7 @@ paths: detectionExceptionList: value: _version: WzExNDY1LDFd - created_at: | - 2025-01-09T16:19:50.280Z + created_at: '2025-01-09T16:19:50.280Z' created_by: elastic description: This is a sample detection type exception id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 @@ -10653,8 +10673,7 @@ paths: - malware tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 type: detection - updated_at: | - 2025-01-09T16:19:50.280Z + updated_at: '2025-01-09T16:19:50.280Z' updated_by: elastic version: 1 schema: @@ -10667,8 +10686,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo' + message: '[request query]: namespace_type: Invalid enum value. Expected ''agnostic'' | ''single'', received ''foo''' statusCode: 400 schema: oneOf: @@ -10682,8 +10700,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10691,6 +10708,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_duplicate] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -10731,27 +10754,27 @@ paths: description: Export an exception list and its associated items to an NDJSON file. operationId: ExportExceptionList parameters: - - description: Exception list's identifier - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - in: query + - in: query name: id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human identifier - example: simple_list - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list + - description: Determines whether to include expired exceptions in the exported list. Expiration date defined by `expire_time`. example: true in: query name: include_expired_exceptions @@ -10784,8 +10807,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: list_id: Required, namespace_type: Required + message: '[request query]: list_id: Required, namespace_type: Required' statusCode: 400 schema: oneOf: @@ -10799,8 +10821,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10808,6 +10829,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_export] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -10849,7 +10876,6 @@ paths: - `exception-list`: Specify a space-aware exception list. - `exception-list-agnostic`: Specify an exception list that is shared across spaces. - example: exception-list.attributes.name:%Detection%20List in: query name: filter required: false @@ -10858,7 +10884,11 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) - example: single + examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -10869,30 +10899,29 @@ paths: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - description: The page number to return - example: 1 in: query name: page required: false schema: + example: 1 minimum: 1 type: integer - description: The number of exception lists to return per page - example: 20 in: query name: per_page required: false schema: + example: 20 minimum: 1 type: integer - - description: Determines which field is used to sort the results - example: name + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: + example: name type: string - - description: Determines the sort order, which can be `desc` or `asc` - example: desc + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -10900,6 +10929,7 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': @@ -10909,23 +10939,23 @@ paths: simpleLists: value: data: - - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - - list_id: simple_list - - type: detection - - name: Detection Exception List - - description: This is a sample detection type exception list. - - immutable: false - - namespace_type: single - - os_types: [] - - tags: - - malware - - version: 1 - _version: WzIsMV0= - - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - - created_at: '2025-01-07T19:34:27.942Z' - - created_by: elastic - - updated_at: '2025-01-07T19:34:27.942Z' - - updated_by: elastic + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 page: 1 per_page: 20 total: 1 @@ -10958,8 +10988,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -10973,8 +11002,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10982,6 +11010,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/_find?namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -11008,37 +11042,23 @@ paths: - description: | Determines whether existing exception lists with the same `list_id` are overwritten. If any exception items have the same `item_id`, those are also overwritten. - example: false in: query name: overwrite required: false schema: default: false - type: boolean - - example: false - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - example: false - in: query - name: overwrite_action_connectors - required: false - schema: - default: false + example: false type: boolean - description: | Determines whether the list being imported will have a new `list_id` generated. Additional `item_id`'s are generated for each exception item. Both the exception list and its items are overwritten. - example: false in: query name: as_new_list required: false schema: default: false + example: false type: boolean requestBody: content: @@ -11048,6 +11068,9 @@ paths: properties: file: description: A `.ndjson` file containing the exception list + example: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} format: binary type: string required: true @@ -11060,13 +11083,11 @@ paths: value: errors: - error: - message: | - Error found importing exception list: Invalid value \"4\" supplied to \"list_id\" + message: 'Error found importing exception list: Invalid value \"4\" supplied to \"list_id\"' status_code: 400 list_id: (unknown list_id) - error: - message: | - Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped. + message: 'Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped.' status_code: 409 item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee @@ -11129,8 +11150,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11138,6 +11158,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_import] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -11161,21 +11187,23 @@ paths: description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: Exception item's identifier. Either `id` or `item_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - example: simple_list_item + - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -11191,8 +11219,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -11216,8 +11243,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -11228,8 +11254,7 @@ paths: schema: example: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11242,8 +11267,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11251,6 +11275,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/exception_lists/items?item_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -11260,8 +11290,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -11285,21 +11314,23 @@ paths: description: Get the details of an exception list item using the `id` or `item_id` field. operationId: ReadExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: Exception list item's identifier. Either `id` or `item_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - example: simple_list_item + - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified. in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -11315,8 +11346,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -11340,8 +11370,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -11353,8 +11382,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -11368,8 +11396,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11377,6 +11404,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/items?item_id=&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -11386,8 +11419,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -11448,8 +11480,7 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' item_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: @@ -11486,8 +11517,7 @@ paths: value: _version: WzYsMV0= comments: [] - created_at: | - 2025-01-09T01:16:23.322Z + created_at: '2025-01-09T01:16:23.322Z' created_by: elastic description: This is a sample exception that has no item_id so it is autogenerated. entries: @@ -11504,8 +11534,7 @@ paths: - malware tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 type: simple - updated_at: | - 2025-01-09T01:16:23.322Z + updated_at: '2025-01-09T01:16:23.322Z' updated_by: elastic detectionExceptionListItem: value: @@ -11535,8 +11564,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -11554,15 +11582,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic withMatchAnyEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -11583,15 +11609,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic withMatchEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -11610,15 +11634,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic withNestedEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -11644,15 +11666,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic withValueListEntry: value: _version: WzcsMV0= comments: [] - created_at: | - 2025-01-09T01:31:12.614Z + created_at: '2025-01-09T01:31:12.614Z' created_by: elastic description: Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list entries: @@ -11672,8 +11692,7 @@ paths: - malware tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 type: simple - updated_at: | - 2025-01-09T01:31:12.614Z + updated_at: '2025-01-09T01:31:12.614Z' updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -11685,8 +11704,7 @@ paths: badRequest: value: error: Bad Request, - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400, schema: oneOf: @@ -11700,8 +11718,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11709,6 +11726,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -11718,8 +11741,7 @@ paths: examples: alreadyExists: value: - message: | - exception list item id: \"simple_list_item\" already exists + message: 'exception list item id: \"simple_list_item\" already exists' status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -11762,6 +11784,7 @@ paths: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray' @@ -11771,8 +11794,7 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified @@ -11840,8 +11862,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: item_id: Expected string, received number + message: '[request body]: item_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -11855,8 +11876,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11864,6 +11884,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -11873,8 +11899,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -11899,8 +11924,7 @@ paths: description: Get a list of all exception list items in the specified list. operationId: FindExceptionListItems parameters: - - description: List's id - example: simple_list + - description: The `list_id`s of the items to fetch. in: query name: list_id required: true @@ -11911,8 +11935,10 @@ paths: - description: | Filters the returned results according to the value of the specified field, using the `:` syntax. - example: - - exception-list.attributes.name:%My%20item + examples: + singleFilter: + value: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -11924,8 +11950,10 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) - example: - - single + examples: + single: + value: + - single in: query name: namespace_type required: false @@ -11935,37 +11963,36 @@ paths: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - - example: host.name - in: query + - in: query name: search required: false schema: + example: host.name type: string - description: The page number to return - example: 1 in: query name: page required: false schema: + example: 1 minimum: 0 type: integer - description: The number of exception list items to return per page - example: 20 in: query name: per_page required: false schema: + example: 20 minimum: 0 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - example: desc + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -11973,6 +12000,7 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': @@ -12044,8 +12072,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -12059,8 +12086,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12068,6 +12094,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/items/_find?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -12077,8 +12109,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -12103,21 +12134,23 @@ paths: description: Get a summary of the specified exception list. operationId: ReadExceptionListSummary parameters: - - description: Exception list's identifier generated upon creation - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - description: Exception list's identifier generated upon creation. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier - example: simple_list + - description: Exception list's human readable identifier. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -12125,11 +12158,11 @@ paths: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single - description: Search filter clause - example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" in: query name: filter required: false schema: + example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" type: string responses: '200': @@ -12165,8 +12198,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -12180,8 +12212,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12189,6 +12220,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -12198,8 +12235,7 @@ paths: examples: notFound: value: - message": | - exception list id: "foo" does not exist + message": 'exception list id: "foo" does not exist' status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -12230,6 +12266,15 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware type: object properties: description: @@ -12244,12 +12289,39 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + sharedList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12258,24 +12330,45 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -47199,11 +47292,14 @@ components: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription' @@ -47224,13 +47320,16 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion' @@ -47249,31 +47348,42 @@ components: - updated_at - updated_by Security_Endpoint_Exceptions_API_ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItem: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' item_id: @@ -47291,13 +47401,16 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -47320,6 +47433,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -47327,6 +47441,7 @@ components: id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -47337,10 +47452,15 @@ components: - created_at - created_by Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment' type: array Security_Endpoint_Exceptions_API_ExceptionListItemDescription: + description: Describes the exception list. type: string Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -47482,22 +47602,40 @@ components: - excluded - included type: string + Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime: + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + format: date-time + type: string Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: String array containing words and phrases to help categorize exception items. + format: nonempty + minLength: 1 + type: string type: array Security_Endpoint_Exceptions_API_ExceptionListItemType: enum: @@ -47505,24 +47643,31 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object Security_Endpoint_Exceptions_API_ExceptionListName: + description: The name of the exception list. + example: My exception list type: string Security_Endpoint_Exceptions_API_ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListTags: + description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Endpoint_Exceptions_API_ExceptionListType: + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -47533,6 +47678,7 @@ components: - endpoint_blocklists type: string Security_Endpoint_Exceptions_API_ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Endpoint_Exceptions_API_ExceptionNamespaceType: @@ -48798,11 +48944,14 @@ components: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -48823,13 +48972,16 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' @@ -48848,31 +49000,42 @@ components: - updated_at - updated_by Security_Exceptions_API_ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string Security_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItem: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: @@ -48890,13 +49053,16 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -48919,6 +49085,7 @@ components: comment: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -48926,6 +49093,7 @@ components: id: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -48936,10 +49104,15 @@ components: - created_at - created_by Security_Exceptions_API_ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' type: array Security_Exceptions_API_ExceptionListItemDescription: + description: Describes the exception list. type: string Security_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -49081,22 +49254,40 @@ components: - excluded - included type: string + Security_Exceptions_API_ExceptionListItemExpireTime: + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + format: date-time + type: string Security_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array Security_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: String array containing words and phrases to help categorize exception items. + format: nonempty + minLength: 1 + type: string type: array Security_Exceptions_API_ExceptionListItemType: enum: @@ -49104,16 +49295,21 @@ components: type: string Security_Exceptions_API_ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object Security_Exceptions_API_ExceptionListName: + description: The name of the exception list. + example: My exception list type: string Security_Exceptions_API_ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Exceptions_API_ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array @@ -49143,10 +49339,12 @@ components: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError' type: array Security_Exceptions_API_ExceptionListTags: + description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Exceptions_API_ExceptionListType: + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -49157,6 +49355,7 @@ components: - endpoint_blocklists type: string Security_Exceptions_API_ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Exceptions_API_ExceptionNamespaceType: @@ -49173,6 +49372,7 @@ components: Security_Exceptions_API_FindExceptionListItemsFilter: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_FindExceptionListsFilter: + example: exception-list.attributes.name:%Detection%20List type: string Security_Exceptions_API_ListId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index f800218b25bc6..433e0ae1164fe 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -10168,6 +10168,9 @@ paths: operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier + examples: + id: + value: 330bdd28-eedf-40e1-bed0-f10176c7f9e0 in: path name: id required: true @@ -10218,8 +10221,7 @@ paths: value: - _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -10243,8 +10245,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic schema: items: @@ -10258,14 +10259,12 @@ paths: badPayload: value: error: Bad Request - message: | - Invalid request payload JSON format + message: Invalid request payload JSON format statusCode: 400 badRequest: value: error: Bad Request - message: | - [request params]: id: Invalid uuid + message: '[request params]: id: Invalid uuid' statusCode: 400 schema: oneOf: @@ -10279,8 +10278,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10288,6 +10286,11 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -12200,21 +12203,28 @@ paths: description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - - description: Either `id` or `list_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: Exception list's identifier. Either `id` or `list_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - example: simple_list + - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. + examples: + autogeneratedId: + value: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + list_id: + value: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -12256,8 +12266,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -12271,8 +12280,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12280,6 +12288,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -12289,8 +12303,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -12313,21 +12326,23 @@ paths: description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - - description: Either `id` or `list_id` must be specified - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - description: Exception list's identifier. Either `id` or `list_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - example: simple_list + - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -12339,7 +12354,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - simpleList: + detectionType: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -12369,8 +12384,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -12384,8 +12398,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12393,6 +12406,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -12423,7 +12442,7 @@ paths: - Security Exceptions API post: description: | - An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. + An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. > info > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList @@ -12475,33 +12494,10 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: examples: - agnosticExceptionList: - value: - _version: WzUsMV0= - created_at: | - 2025-01-09T01:10:36.369Z - created_by: elastic - description: This is a sample agnostic endpoint type exception. - id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 - immutable: false - list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 - name: Sample Agnostic Endpoint Exception List - namespace_type: agnostic - os_types: - - linux - tags: - - malware - tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 - type: endpoint - updated_at: | - 2025-01-09T01:10:36.369Z - updated_by: elastic - version: 1 autogeneratedListId: value: _version: WzMsMV0= - created_at: | - 2025-01-09T01:05:23.019Z + created_at: '2025-01-09T01:05:23.019Z' created_by: elastic description: This is a sample detection type exception with an autogenerated list_id. id: 28243c2f-624a-4443-823d-c0b894880931 @@ -12514,11 +12510,30 @@ paths: - malware tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 type: detection - updated_at: | - 2025-01-09T01:05:23.020Z + updated_at: '2025-01-09T01:05:23.020Z' updated_by: elastic version: 1 - detectionExceptionList: + namespaceAgnostic: + value: + _version: WzUsMV0= + created_at: '2025-01-09T01:10:36.369Z' + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: '2025-01-09T01:10:36.369Z' + updated_by: elastic + version: 1 + typeDetection: value: _version: WzIsMV0= created_at: '2025-01-07T19:34:27.942Z' @@ -12538,11 +12553,10 @@ paths: updated_at: '2025-01-07T19:34:27.942Z' updated_by: elastic version: 1 - endpointExceptionList: + typeEndpoint: value: _version: WzQsMV0= - created_at: | - 2025-01-09T01:07:49.658Z + created_at: '2025-01-09T01:07:49.658Z' created_by: elastic description: This is a sample endpoint type exception list. id: a79f4730-6e32-4278-abfc-349c0add7d54 @@ -12556,8 +12570,7 @@ paths: - malware tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee type: endpoint - updated_at: | - 2025-01-09T01:07:49.658Z + updated_at: '2025-01-09T01:07:49.658Z' updated_by: elastic version: 1 schema: @@ -12570,8 +12583,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -12585,8 +12597,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12594,6 +12605,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -12603,8 +12620,7 @@ paths: examples: alreadyExists: value: - message: | - exception list id: \simple_list\ already exists + message: 'exception list id: "simple_list" already exists' status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -12642,6 +12658,7 @@ paths: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -12679,8 +12696,7 @@ paths: simpleList: value: _version: WzExLDFd - created_at: | - 2025-01-07T20:43:55.264Z + created_at: '2025-01-07T20:43:55.264Z' created_by: elastic description: Different description id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 @@ -12693,8 +12709,7 @@ paths: - draft malware tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f type: detection - updated_at: | - 2025-01-07T21:32:03.726Z + updated_at: '2025-01-07T21:32:03.726Z' updated_by: elastic version: 2 schema: @@ -12707,8 +12722,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -12722,8 +12736,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12731,6 +12744,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -12764,21 +12783,22 @@ paths: description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - - description: Exception list's human identifier - example: simple_list - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list - example: true + - description: Determines whether to include expired exceptions in the duplicated list. Expiration date defined by `expire_time`. in: query name: include_expired_exceptions required: true @@ -12787,6 +12807,7 @@ paths: enum: - 'true' - 'false' + example: true type: string responses: '200': @@ -12796,8 +12817,7 @@ paths: detectionExceptionList: value: _version: WzExNDY1LDFd - created_at: | - 2025-01-09T16:19:50.280Z + created_at: '2025-01-09T16:19:50.280Z' created_by: elastic description: This is a sample detection type exception id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 @@ -12810,8 +12830,7 @@ paths: - malware tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 type: detection - updated_at: | - 2025-01-09T16:19:50.280Z + updated_at: '2025-01-09T16:19:50.280Z' updated_by: elastic version: 1 schema: @@ -12824,8 +12843,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo' + message: '[request query]: namespace_type: Invalid enum value. Expected ''agnostic'' | ''single'', received ''foo''' statusCode: 400 schema: oneOf: @@ -12839,8 +12857,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12848,6 +12865,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_duplicate] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -12887,27 +12910,27 @@ paths: description: Export an exception list and its associated items to an NDJSON file. operationId: ExportExceptionList parameters: - - description: Exception list's identifier - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - in: query + - in: query name: id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human identifier - example: simple_list - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list + - description: Determines whether to include expired exceptions in the exported list. Expiration date defined by `expire_time`. example: true in: query name: include_expired_exceptions @@ -12940,8 +12963,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: list_id: Required, namespace_type: Required + message: '[request query]: list_id: Required, namespace_type: Required' statusCode: 400 schema: oneOf: @@ -12955,8 +12977,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12964,6 +12985,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_export] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -13004,7 +13031,6 @@ paths: - `exception-list`: Specify a space-aware exception list. - `exception-list-agnostic`: Specify an exception list that is shared across spaces. - example: exception-list.attributes.name:%Detection%20List in: query name: filter required: false @@ -13013,7 +13039,11 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) - example: single + examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -13024,30 +13054,29 @@ paths: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - description: The page number to return - example: 1 in: query name: page required: false schema: + example: 1 minimum: 1 type: integer - description: The number of exception lists to return per page - example: 20 in: query name: per_page required: false schema: + example: 20 minimum: 1 type: integer - - description: Determines which field is used to sort the results - example: name + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: + example: name type: string - - description: Determines the sort order, which can be `desc` or `asc` - example: desc + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -13055,6 +13084,7 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': @@ -13064,23 +13094,23 @@ paths: simpleLists: value: data: - - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - - list_id: simple_list - - type: detection - - name: Detection Exception List - - description: This is a sample detection type exception list. - - immutable: false - - namespace_type: single - - os_types: [] - - tags: - - malware - - version: 1 - _version: WzIsMV0= - - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - - created_at: '2025-01-07T19:34:27.942Z' - - created_by: elastic - - updated_at: '2025-01-07T19:34:27.942Z' - - updated_by: elastic + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 page: 1 per_page: 20 total: 1 @@ -13113,8 +13143,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -13128,8 +13157,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13137,6 +13165,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/_find?namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -13162,37 +13196,23 @@ paths: - description: | Determines whether existing exception lists with the same `list_id` are overwritten. If any exception items have the same `item_id`, those are also overwritten. - example: false in: query name: overwrite required: false schema: default: false - type: boolean - - example: false - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - example: false - in: query - name: overwrite_action_connectors - required: false - schema: - default: false + example: false type: boolean - description: | Determines whether the list being imported will have a new `list_id` generated. Additional `item_id`'s are generated for each exception item. Both the exception list and its items are overwritten. - example: false in: query name: as_new_list required: false schema: default: false + example: false type: boolean requestBody: content: @@ -13202,6 +13222,9 @@ paths: properties: file: description: A `.ndjson` file containing the exception list + example: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} format: binary type: string required: true @@ -13214,13 +13237,11 @@ paths: value: errors: - error: - message: | - Error found importing exception list: Invalid value \"4\" supplied to \"list_id\" + message: 'Error found importing exception list: Invalid value \"4\" supplied to \"list_id\"' status_code: 400 list_id: (unknown list_id) - error: - message: | - Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped. + message: 'Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped.' status_code: 409 item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee @@ -13283,8 +13304,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13292,6 +13312,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_import] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -13314,21 +13340,23 @@ paths: description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: Exception item's identifier. Either `id` or `item_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - example: simple_list_item + - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -13344,8 +13372,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -13369,8 +13396,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -13381,8 +13407,7 @@ paths: schema: example: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13395,8 +13420,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13404,6 +13428,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/exception_lists/items?item_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -13413,8 +13443,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -13437,21 +13466,23 @@ paths: description: Get the details of an exception list item using the `id` or `item_id` field. operationId: ReadExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + - description: Exception list item's identifier. Either `id` or `item_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - example: simple_list_item + - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified. in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -13467,8 +13498,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -13492,8 +13522,7 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -13505,8 +13534,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -13520,8 +13548,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13529,6 +13556,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/items?item_id=&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -13538,8 +13571,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -13599,8 +13631,7 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' item_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: @@ -13637,8 +13668,7 @@ paths: value: _version: WzYsMV0= comments: [] - created_at: | - 2025-01-09T01:16:23.322Z + created_at: '2025-01-09T01:16:23.322Z' created_by: elastic description: This is a sample exception that has no item_id so it is autogenerated. entries: @@ -13655,8 +13685,7 @@ paths: - malware tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 type: simple - updated_at: | - 2025-01-09T01:16:23.322Z + updated_at: '2025-01-09T01:16:23.322Z' updated_by: elastic detectionExceptionListItem: value: @@ -13686,8 +13715,7 @@ paths: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -13705,15 +13733,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic withMatchAnyEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -13734,15 +13760,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic withMatchEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -13761,15 +13785,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic withNestedEntry: value: _version: WzQsMV0= comments: [] - created_at: | - 2025-01-07T20:07:33.119Z + created_at: '2025-01-07T20:07:33.119Z' created_by: elastic description: This is a sample detection type exception item. entries: @@ -13795,15 +13817,13 @@ paths: - malware tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c type: simple - updated_at: | - 2025-01-07T20:07:33.119Z + updated_at: '2025-01-07T20:07:33.119Z' updated_by: elastic withValueListEntry: value: _version: WzcsMV0= comments: [] - created_at: | - 2025-01-09T01:31:12.614Z + created_at: '2025-01-09T01:31:12.614Z' created_by: elastic description: Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list entries: @@ -13823,8 +13843,7 @@ paths: - malware tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 type: simple - updated_at: | - 2025-01-09T01:31:12.614Z + updated_at: '2025-01-09T01:31:12.614Z' updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -13836,8 +13855,7 @@ paths: badRequest: value: error: Bad Request, - message: | - [request body]: list_id: Expected string, received number + message: '[request body]: list_id: Expected string, received number' statusCode: 400, schema: oneOf: @@ -13851,8 +13869,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13860,6 +13877,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -13869,8 +13892,7 @@ paths: examples: alreadyExists: value: - message: | - exception list item id: \"simple_list_item\" already exists + message: 'exception list item id: \"simple_list_item\" already exists' status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -13912,6 +13934,7 @@ paths: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray' @@ -13921,8 +13944,7 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified @@ -13990,8 +14012,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request body]: item_id: Expected string, received number + message: '[request body]: item_id: Expected string, received number' statusCode: 400 schema: oneOf: @@ -14005,8 +14026,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14014,6 +14034,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -14023,8 +14049,7 @@ paths: examples: notFound: value: - message: | - exception list item item_id: \"foo\" does not exist + message: 'exception list item item_id: \"foo\" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -14048,8 +14073,7 @@ paths: description: Get a list of all exception list items in the specified list. operationId: FindExceptionListItems parameters: - - description: List's id - example: simple_list + - description: The `list_id`s of the items to fetch. in: query name: list_id required: true @@ -14060,8 +14084,10 @@ paths: - description: | Filters the returned results according to the value of the specified field, using the `:` syntax. - example: - - exception-list.attributes.name:%My%20item + examples: + singleFilter: + value: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -14073,8 +14099,10 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) - example: - - single + examples: + single: + value: + - single in: query name: namespace_type required: false @@ -14084,37 +14112,36 @@ paths: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - - example: host.name - in: query + - in: query name: search required: false schema: + example: host.name type: string - description: The page number to return - example: 1 in: query name: page required: false schema: + example: 1 minimum: 0 type: integer - description: The number of exception list items to return per page - example: 20 in: query name: per_page required: false schema: + example: 20 minimum: 0 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - example: desc + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -14122,6 +14149,7 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': @@ -14193,8 +14221,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -14208,8 +14235,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14217,6 +14243,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/items/_find?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -14226,8 +14258,7 @@ paths: examples: notFound: value: - message: | - exception list list_id: "foo" does not exist + message: 'exception list list_id: "foo" does not exist' status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -14251,21 +14282,23 @@ paths: description: Get a summary of the specified exception list. operationId: ReadExceptionListSummary parameters: - - description: Exception list's identifier generated upon creation - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + - description: Exception list's identifier generated upon creation. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier - example: simple_list + - description: Exception list's human readable identifier. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - example: single + - examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -14273,11 +14306,11 @@ paths: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single - description: Search filter clause - example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" in: query name: filter required: false schema: + example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" type: string responses: '200': @@ -14313,8 +14346,7 @@ paths: badRequest: value: error: Bad Request - message: | - [request query]: namespace_type.0: Invalid enum value. Expected 'agnostic' | 'single', received 'blob' + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: oneOf: @@ -14328,8 +14360,7 @@ paths: unauthorized: value: error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14337,6 +14368,12 @@ paths: '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response @@ -14346,8 +14383,7 @@ paths: examples: notFound: value: - message": | - exception list id: "foo" does not exist + message": 'exception list id: "foo" does not exist' status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -14377,6 +14413,15 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware type: object properties: description: @@ -14391,12 +14436,39 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + sharedList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14405,24 +14477,45 @@ paths: '401': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -54074,11 +54167,14 @@ components: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription' @@ -54099,13 +54195,16 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion' @@ -54124,31 +54223,42 @@ components: - updated_at - updated_by Security_Endpoint_Exceptions_API_ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItem: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' item_id: @@ -54166,13 +54276,16 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -54195,6 +54308,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -54202,6 +54316,7 @@ components: id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -54212,10 +54327,15 @@ components: - created_at - created_by Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment' type: array Security_Endpoint_Exceptions_API_ExceptionListItemDescription: + description: Describes the exception list. type: string Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -54357,22 +54477,40 @@ components: - excluded - included type: string + Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime: + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + format: date-time + type: string Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: String array containing words and phrases to help categorize exception items. + format: nonempty + minLength: 1 + type: string type: array Security_Endpoint_Exceptions_API_ExceptionListItemType: enum: @@ -54380,24 +54518,31 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object Security_Endpoint_Exceptions_API_ExceptionListName: + description: The name of the exception list. + example: My exception list type: string Security_Endpoint_Exceptions_API_ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListTags: + description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Endpoint_Exceptions_API_ExceptionListType: + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -54408,6 +54553,7 @@ components: - endpoint_blocklists type: string Security_Endpoint_Exceptions_API_ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Endpoint_Exceptions_API_ExceptionNamespaceType: @@ -55673,11 +55819,14 @@ components: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -55698,13 +55847,16 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' @@ -55723,31 +55875,42 @@ components: - updated_at - updated_by Security_Exceptions_API_ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string Security_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItem: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: @@ -55765,13 +55928,16 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -55794,6 +55960,7 @@ components: comment: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -55801,6 +55968,7 @@ components: id: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -55811,10 +55979,15 @@ components: - created_at - created_by Security_Exceptions_API_ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' type: array Security_Exceptions_API_ExceptionListItemDescription: + description: Describes the exception list. type: string Security_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -55956,22 +56129,40 @@ components: - excluded - included type: string + Security_Exceptions_API_ExceptionListItemExpireTime: + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + format: date-time + type: string Security_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array Security_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: String array containing words and phrases to help categorize exception items. + format: nonempty + minLength: 1 + type: string type: array Security_Exceptions_API_ExceptionListItemType: enum: @@ -55979,16 +56170,21 @@ components: type: string Security_Exceptions_API_ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object Security_Exceptions_API_ExceptionListName: + description: The name of the exception list. + example: My exception list type: string Security_Exceptions_API_ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Exceptions_API_ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array @@ -56018,10 +56214,12 @@ components: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError' type: array Security_Exceptions_API_ExceptionListTags: + description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Exceptions_API_ExceptionListType: + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -56032,6 +56230,7 @@ components: - endpoint_blocklists type: string Security_Exceptions_API_ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Exceptions_API_ExceptionNamespaceType: @@ -56048,6 +56247,7 @@ components: Security_Exceptions_API_FindExceptionListItemsFilter: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_FindExceptionListsFilter: + example: exception-list.attributes.name:%Detection%20List type: string Security_Exceptions_API_ListId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'